Kalleanka 0 Posted February 8, 2013 Lately there has been a few incidents where people accuse others for cheating. Teleporting to them and killing them.Is there any way to see this in the logs? Is there any documentation or anywhere to ask about, how to read the logs cos all if find in them is trash.Found some forum posts where admins refer to setpos.log when it comes to looking for teleporting people but there isnt one created in the log folder so i guess nothing triggered it (setpos.txt is there). Share this post Link to post Share on other sites
maui.arupa@gmail.com 16 Posted February 8, 2013 Doesn't exactly ansqer your question but, I stumbled accross this vid: I assume if you run it in as a background program (if you don't have 2 monitors like in the video) it could help you admnistrate your server.PS: don't abuse your admin power ;) Share this post Link to post Share on other sites
U.G.N - Jedi Panda 1319 Posted February 8, 2013 Lately there has been a few incidents where people accuse others for cheating. Teleporting to them and killing them.Is there any way to see this in the logs? Is there any documentation or anywhere to ask about, how to read the logs cos all if find in them is trash.Found some forum posts where admins refer to setpos.log when it comes to looking for teleporting people but there isnt one created in the log folder so i guess nothing triggered it (setpos.txt is there).Next to impossible to work out teleporting unless you have an hour to spend on each player.addmagazinecargo.log is where you can find people who access the hacked medical//weapon boxes, it will show as a wall of text and will have like 10 entries of every weapon/item in the box...remoteexec.log is a key log, you get non hacker entries in there too tho, but the hacker stuff tends to stand out a lotcreatevehicle.log is where you might find excessive entries for somethings, like if a person puts down 20 tank traps, where did they get these 20 traps from, clearly duping or hacking, etc etcHTH Share this post Link to post Share on other sites
U.G.N - Jedi Panda 1319 Posted February 8, 2013 (edited) If you are going to take the time to workout teleporting from information recorded in your log files, follow this guide, ive colour coded it, BLUE = Important, RED = Ignore.A standard location log entry will look like this in your logs, [64,[4929.6,5582.62,0.001]][64,[4929.6,5582.62,0.001]] <<<---- The blue is the coordinates you're interested in[64,[4929.6,5582.62,0.001]] <<<---- Always take the first 2 digits if a 4 digit number, take first 3 digits if it's a 5 digit numberor another example,[220,[4940.42,12087.4,0.001]] <<<---- Always take the first 2 digits if a 4 digit number, take first 3 digits if it's a 5 digit numberThe first 2 digits of the first coordinate above (49) are the map coordinates, the second coordinate (120) is the game coordinate, you have to minus 152 from this to work out the map coordiate. It is always minus 152 and this never changes regardless of what the coordinate is.49 = 049,120 - 152 = -32 = 032 So map coordinate = 049,032 (accurate to within 100m)After you've worked out one location, you can look at another record of the players location and establish whether or not he could of got to that location legitimately. For e.g. one location might give Otmel, another 20 seconds later might give the NWAF, another 10 seconds later gives Berezino, etc, etc. Edited February 8, 2013 by -Panda 1 Share this post Link to post Share on other sites
Kalleanka 0 Posted February 8, 2013 (edited) -I assume if you run it in as a background program (if you don't have 2 monitors like in the video) it could help you admnistrate your server.PS: don't abuse your admin power ;)Im only a moderator for the server so the only tool i got access to is rcon (dart) and the logs from the game. That tool would be nice to have, so you can monitor some player for a while and see if he have some strange movement pattern. Guess i should ask the owner for more access....standard location entry = [64,[4929.6,5582.62,0.001]]...Yea i spent a while looking at the cords to figure them out, had some -18000ish cords in the logs that messed with me but those where debug field cords (i guess). Later we figured out that the cords in the logs are from bottom left (ingame map are from top left).But where do i find the information about a players cords? All i found are when someone connects and spawns into the server, and this dont help much unless the players logs out between teleportations. Edited February 8, 2013 by Kalleanka Share this post Link to post Share on other sites
U.G.N - Jedi Panda 1319 Posted February 8, 2013 i edditted my post above, slightly ;) Share this post Link to post Share on other sites
Kalleanka 0 Posted February 9, 2013 (edited) Are they the script kiddies or did someone do this to them ?09.02.2013 13:05:55: Player 1 - #0 "SeaGull" 62:7 [10439,1863,23]09.02.2013 13:05:55: Player 1 - #1 "SeaGull" 62:7 [10439,1863,23]09.02.2013 13:07:00: Player 2 - #0 "SeaGull" 61:2 [10439,1863,23]09.02.2013 13:07:00: Player 2 - #1 "SeaGull" 61:2 [10439,1863,23]09.02.2013 13:09:23: Player 3 - #0 "SeaGull" 67:7 [10437,2338,25]09.02.2013 13:09:23: Player 3 - #1 "SeaGull" 67:7 [10437,2338,25]09.02.2013 13:09:32: Player 4 - #0 "SeaGull" 68:7 [10437,2338,25]09.02.2013 13:09:32: Player 4 - #1 "SeaGull" 68:7 [10437,2338,25]09.02.2013 13:09:45: Player 1 - #0 "SeaGull" 66:7 [10437,2338,25]09.02.2013 13:09:45: Player 1 - #1 "SeaGull" 66:7 [10437,2338,25]09.02.2013 13:10:09: Player 5 - #0 "SeaGull" 64:7 [10437,2338,25]09.02.2013 13:10:09: Player 5 - #1 "SeaGull" 64:7 [10437,2338,25]09.02.2013 13:10:22: Player 6 - #0 "SeaGull" 65:7 [10437,2338,25]09.02.2013 13:10:22: Player 6 - #1 "SeaGull" 65:7 [10437,2338,25]Chat/Console log01:05:46] Player 1 has been kicked by BattlEye: CreateVehicle Restriction #101:06:51] Player 2 has been kicked by BattlEye: CreateVehicle Restriction #101:09:14] Player 3 has been kicked by BattlEye: CreateVehicle Restriction #101:09:23] Player 4 has been kicked by BattlEye: CreateVehicle Restriction #101:09:36] Player 1 has been kicked by BattlEye: CreateVehicle Restriction #101:10:00] Player 5 has been kicked by BattlEye: CreateVehicle Restriction #101:10:13] Player 6 has been kicked by BattlEye: CreateVehicle Restriction #1Electro Harbor 104/136Player 1 feels like a clear cheater with the thin that happened in the remoteexec log.Player 2 where at the same cords as Player 1 in the first SeaGull eventElectro Small Residential area 103/131Where player 3, 4, 1, 5 and 6 where transformed all about 10-20 sec apart.In the coming minutes the server got very laggy (with high trafic increase and low fps) and then the remoteexec.log says09.02.2013 13:15:43: Player 1 - #0 "if (isdedicated) then{{isNil _x} count (dayzLogin getVariable 'dayzLogin2');};"09.02.2013 13:15:43: Player 1 - Script Restriction #139 "if (isdedicated) then{{isNil _x} count (dayzLogin getVariable 'dayzLogin2');};"Based on the logs i thought they where transformed to birds and i expected some rage in the chat, but noone said anything pointing to thisLooking again in the logs player 2 and 3 said stuff about beeing killed and them and player 4 also tried to rejoin a few times (makes me think they didnt know what happened). Edited February 9, 2013 by Kalleanka Share this post Link to post Share on other sites
*Exile* Sami 188 Posted February 9, 2013 Are they the script kiddies or did someone do this to them ?09.02.2013 13:05:55: - #0 "SeaGull" 62:7 [10439,1863,23]09.02.2013 13:05:55: - #1 "SeaGull" 62:7 [10439,1863,23]09.02.2013 13:07:00: - #0 "SeaGull" 61:2 [10439,1863,23]09.02.2013 13:07:00: - #1 "SeaGull" 61:2 [10439,1863,23]09.02.2013 13:09:23: - #0 "SeaGull" 67:7 [10437,2338,25]09.02.2013 13:09:23: - #1 "SeaGull" 67:7 [10437,2338,25]09.02.2013 13:09:32: - #0 "SeaGull" 68:7 [10437,2338,25]09.02.2013 13:09:32: - #1 "SeaGull" 68:7 [10437,2338,25]09.02.2013 13:09:45: - #0 "SeaGull" 66:7 [10437,2338,25]09.02.2013 13:09:45: - #1 "SeaGull" 66:7 [10437,2338,25]09.02.2013 13:10:09: - #0 "SeaGull" 64:7 [10437,2338,25]09.02.2013 13:10:09: - #1 "SeaGull" 64:7 [10437,2338,25]09.02.2013 13:10:22: - #0 "SeaGull" 65:7 [10437,2338,25]09.02.2013 13:10:22: - #1 "SeaGull" 65:7 [10437,2338,25]Im pretty sure you can sometimes get that error when people join the server and something goes wrong, ive seen those errors pointing back to me (Im an admin on my own server and have no reason to hack) I would say those are 99% Legit players just having issues connecting. Share this post Link to post Share on other sites
U.G.N - Jedi Panda 1319 Posted February 9, 2013 Yes theyre just players getting desync on connections. Server tries to spawn you as a seagul in debug when you get the desync. Share this post Link to post Share on other sites
Kalleanka 0 Posted February 9, 2013 Im pretty sure you can sometimes get that error when people join the server and something goes wrong, ive seen those errors pointing back to me (Im an admin on my own server and have no reason to hack) I would say those are 99% Legit players just having issues connecting.Modified my post a bit to make it easier to read.Yea seems like legit players can get this to. Server had some lagg later on and the same time another player got SeaGull'ed so might be legit players. I might have been a bit hasty in banning player 2-6, player 1 still looks guilty thou. Share this post Link to post Share on other sites
U.G.N - Jedi Panda 1319 Posted February 9, 2013 No. All those players just have lagg and desync related log entries. Even the ones in remoteexec.log are related to login... Share this post Link to post Share on other sites
Kalleanka 0 Posted February 9, 2013 No. All those players just have lagg and desync related log entries. Even the ones in remoteexec.log are related to login...From what iv read that is when a player gains admin access throu scripting, every single time iv seen this entry there has been clear hacker activity with someone teleportin and messing with the user in some way. Share this post Link to post Share on other sites
U.G.N - Jedi Panda 1319 Posted February 9, 2013 (edited) A hacker gains admin access through scripting? What does he gain, your RCON password?As explained the SR#1 Seagul is client-server desync. Edited February 9, 2013 by -Panda Share this post Link to post Share on other sites
Guest Dwarden Posted February 10, 2013 seagul is kicked because there is bug and the player joins and spawns as seagul, hence you don't him stay in game and autokick him as bonus that forces him to login again ... Share this post Link to post Share on other sites
Kalleanka 0 Posted February 10, 2013 A hacker gains admin access through scripting? What does he gain, your RCON password?As explained the SR#1 Seagul is client-server desync.Yea seagul iv understood is desync problem. But the thing with login script restriction stuff in the remote exec has never happened on the server without there beein a hacker attack. Share this post Link to post Share on other sites
U.G.N - Jedi Panda 1319 Posted February 10, 2013 Yea seagul iv understood is desync problem. But the thing with login script restriction stuff in the remote exec has never happened on the server without there beein a hacker attack.Ok but imho those logs above are login related and are not from hackers. There are more genuine people caught in script restriction logs than there are hackers. Share this post Link to post Share on other sites
