smokey0159 6 Posted June 18, 2013 this letter was from a vilayer server i haveHello michael,We detected a major Arma2 exploit that required immediate attention.The exploit allowed malicious users to gain access to your configuration files such as HiveExt.ini or Battleye Config etc... thus creating a major security issue within the engine.We already had a secure infrastructure that was unique to Vilayer and this hack/exploit out for DayZ would not affect Vilayer servers however recently we have detected a new hack that has been built for both normal running servers and Vilayer servers.This exploit is for all Arma2 servers not just Vilayers Arma2 servers and we are informing Bohemia Interactive about this issue.The exploit works in the following way, On the hack menu in question the users have the option to retrieve Rcon password.This function then scans the Vilayer#MapName#Custom/BattlEye directory for beserver_active_#id#.cfgOf which when this function finds the file in question it's then able to pull the Rcon password which allows them access to your server.This function is able to grab any files and pull variables within the same method thus making is a major security issue. We have also had reports from customers and other users within the Arma2 community that certain people using this hack are stating that you need to USE THERE ANTIHACK to prevent this from happening, then they are charging for their antihack product which really prevents nothing.So once and for all we have developed a system that should prevent all of this from happening full stop.Everytime your server starts a new randomized directory is created, you will notice this happens automatically on your service and you do not need to apply anything for these changes to be made.This prevents the malicious users from accessing your configuration files because the directory of which your configuration files are located is randomised and is changed every time your server restarts.This will stop the hack/exploit method as they can-not scan your configuration files and should stop the exploit.As always we do our very best to keep your services secure however this update may have created a rare issue within your installation of DayZPackage.The issue occurred when your files were in use when the update was released and an error on our side caused corruption within your directory structure. The good thing is only small number of services were affected by this issue and an immediate fix was released preventing it from happening to anyone else.IF YOU SERVER HAS BEEN AFFECTED BY THIS ISSUE, WE ALREADY KNOW ABOUT IT AND YOU WILL BE NOTIFIED BY OUR SUPPORT DEPARTMENT PROMPTLY. ALL USERS AFFECTED WILL BE OFFERED TWO FREE WEEK OR AN ADDITIONAL UPGRADE OF SERVICE.We are extremely sorry for and inconvenience this may have caused and will do our very best to restore services asap.-------------------------------------------------------------------------------------We do suggest making an immediate password change of both your database users and your rcon password just in case users using this hack have saved your details.To make the changes please perform the following tasks.CHANGING DATABASE PASSWORDSStep 1. LOGIN TO ACPStep 2. GOTO YOUR SERVICEStep 3. PRESS CHANGE DATABASE PASSWORDSStep 4. EDIT PASSWORDS ONLY TO YOUR PREFERENCEStep 5. PRESS EXECUTE ON THE TOP LEFT AND WAIT FOR PROCESS TO FINISH.CHANGING RCON PASSWORDSStep 1. LOGIN TO ACPStep 2. GOTO YOUR SERVICEStep 3. PRESS RESET RCON PASSWORDStep 4. EDIT RCON PASSWORD TO YOUR PREFERENCEStep 5. PRESS EXECUTE ON THE TOP LEFT AND WAIT FOR PROCESS TO FINISH.Once you have performed both tasks you should be safe from this exploit.-------------------------------------------------------------------------------------If you have any questions please open a support ticket or contact us via normal methods of support. Share this post Link to post Share on other sites
PK Richie 507 Posted June 18, 2013 This isn't new unfortunately :( It was used to attack dayz.st servers many months back, they have now fixed it.Vilayer should really of patched this BEFORE it was being used to attack their customers. Share this post Link to post Share on other sites
ebay 34 Posted June 18, 2013 (edited) . Edited January 1, 2019 by ebay Share this post Link to post Share on other sites
smokey0159 6 Posted June 18, 2013 this isnt the same ones from month ago this is a new script they have not the old a new one vilayer sorted thers out last time way before days.st did as im with both server providers and remember when dayz.st got hit like they do all the time this is a total new system that is happening to all server providers Share this post Link to post Share on other sites
