setpos.log entry (not sure if a hack or normal)

[haywardgb 129]

Keep getting this type of entry in my setpos.log file and was wondering if it's a hack or just normal, say due to players logging out in a vehicle or something.. Thanks

 

24.09.2013 07:57:09: playername (ipaddressremoved:10044) REMOVED-GUID - #0 2:41 V3S_Civ [11013,7840,259]

Edited September 25, 2013 by urbanskaters

[facoptere 180]

I think that it's a hack.

[haywardgb 129]

One player listed has been a regular for months, never seen anything dodgy in the logs from them.  He claimed that he was in a vehicle when his connection dropped, then he logged back in and the vehicle was way off in the distance.  I'm usually pretty good at sniffing out the bullshitters, it'll be a real shame if he's been hacking.  Can I get others to comment on this? Don't want to ban people for a false positive :)

[-Se7eN- 874]

im not sure, ive seen that a few times and the players have seemed legit to me.

[OfficerRaymond 2064]

I think that it's a hack.

It isn't.

 

@OP, it's a normal log that (I'm pretty sure) occasionally logs the locations of vehicles on the map. Usually if you see one of your regulars doing something, than it isn't a hack (not always). So no, this log file is not a hack, and I can tell you that with 100% certainty, as I have seen these exact type of codes logged before when I used to read server logs. 

 

(EDIT): If something is regularly showing up in your server logs, then 9 times out of 10 it isn't going to be a hack. But that doesn't mean you shouldn't investigate, check for suspicious things happening, even spectate the player that was listed (which is IMO the best way to get to the bottom of it).

Edited September 25, 2013 by OfficerRaymond

[haywardgb 129]

Can't spectate players on official servers.  I used to on my private server and it helped me catch loads of hackers in the act.  But You know how people cry admin abuse (even if the admin doesn't get involved in pvp etc).. Thanks for the confirmation though , appreciate. Thanks to everyone else for replying too. :)

[facoptere 180]

It's a hack. Setpos event occurs when the gameclient did a setpos for a vehicle (in your case). Is there a setpos (or setposATL, or setposASL) in dayzmod code for vehicles? I don't think so.

Players are kicked for setpos on objects, except zombies. I have been told there could be a setpos when changing skin (I have to check that too), but not for vehicles.

I checked my logs on one of my servers, I had 3 setpos for vehicles in last 30 days, so it's definitely not something you find regularly.

Your player has been kicked, and setpos has been blocked before it reached the gameserver.

About banning or not, it's up to you. I think you should tag your player a suspicious and find other clues before ban (ESP and infinite ammo do much more harm than a setpos attempt)

[haywardgb 129]

The players are not getting kicked. Both times I've been able to speak with the players concerned they've insisted that they were in a vehicle and lost connection.  This is the main problem with DayZ , lots of guess work, trial and error.  When getting an answer from the devs (the people who build this thing) would probably save admins like me (and you maybe) days of searching and guess work.  I see some really important questions going unannswered on these threads, but the minute someone asks "how many animals spawn in the new update" they'll get an answer within minutes and usually from a dev. 

 

Come on devs, I respect your hard work and I know what it's like to be doing something like this for free (i'm a developer for a different project), but at least try to answer some of these questions. Maybe throw up some FAQ's on what the most common BE entries are, how to configure your cfg's properly etc.. Not a dig , just a polite request from someone who appreciates your work but doesnt want to spend all HIS time pissing around with issues when he could be playing the dam thing himself :p

[nik21 287]

Erm... if the entry is a #0, the player definately should've been kicked since the first line of the official setPos filter (assuming you're using that) is a 5.

[OfficerRaymond 2064]

It's a hack. Setpos event occurs when the gameclient did a setpos for a vehicle (in your case). Is there a setpos (or setposATL, or setposASL) in dayzmod code for vehicles? I don't think so.

Players are kicked for setpos on objects, except zombies. I have been told there could be a setpos when changing skin (I have to check that too), but not for vehicles.

I checked my logs on one of my servers, I had 3 setpos for vehicles in last 30 days, so it's definitely not something you find regularly.

Your player has been kicked, and setpos has been blocked before it reached the gameserver.

About banning or not, it's up to you. I think you should tag your player a suspicious and find other clues before ban (ESP and infinite ammo do much more harm than a setpos attempt)

It's most definitely not a hack, and there is most definitely a setpos code for vehicles, and they occasionally appear in logs. It used to appear all the time in my server, and nothing weird EVER happened. Just because it doesn't log in your server that often, does not mean that it's a hack.

[facoptere 180]

It's most definitely not a hack, and there is most definitely a setpos code for vehicles, and they occasionally appear in logs. It used to appear all the time in my server, and nothing weird EVER happened. Just because it doesn't log in your server that often, does not mean that it's a hack.

and just because it does log on your server regularly, does not mean it's not a hack...

[OfficerRaymond 2064]

and just because it does log on your server regularly, does not mean it's not a hack...

Mmkay, lemme drop a little knowledge... I have spent countless hours, night and day, reading server logs. I don't know everything that is a hack, it's impossible for anyone to know every single line of code. But I know for a dead certain FACT that this line of code is NOT A HACK. How? Because this is the code that is logged when a player logs out inside a vehicle, and because this line of code does not correlate with any known hack.

 

If you're gonna kick every suspicious line of code that is logged in your files because you don't know what you're reading, then you're never gonna have any players.

[haywardgb 129]

Mmkay, lemme drop a little knowledge... I have spent countless hours, night and day, reading server logs. I don't know everything that is a hack, it's impossible for anyone to know every single line of code. But I know for a dead certain FACT that this line of code is NOT A HACK. How? Because this is the code that is logged when a player logs out inside a vehicle, and because this line of code does not correlate with any known hack.

 

If you're gonna kick every suspicious line of code that is logged in your files because you don't know what you're reading, then you're never gonna have any players.

 

I agree with you on the log entry, that's why I had to get a second opinion.  The player definitely wasn't getting kicked.  This always happens when a player logs out in a vehicle from what they tell me , these are good players who play fair and have given me no cause for suspicion in the past.  So I'm settling with OfficerRaymonds input.  Thanks to everyone else too, I appreciate people trying to help me understand these entries better.

 

OfficerRaymond, you ever thought about writing a short FAQ on what to look for in the logs and how to spot suspicious activity etc. There are no decent tutorials and you seem to know what you're talking about :)

[OfficerRaymond 2064]

I agree with you on the log entry, that's why I had to get a second opinion.  The player definitely wasn't getting kicked.  This always happens when a player logs out in a vehicle from what they tell me , these are good players who play fair and have given me no cause for suspicion in the past.  So I'm settling with OfficerRaymonds input.  Thanks to everyone else too, I appreciate people trying to help me understand these entries better.

 

OfficerRaymond, you ever thought about writing a short FAQ on what to look for in the logs and how to spot suspicious activity etc. There are no decent tutorials and you seem to know what you're talking about :)

I have thought about it before, but I'm afraid I just don't have that kind of time or the resources to do it anymore. I no longer have access to my own logs, and even if I did it'd take hours upon hours to write a useful guide... and even then it wouldn't be all that useful, because there isn't any full list of what certain codes are. I can usually spot strange or abnormal lines of text, but the normal ones are just so confusing and weird. The only real experience I have had is probably a combined total of 30+ hours reading logs.

 

The thing about reading DayZ server logs, is that it's very hard to teach people how to read because there are a million codes out there. The main thing I suggest when someone asks me, is to start actively looking at your logs. Get used to seeing certain things. If you really see something strange, use google, the single most powerful tool the internet has TBH. In your case, not being able to teleport and spectate is a HUGE hindrance. When I saw something strange, I always had the ability to investigate, and I did. I think that was a huge part of me being able to understand how to read server logs.

 

If you ever come into something strange or abnormal in your logs, feel free to drop me a PM and I'll try my best to give my input as to what it is. :D

Edited September 26, 2013 by OfficerRaymond