Jump to content
DayZ Forums

Forums Announcement

Read-Only Mode for Announcements & Changelogs

Dear Survivors, we'd like to inform you that this forum will transition to read-only mode. From now on, it will serve exclusively as a platform for official announcements and changelogs.

For all community discussions, debates, and engagement, we encourage you to join us on our social media platforms: Discord, Twitter/X, Facebook.

Thank you for being a valued part of our community. We look forward to connecting with you on our other channels!

Stay safe out there,
Your DayZ Team

permaphrost

Help me search my logs for hackers

By permaphrost, in Mod Servers & Private Hives

Recommended Posts

permaphrost    12

permaphrost
Posted

How do I do it? What am I looking for? I kinda looked through earlier and found a guy in the script log who wasn't in the rpt.

What does this mean if I find it in the scripts log next to a players name "#49 private ["_dummy"]; _dummy = [_this,"onload"] execVM "\Scripts\ammo.sqf";"

Also, is it okay to instaban for finding people in the rpt who log in with weapons which aren't in the mod?

I found two guys. One had an M4A1_HWS_GL_SD_Camo which isn't in the mod, and another guy with a MakarovSD which also isn't in the mod.

Also, I know it's bad, but when I see people who have a pretty much full kit, you know, the works: Nvgs, the as50, SD weapons and ammo, lots of it, and then the rangefinders with every utility item, I immediately suspect hacker.

But is it okay to ban for out-of-mod weapons?

And what's the rule on if you notice people login/logout repeatedly in a short time? Is it okay to ban for that?

I'm really just curious as to what I should be looking for in the logs to see if anyone is hacking in their player positions, weapons, ammo, vehicles... you know, whatever.

Share this post

Link to post
Share on other sites

Guest   

Guest
Posted

Hey Permaphrost,

I didn't read your whole post, but let me help you with this part:


"#49 private ["_dummy"]; _dummy = [_this,"onload"] execVM "\Scripts\ammo.sqf";"

  • ammo.sqf is a script that spawns an ammo box (treasure chest) full of whatever it is the hacker wants near them for them to loot. It's a malicious script that is not normally able to be run in DayZ.
  • The whole _dummy thing is part of a piece of code that is very common for hackers to exploit; the shift+p admin menu. When you hold right shift+p in-game, a script is run to open the menu for you; these hackers use Cheat Engine and BattlEye bypasses in order to, instead of load the script the game is supposed to, load their own evil scripts, in this case ammo.sqf, which spawns a bunch of hacked goodies.

So, yes, that is a clear sign of a hacker; a stupid and inexperienced one at that, because this method has been public for a month now, and often autobans the user.

Share this post

Link to post
Share on other sites

permaphrost    12

permaphrost
Posted (edited)

Okay. And what about that same code that instead uses

#49 private ["_dummy"]; _dummy = [_this,"onload"] execVM "\ca\ui\scripts\dedicatedServerInterface.sqf";

instead of ammo.sqf

I know that that is also a way to hack.. but what if they were just opening that up without hacks. would it still show up in the logs? Can I ban for that because of the #49 next to it?

Because I show up in the logs as using that script as well, and the #49 is next to my name too, but I'm actually the admin of the server logging in.

Also, there's a bunch of stuff like this in the logs as well:

(Guid) #30 g",

(Guid) #31 "

(Guid) #36

(Guid) #36 CfgWeapons" >> _x);

#36 "Die";

What is this stuff?

Edited by Permaphrost

Share this post

Link to post
Share on other sites

Guest   

Guest
Posted

Okay. And what about that same code that instead uses

#49 private ["_dummy"]; _dummy = [_this,"onload"] execVM "\ca\ui\scripts\dedicatedServerInterface.sqf";

instead of ammo.sqf

I know that that is also a way to hack.. but what if they were just opening that up without hacks. would it still show up in the logs? Can I ban for that because of the #49 next to it?

Because I show up in the logs as using that script as well, and the #49 is next to my name too, but I'm actually the admin of the server logging in.

Also, there's a bunch of stuff like this in the logs as well:

(Guid) #30 g",

(Guid) #31 "

(Guid) #36

(Guid) #36 CfgWeapons" >> _x);

#36 "Die";

What is this stuff?

["_dummy"]; _dummy = [_this,"onload"] execVM "\ca\ui\scripts\dedicatedServerInterface.sqf";

That's actually the legit script that is meant to be running, not a hack. You have to realize that a lot of this mod's primary functions are scripts that are run server side, so it doesn't always mean HACKER. The other stuff you have in your post is nothing but feedback from the server.

Share this post

Link to post
Share on other sites

permaphrost    12

permaphrost
Posted

["_dummy"]; _dummy = [_this,"onload"] execVM "\ca\ui\scripts\dedicatedServerInterface.sqf";

That's actually the legit script that is meant to be running, not a hack. You have to realize that a lot of this mod's primary functions are scripts that are run server side, so it doesn't always mean HACKER. The other stuff you have in your post is nothing but feedback from the server.

Okay, but I can ban for that ammo.sqf script right? And how about those illegal weapons I found people logging in with in the rpt file?

Share this post

Link to post
Share on other sites

Guest   

Guest
Posted

Okay, but I can ban for that ammo.sqf script right? And how about those illegal weapons I found people logging in with in the rpt file?

Yup!

Share this post

Link to post
Share on other sites

mrsherenai    64

mrsherenai
Posted

I actualy ban for ["_dummy"]; _dummy = [_this,"onload"] execVM "\ca\ui\scripts\dedicatedServerInterface.sqf"; too as replacing the legit script that is called here by a modified one is a very common practice.

Share this post

Link to post
Share on other sites

SupaFly1983    52

SupaFly1983
Posted

On the note of banning people for having "the whole kit" as you put it, this is a bit of a touchy subject. What if that said person was a good bandit and collected a whole kit from killing multiple people? You can't make the assumption they are a cheat without proof. Having said all that, things like ammo.sqf are definately hax.

On the SQF topic, I would recommend you learn how it works and what it is. That way you will be able to find hacks more easily in yor logs.

It is also really cool to use in conjunction with the mission editor in ArmA 2 to make awesome battle scenes and trigger unique events

Share this post

Link to post
Share on other sites
Go To Topic Listing Mod Servers & Private Hives
×