Hacker Prevention - A Rather Simple Solution

[person915 345]

This is a suggestion thread because it is a suggestion to a problem. It is not about private hives but about all servers, and is just as much a suggestion as "rocket, put lazer cannons in the game!". Teeheehee.

I'm quite sure that all of us here have some opinion of hackers. Whatever that opinion may be - is irrelevant.

As you are all quite aware, it is fairly easy for any hacker to come into a server, whether BattlEye protected or not, wreak havoc, and leave, pretty much unharmed and not at all scared they might be caught afterward for this particular offense.

So I thought of a solution to a few problems we have here.

NUMBER ONE: WHERE ARE THE ADMINS?

In servers where these hacks have been going on, you always seem to find one thing- actually, a lack of one thing- admins and moderators. When said users are online, these things don't seem to happen. So how do we substitute for the time they aren't on the server themselves?

GET A DAMN "CONTACT ADMIN" BUTTON THAT PEOPLE CAN PRESS IF THE SERVER IS ATTACKED!

I suggest doing this by having the button available client-side so that the hacker can't hack the server and remove the button. The client then connects to the place where it contacts whoever the button is connected to, and it alerts them. Of course, the button should have some options you click, like why you are contacting the admin, how urgent the emergency is, ect ect, so the admin knows what they're dealing with before they get in.

NUMBER TWO: WHO'S HACKING? I CAN"T SEE THEIR NAME!

ArmA makes it easy to be able to change your name at will, without any hassle at all. While a nice feature, this makes usernames absolutely worthless in identifying players who hack and punishing accordingly.

So what can we do?

First off, names need to be like sex. They cannot be changed in-game until you respawn. Secondly, we need a base username to log into, which can also be displayed in-game, so that we have an unchanging way of identifying players, so that when we do find out who is hacking, we can follow them.

Once we have this down, it opens up for something else.

In many, many, many, many games, there is a simple feature that has provided tons of solutions to these problems. May I present to you, the "Report" button. This button, once pressed, would simply ask you to include a reason for reporting this player, whether it be offensive language, racism, hacking, glitching, ect. It would then send a report to not only the server admin, but BE too, so they can look out. The admin can now follow this player and be aware of potential dangers, and submit their own report if they believe something is wrong. After a few reports for the same offense, BE can then take the threat seriously and investigate themselves. An action can be taken. A conflict can be resolved.

SOME THINGS YOU NEED TO KNOW BEFORE REPLYING-

-Trolls will be ignored.

-Flame posts/wars are not tolerated.

-This thread is for further developing on this idea, NOT discussing what to do about hacking in general, feeling about hacking, or any off-topic crap.

-Any off-topic posts will be ignored.

-Posts without following basic punctuation and grammar will be ignored. Not worth time decoding.

-This thread has the intention these features will be implemented in the soon-to-be-released DayZ standalone, not the current mod. Think about what this means and how it relates to your post.

Edited January 27, 2013 by Neko-san

[burritoman259 593]

I'm all for this beans for you.

[Dreygar (DayZ) 178]

Honestly, Bohemia should be hosting all servers in the Standalone like how typical MMO's run their games. No more player hosting/editing/etc. Servers should be "worlds" ... each world is separate and you can't just character hop between them. Only one character per world and that character is fixed to that world.

It's really the only solution to a standalone game... Otherwise, I don't see the point.

[sasrecon 133]

I'm an admin on a relatively populated private-hive myself and over 50% of the pokes I get about hackers are false-alarms, this is one problem with the system you're suggesting, I guess it'll be even worse on a full to-the-brim public server :P

First off, names need to be like sex. They cannot be changed in-game until you respawn. Secondly, we need a base username to log into, which can also be displayed in-game, so that we have an unchanging way of identifying players, so that when we do find out who is hacking, we can follow them.

What about transgenders? :o

Jk, there's already something like this, GUIDs make things easier for admins although it can sometimes be difficult to transition between admin monitoring-tools and kick/ban tools because afaik most monitoring-tools don't display GUIDs?

Edited January 27, 2013 by R3con

[TheDesigner 1197]

Being an admin of a server that is frequently hacked, I can tell you've never been an admin, no offence. There's not a button that you press and it magically bans the hacker. 60% of it is either luck or guessing.

Knowing someone's name means nothing, their GUID will stay the same, that's all that matters.

If you play on a good server, the contact admin button already exists. It's called Teamspeak. I don't know how you expect this "contact admin" button to work, because every troll who comes on a server will be pushing it like its his job.

The best admins are the ones who you don't even know are their.

[Charb 298]

Anything that seems unusual is automatically a hacker.

IS THERE AN ADMIN ONLINE ?! THE WORLD IS ON FIRE !!! THERE IS A HACKER ON YOUR SERVER !!!

Helicopter mysteriously runs out of fuel while landed? HACKER !

Get Shot when no one is around? HACKER !

Break your legs doing nothing? well.. kinda hard to say because of all the wierd glitches... could be the game... lets just go with HACKER !

[hogscraper 328]

I thought you could use a battleeye command to see everyone's guid. Isn't that constant regardless of what name they are using? People in a lot of games press the report button every time they get killed. If you're asking Bohemia to pay for someone to receive these reports, investigate then act on them you have to justify the expense since it won't be relevant when SA is released. I was close to quitting this game because of hackers but ended up finding a couple of private servers that have active admins. All servers may have someone paying for them, but to act like doing so should put that person at your beck and call is doesn't work. Since rolling back servers or giving loot away is against the rules, it still only limits their ability to being able to mitigate further damage by making sure that person can't come back. I've run servers for CSS, BO1 and a few other games, and my ability to get into game or console to deal with someone in a timely fashion is limited to a few hours a day. I can't do it while I'm at work or out with my family and won't do it while I'm sleeping. I would agree that people being at least more active in patrolling their servers would go a long way towards helping control hacking, but everything I've heard comes back to them saying that hacking will become a non-issue once SA goes live.

[person915 345]

Anything that seems unusual is automatically a hacker.

IS THERE AN ADMIN ONLINE ?! THE WORLD IS ON FIRE !!! THERE IS A HACKER ON YOUR SERVER !!!

Helicopter mysteriously runs out of fuel while landed? HACKER !

Get Shot when no one is around? HACKER !

Break your legs doing nothing? well.. kinda hard to say because of all the wierd glitches... could be the game... lets just go with HACKER !

Hm, how about setting a waypoint teleports you to that location? A banner pops up on the bottom of your screen like a news broadcast, the channel AAC, the headline ALL HAIL THE HONORABLE RUSTLER!, the scrolling text "This server sucks cock!" in various colors, as you watch a man in a hatchback phase through your parked Ural and goes over 200MPH down the street, while you see a GPS pop up over the news banner, apparently a guy named stranger talking about an operation?

Oh, no, this is just another DayZ glitch. It's fine everyone.

Wait, we all just died for no reason? Another glitch. What, it was a nuke you say? Oh, that happens. Nothing to worry about....

I'm not an idiot. I don't think those things are hackers and don't assume I do.

Edited January 27, 2013 by Neko-san

[person915 345]

Being an admin of a server that is frequently hacked, I can tell you've never been an admin, no offence. There's not a button that you press and it magically bans the hacker. 60% of it is either luck or guessing.

Knowing someone's name means nothing, their GUID will stay the same, that's all that matters.

If you play on a good server, the contact admin button already exists. It's called Teamspeak. I don't know how you expect this "contact admin" button to work, because every troll who comes on a server will be pushing it like its his job.

The best admins are the ones who you don't even know are their.

That's an issue though. Not everyone is responsible. Running a server is hard. This makes it easier. Easier to be responsible. Also, the people have to be on TS. I say that as long as the server is running, the admins have to be connected to the contact program. Even so, you can just report it and save it for later. There are a lot of opportunities to be able to report someone, but not being able to see their GUID, the only thing you could tell battleye is that there was a hacker on this server at this time that did this that you don't know the name of, and they can't really do anything.

I do support SA only having official servers as that way people don't abuse power, and that way they can assign people that will run the server correctly, or have a team dedicated to this kind of thing.

Edited January 27, 2013 by Neko-san

[person915 345]

I thought you could use a battleeye command to see everyone's guid. Isn't that constant regardless of what name they are using? People in a lot of games press the report button every time they get killed. If you're asking Bohemia to pay for someone to receive these reports, investigate then act on them you have to justify the expense since it won't be relevant when SA is released. I was close to quitting this game because of hackers but ended up finding a couple of private servers that have active admins. All servers may have someone paying for them, but to act like doing so should put that person at your beck and call is doesn't work. Since rolling back servers or giving loot away is against the rules, it still only limits their ability to being able to mitigate further damage by making sure that person can't come back. I've run servers for CSS, BO1 and a few other games, and my ability to get into game or console to deal with someone in a timely fashion is limited to a few hours a day. I can't do it while I'm at work or out with my family and won't do it while I'm sleeping. I would agree that people being at least more active in patrolling their servers would go a long way towards helping control hacking, but everything I've heard comes back to them saying that hacking will become a non-issue once SA goes live.

You can use a command to see your own GUID, no one else's, probably for security reasons. And the reason you say you won't do it while your sleeping, ect, is why rocket & co. needs to hire their own guys, or get some volunteers. Also, people do report every time they get killed but that doesn't matter. Because first off, BE would keep track of your reports, in which an excessive number of reports for the same reason with no real backup would be fiercely ignored and you would be prevented from sending further reports in. Also, the system would not be automated. After a certain number of reports there would be an investigation and warning, and effective system possible to mark the player, letting others know they have been identified as a possible troublemaker, hacker, ect. Admins would be able to keep track on their own time. Still, protection for the most popular hours (when everyone's awake) of a server's runtime is better than no protection ever at all.

About the expense of BattlEye that I forgot to answer. You could have either rocket's people get the reports and administer punishment, since BattlEye is for ArmA, not DayZ, and when DayZ goes into it's own game I don't really think they can still use it, which is what you are saying. They can make their own banning system and all that, and hacker detection, if they choose, or use their own BE equivalent.

Edited January 27, 2013 by Neko-san

[icomrade 201]

It's funny how you mention having a contact button, which would be unnecessary since most server have continuous messages with contact info. Even though you think having this button client side makes it impossible for people to turn off is wrong, hackers can easily turn off buttons such as Abort, respawn, you name it. Just because something is client side does not make it impossible to be changed, due to the way the server allows players execute scripts (intended and unintended scripts).

GUID: is the way of identifying players, it cannot be changed and is unique to the player's key. I'm sure you know this, having users log in with an external account is useless.

Report button would be useless since BE bans off of external programs only, user input (which can be influenced by emotions) is mostly disregarded. However, existing ban lists such as the DayZ community ban list solves this problem, only reports with actual evidence are added to the ban list. https://code.google.com/p/dayz-community-banlist/

[person915 345]

I'm an admin on a relatively populated private-hive myself and over 50% of the pokes I get about hackers are false-alarms, this is one problem with the system you're suggesting, I guess it'll be even worse on a full to-the-brim public server :P

What about transgenders? :o

Jk, there's already something like this, GUIDs make things easier for admins although it can sometimes be difficult to transition between admin monitoring-tools and kick/ban tools because afaik most monitoring-tools don't display GUIDs?

You mean 3rd party tools and all that? We should not need them. Anyway, I do not realize DayZ will need its own way of detecting hackers and all that, so GUIDs will most likely be extinct, entering a new way of identification for that software.

[person915 345]

It's funny how you mention having a contact button, which would be unnecessary since most server have continuous messages with contact info. Even though you think having this button client side makes it impossible for people to turn off is wrong, hackers can easily turn off buttons such as Abort, respawn, you name it. Just because something is client side does not make it impossible to be changed, due to the way the server allows players execute scripts (intended and unintended scripts).

GUID: is the way of identifying players, it cannot be changed and is unique to the player's key. I'm sure you know this, having users log in with an external account is useless.

Report button would be useless since BE bans off of external programs only, user input (which can be influenced by emotions) is mostly disregarded. However, existing ban lists such as the DayZ community ban list solves this problem, only reports with actual evidence are added to the ban list. https://code.google....munity-banlist/

MOST servers have contact info. MOST of them. Actually, A FEW of them. I've been around a TON of servers finding ones I like to play on; very few had contact info. So what do you do? MAKE THEM PUT CONTACT INFO IN! You cannot just assume people will be responsible. Hey, some people don't think to put it in there. You have to help them, atleast. And if you are right about turning off buttons and all that, then there's the argument that rocket and his team are redesigning the server architecture, so in the standalone the engine may not allow something like this to happen. If it does, then there is still, again, the argument that atleast we have a system in place so that when it is able to work it does, instead of dodgy emails, TS servers and all that. We need something, and it may not be perfect...

BUT WE DON'T HAVE ANYTHING NOW. And as long as there is no official announcement about how the SA will deal with reporting/dealing with hackers and offensive players, this is what I'm giving them. It's worked for tons of games before, and there's a reason for it. the dev team is full of good people that will make sure this is done with benefit for everyone and doesn't rob them of money or anything. They do work right.

And all the BattlEye stuff is pretty irrelevant now, since it's been pointed out that BE will not work in the Standalone because it's for ArmA. Atleast that is my assumption, otherwise how could it know to ban someone from all "ArmA" servers, if it was not specifically designed?

Edited January 27, 2013 by Neko-san

[icomrade 201]

That's an issue though. Not everyone is responsible. Running a server is hard. This makes it easier. Easier to be responsible. Also, the people have to be on TS. I say that as long as the server is running, the admins have to be connected to the contact program. Even so, you can just report it and save it for later. There are a lot of opportunities to be able to report someone, but not being able to see their GUID, the only thing you could tell battleye is that there was a hacker on this server at this time that did this that you don't know the name of, and they can't really do anything.

I do support SA only having official servers as that way people don't abuse power, and that way they can assign people that will run the server correctly, or have a team dedicated to this kind of thing.

Ah I forgot to mention that BEC has a TS3 extension that pokes you everytime someone gets kicked, haven't used it. There's really no need for it if admins are as attentive as they should be.

Like I said, BE does not care about user reports, you must contact the admin to evaluate logs or you must capture a video yourself. Getting a player's GUID is not a problem if you know the player's name and date.

I have also never seen a server without any reference of how to contact the owner, all server are usually given unique names or IDs, host names are also in the URL. You can just as easily contact the hosting provider as the server admin.

BE can work on any engine as long as you get a contract with them to develop it for your game, it was the anticheat in stalker as well.

P.S. there are over 3k bans (including the community BL) in my banlist, obviously if all admins are given the same tools and most of them don't catch the same amount of cheaters as I do then it is not BE's fault, it is the server admin.

Edited January 27, 2013 by icomrade

[person915 345]

Ah I forgot to mention that BEC has a TS3 extension that pokes you everytime someone gets kicked, haven't used it. There's really no need for it if admins are as attentive as they should be.

Like I said, BE does not care about user reports, you must contact the admin to evaluate logs or you must capture a video yourself. Getting a player's GUID is not a problem if you know the player's name and date.

I think I edited the post after you replied to it, before I saw this one. BE can't be used for the standalone, I don't think, so anything reguarding it is pretty much irrelevant.

Anyway, if it isn't we can always make a software that gets around this disadvantage, the user side of it. Easy solution, a little work to get there, but a lot of reward afterward.

[Dancing.Russian.Man 1631]

NUMBER TWO: WHO'S HACKING? I CAN"T SEE THEIR NAME!

ArmA makes it easy to be able to change your name at will, without any hassle at all. While a nice feature, this makes usernames absolutely worthless in identifying players who hack and punishing accordingly.

So what can we do?

First off, names need to be like sex. They cannot be changed in-game until you respawn. Secondly, we need a base username to log into, which can also be displayed in-game, so that we have an unchanging way of identifying players, so that when we do find out who is hacking, we can follow them.

Here's a couple facts;

- You can't change your name in-game at all. Not without a script, which is already hacking. You have to disconnect from the server, and edit/create profile to change your name.

- The "unchanging way of identifying players" is already there in the form of a GUID. Although this can apparently be spoofed from other people, it's there. (And BattlEye will still know your real GUID.)

[TheDesigner 1197]

That's an issue though. Not everyone is responsible. Running a server is hard. This makes it easier. Easier to be responsible. Also, the people have to be on TS. I say that as long as the server is running, the admins have to be connected to the contact program. Even so, you can just report it and save it for later. There are a lot of opportunities to be able to report someone, but not being able to see their GUID, the only thing you could tell battleye is that there was a hacker on this server at this time that did this that you don't know the name of, and they can't really do anything.

I do support SA only having official servers as that way people don't abuse power, and that way they can assign people that will run the server correctly, or have a team dedicated to this kind of thing.

If you want me to always be available while the server is up, then someone better start paying me. If you really think someone is a hacker and you really want help, getting on teamspeak will be the least of your worries. The "contact admin" button won't change a thing about the poorly administrated servers. All it will be is a "I'm lazy" button or "I'm a troll" button. Admins are literally always on the Teamspeak of the server I administrate and we really don't need 80 people a day accusing someone who just wrecked them in a fair fight of hacking.

Edited January 27, 2013 by TheDesigner

[person915 345]

Here's a couple facts;

- You can't change your name in-game at all. Not without a script, which is already hacking. You have to disconnect from the server, and edit/create profile to change your name.

Is what I meant.

[person915 345]

If you want me to always be available while the server is up, then someone better start paying me. If you really think someone is a hacker and you really want help, getting on teamspeak will be the least of your worries. The "contact admin" button won't change a thing about the poorly administrated servers. All it will be is a "I'm lazy" button or "I'm a troll" button. Admins are literally always on the Teamspeak of the server I administrate and we really don't need 80 people a day accusing someone who just wrecked them in a fair fight of hacking.

Then what the hell should we do? Because obviously what we have now... is not working.

[St. Jimmy 1631]

IRC, TS3 etc. are good ways to contact admins. Every good server have their own IRC channel where you can try to contact admin. I'm not bashing the idea because it sounds good if it's well implemented but I'm saying that there are some workarounds already.

[SmashT 10907]

Then what the hell should we do? Because obviously what we have now... is not working.

The biggest issue is the fact that CD Keys are stored in the registry, resulting in a massive amount of key theft and cheaters not caring about being banned since they can just buy another 10 stolen keys for a few dollars. That really can't be fixed until standalone though.

I like the idea of linking servers to an admin/owner and giving players a method of contacting them if need be, I'm not sure how I feel about having a report button that gets sent to admins though and I can imagine them just getting flooded with messages all the time if such a system were implemented.

Forcing a server to have admins online is kind of ridiculous, as Designer said, you would pretty much have to pay them if you want that kind of service.

I've seen a lot of games that have an in-game report button that gets sent to the devs or Valve, how effective those systems are though is debatable, they even say "VAC does not ban based on reports. Such data is only used for tracking and statistics purposes." so I'm not really sure what the point is.

Edited January 30, 2013 by smasht_AU

[hogscraper 328]

You can use a command to see your own GUID, no one else's, probably for security reasons.

About the expense of BattlEye that I forgot to answer. You could have either rocket's people get the reports and administer punishment, since BattlEye is for ArmA, not DayZ, and when DayZ goes into it's own game I don't really think they can still use it, which is what you are saying. They can make their own banning system and all that, and hacker detection, if they choose, or use their own BE equivalent.

BE is third party and can be used in any game that the devs want to license for.

Also, go into direct chat,

#beclient players

that shows everyone's guid that is currently playing on a server.

Its also not a security risk as your guid cannot be reverse hacked to find your cd key unless they also have the hash originally used to derive it.

[liquidmind 320]

I'd personally say, we should wait how "make all decisions serverside and use steam anticheat" work out, before we make suggestions on how to improve it.

But I think the most valuable way would be using the unique id that is planned to allow individual users a trusted status on a server, allowing them access to features provided by the server owner. But most of all things, a unique ID is required to identify paid licenses. This would allow admins to add a note to players who are suspected of cheating, but he cannot proove, and recognize them when they return with a changed name.

It could be that players identify with ID:name, but only the name is shown to players and admins, while all restrictions apply to the ID.

But I bet rocket thought about that more than all of us together :-)

[Lady Kyrah 1110]

Sorry but to me, the admin's job is not to babysit the gameplay, we need technical solutions, not "throw more (free) man hours at it", on a stable game, the server admin should be able to do his job in peace, which is purely a maintenance job.

We just need to wait for the SA to lock down what clients can do, it should greatly improve the situation.

[ibux (DayZ) 22]

Dayz sa will require steam to play i think. So if some one hacks the server they get banned from steam and problem is solved?