Guys, I need some help with this line in the serverlogs

[brezmans 31]

Hi guys,

my clan is running a DayZ server and today I downloaded our 2 GB log file to look through it and try and spot hackers.

Immediately, this line popped up:

17.06.2012 17:59:22: [redacted] - #36 raddWeapon = 'addWeapon'

17.06.2012 17:59:22: [redacted] - #36 raddWeaponcode = compile PreprocessFile (BIS_PathMPscriptCommands + 'addWeapon.sqf')

17.06.2012 17:59:22: [redacted] - #36 raddWeaponCargo = 'addWeaponCargo'

17.06.2012 17:59:22: [redacted] - #36 raddWeaponCargocode = compile PreprocessFile (BIS_PathMPscriptCommands + 'addWeaponCargo.sqf')

17.06.2012 17:59:22: [redacted] - #30 rcreateMarkerLocal = 'createMarkerLocal'

17.06.2012 17:59:22: [redacted] - #30 rcreateMarkerLocalcode = compile PreprocessFile (BIS_PathMPscriptCommands + 'createMarkerLocal.sqf')

17.06.2012 17:59:22: [redacted] - #31 rsetMarkerPosLocal = 'setMarkerPosLocal'

17.06.2012 17:59:22: [redacted] - #31 rsetMarkerPosLocalcode = compile PreprocessFile (BIS_PathMPscriptCommands + 'setMarkerPosLocal.sqf')

I have removed the lines identifying who this was, as I don't want to jump the gun here. Are these lines definite proof of someone injecting scripts or not?

Thanks in advance guys

[deniedfool 4]

Seems like it, I see "addweapon" then "addweaponcargo" looks like they're spawning the infamous weapon crate.

[Lith 80]

2GB log file? Rotate that bad boy out man!

[jskibo 143]

Normal lines. That isn't the Ammo / Weapon crate script

[azunai 32]

totaly legit, you will find yourself with those lines ;)

[brezmans 31]

Alright guys, thanks! I've also found some lines referencing planes and helicopters, but then i've found those with my guid too... It seems like the hackers are able to make it look like someone else does the hack?

[jskibo 143]

The good ones are using a battleye bypass, you'll never see anything in the logs with them. Dumb ones still try stuff like ammo.sqf scripts

[howichrgelazer 69]

Alright guys, thanks! I've also found some lines referencing planes and helicopters, but then i've found those with my guid too... It seems like the hackers are able to make it look like someone else does the hack?

Is the line something like BIS_AirEffects plane explode or something similar like that? (I can't recall the exact name off the top of my head) If so, that is normal as well.

Edited July 21, 2012 by HowIChrgeLazer

[brezmans 31]

Yup, that's the same one HowIChrgeLazer.

I found one using a teleport script, he's banned now.

Also, we found a camp that had a Soldier Clothing in it, any idea how I can find in the logs the person that spawned this? If they did it on this server?

Edited July 21, 2012 by brezmans

[t0pz 173]

Yup, that's the same one HowIChrgeLazer.

I found one using a teleport script, he's banned now.

Also, we found a camp that had a Soldier Clothing in it, any idea how I can find in the logs the person that spawned this? If they did it on this server?

How did you detect the teleport script if i may ask? We are having issues with a hacker teleporting to our members and players on US 266 to kill them.

[brezmans 31]

Really simple, check the logs for the string "teleport". That's ofcourse only if the hacker is a bit of a noob, apparently the smarter ones are able to bypass the logs and inject straight away.

[F4ll3N 28]

would love some kind of DB that shows what bad scripts looks like, impossible to drag the info out of spammed web console and the logs are massive and un parsed..... please move the hive crap to its own log as well it clutters up the console.

[Nadasdy 1]

Ive banned like 10 people in the last couple days for ammo.sqf. I have had a couple people I've caught on my server teleporting and spawning helicopters but there is absolutely nothing in the logs that they are doing anything. I just happened to see it first hand.