Distressed Admin -- Tired 24/7 Hacker attacks.

[Grufftech 10]

So I run US124-127. Recently, It seems hacker attacks have been insane. In the last 24 hours, i've recieved almost 45 tweets from people complaining of hackers.

I run BattleEye. I'm running uptodate copies of scripts.txt, bans.txt, ban.txt. I'm up to date with the latest arma2 beta, I run BEC... Scripts.log is broken since the last Arma2 Beta patch, and even then, its gigabyte of logs for 1 line that means nothing because there's no documentation on "bad scripts".

Constant reports of teleport hackers. hackers giving people free guns an ammo. Overloaded with the amount of hacker complaints that I seemingly can do nothing about.

As an admin trying to be responsible, Please, for the love of god, move server security higher up the to-do list, or pressure Bohemia to push DayZ high on its list, you guys are their money ticket currently, surely you have some muscle to move stuff on their priority list.

I don't want to pull down my servers, but between complaints and trying to find needle-in-haystack style log entries, I can't do this much longer.

Maybe I'm doing something wrong. Other server admins? How are you coping with the insane amount of hacker complaints? How do you parse gigabytes of log files (99.99% of them are clean log entries)? What are you using for logs, did everyone's log break?

-- Adam

Edited August 2, 2012 by Grufftech

[Scrumilation 16]

And the best part is that we can't do shit about it, gotta love this game's anti-cheat!

[ZedsDeadBaby 2287]

And the best part is that we can't do shit about it, gotta love this game's anti-cheat!

Seems pretty effective based on the ban appeals forum.

Do you expect it to catch them before they cheat? Like some kind of Minority Report cheat prevention system?

[mikhail 65]

I don't run a dayz server but I have run my own before with other games. All I gotta say is I feel your pain brother. It really sucks to see BE just be completely useless and then add in the fact that you guys are pretty much powerless to do much of anything.

I just hope bohemia/BE realize how much of an issue this is and how important it is to tackle this quickly and what will happen if they don't.

Good luck bud. I hope you get some help soon. In the mean time keep yer chin up.

[mikhail 65]

Seems pretty effective based on the ban appeals forum.

Do you expect it to catch them before they cheat? Like some kind of Minority Report cheat prevention system?

you've got to be kidding me. the ban appeals forum is mostly from people getting banned for something else on a certain server....not a BE ban.

At this point it's common knowledge that there is a bypass for BE and from there hackers can run whatever scripts they want. As the mod has increased in popularity the hacking has increased dramatically. What's making matters worse is that it's not like some hacker is just running an aimbot. You've got a single person taking out an entire server. The end result is that even only a small group of hackers could affect hundreds (even thousands) of players.

[*=LP=*Cpt.Kawa 57]

From outside it seems that BI/BE don't care that much about the hackers in DayZ or are helpless either way hacking is really heavy atm. So maybe take 3 of your 4 servers down, password the remaining one and whitelist players somehow. Probably the only way to deal with this.

[famematt 7]

Im an admin on a server aswell.

Hacking has been really really bad since sunday night.

Reports about every hour after about 3 PM (when school gets off, coincidentally) :(

Not much i can do. Even with the logs not much can be proven....

[Chong.sx3 0]

My friend and I were hacked yesterday, teleported than wasted. First time for that, and I'm pretty upset about it. I can't wrap my head around why anyone would want to do such a thing in the first place. It defeats the immersion quality of gaming to hack, so why the hell would you play it?! This needs to be addressed immediately imo, otherwise this game is unplayable. To work for days to set things up than get teleported? I can handle bandits but this is ridiculous.

[Grufftech 10]

Yeah. As a player, I haven't really played since "thunderdome" hack was introduced. I'm currently hiding offline because I dont want to loose my NVG's and M4A3. I wont be playing until the hacker attacks stop, or in the very least become a rare thing. Its a every-20-minutes hack on our servers atm. Completely unplayable.

As an admin, I can't in good conscience keep these servers online when I know for a fact all my users will die & loose all their hard-earned loots to some hacker.

Edited August 2, 2012 by Grufftech

[fighter139 191]

Hacking has had a sudden resurgence.

Doesn't help that BattlEye has proven itself to be a steaming pile of shit. Would prefer Punkbuster over this. PB-protected games are MUCH better compared to this.

I feel for you OP, same thing has been happening on US264.

[nik21 287]

Hacking has had a sudden resurgence.

Doesn't help that BattlEye has proven itself to be a steaming pile of shit. Would prefer Punkbuster over this. PB-protected games are MUCH better compared to this.

Yeah because the games which are currently supported by it have no engine you could "hack" like the Real Virtuality of Arma 2. This engine gives us many freedom and possibilities with mods and our own scripts, but also hackers to abuse this possibilities. No matter what AC you use. People like you are the perfect of having no fucking idea what they're talking about.

[Maxxgold (DayZ) 62]

Seems pretty effective based on the ban appeals forum.

Do you expect it to catch them before they cheat? Like some kind of Minority Report cheat prevention system?

You would think with 1400 + posts you wouldn't be such a dumb ass.

[zq7 67]

Hacking has had a sudden resurgence.

Doesn't help that BattlEye has proven itself to be a steaming pile of shit. Would prefer Punkbuster over this. PB-protected games are MUCH better compared to this.

I feel for you OP, same thing has been happening on US264.

This. Sucks.

From a quick google search I found out that there is apparently a new BE bypass for sale (lol) by a known group.

All we can do is hope that BE is on top of things and there is a ban wave coming within the next few days.

ps. it looks like we are dealing with 500+ script kiddies seeing how that site has had almost 900 unique registered users in the past 24 hours.. and that is just one site I looked at.. no idea how many of these are out there.

[walkerbait421 19]

How to deal with it? Shut down the server immediately (quick 1 minute warning if possible, or no warning if everyone is dying) Make sure you are in contact with a few who are on the server often so you can get the reports in timely. Try to check the logs for anything obvious (but usually is not). But a server shut-down temporarily usually clears things up, as they move on to another server. So basically there is no way to prevent hacking, but you can minimize it and prevent it from continuing for any length of time. Takes a decent investment of time. I contemplate giving up on this crap daily.

[SmashT 10907]

Most hacked game I've ever seen to be honest. It won't be resolved until DayZ moves away from the ArmA engine.

Edited August 2, 2012 by smasht_AU

[nik21 287]

It's not the most hacked game, the problem is just:

1 Hacker/Script kiddie can easily fuck up 70 players at once (70 player server e.g.). So there's 1 Hacker and 70 people are screaming: "Hurr Durr Hackz0rs are outta Control!!!1111!!"

The Arma Engine just makes everything possible even though the Anti-Cheat is really good.

[Gogster (DayZ) 626]

It's not the most hacked game, the problem is just:

1 Hacker/Script kiddie can easily fuck up 70 players at once (70 player server e.g.). So there's 1 Hacker and 70 people are screaming: "Hurr Durr Hackz0rs are outta Control!!!1111!!"

The Arma Engine just makes everything possible even though the Anti-Cheat is really good.

You're insane.

On so many levels.

[nik21 287]

You're insane.

On so many levels.

Trust me, another Anticheat wouldn't do any better. Or worse.

[Gogster (DayZ) 626]

Trust me, another Anticheat wouldn't do any better. Or worse.

I don't trust you and you're wrong.

[duffman666qc@live.ca 23]

Trust me, another Anticheat wouldn't do any better. Or worse.

If You Don't Know What You're Talking About, Just Don't Post On Forum...

Alright! Battle-Eye Is Not Programmed To Counter "PvP Hacks" , Because Arma 2 Is A Coop Game (Nobody Hacks In Arma 2, Its Pointless)

That's Why Battle-Eye Is Useless For Dayz (People Bringing PvP Hacks).

BUT Punk Buster And VAC Are PvP Anti-Hack (Software Is Programmed To Counter PvP Hacks)

Are Using Different Anti-Cheat/Hacks Method (Working Very Well)

And Changing Anti-Cheat Software Cost A LOT of Money (You Probably Dont Understand, But Its Not Easy As It Sound Changing Anti-Cheat Software)

They Wont Change Anti-Cheat Method Until The Stand-Alone.

OR if Bohemia Decide To "UPDATE" Their Anti-Cheat

(Need A BIG and Expensive Update)!

Update: Since Arma 2 Is On Steam Maybe Its Possible For Them To Change For VAC (but Probably Cost A Lot Of Money To Bohemia)

Edited August 2, 2012 by Duffman

[Sna.ke 43]

If You Don't Know What You're Talking About, Just Don't Post On Forum...

Alright! Battle-Eye Is Not Programmed To Counter "PvP Hacks" , Because Arma 2 Is A Coop Game (Nobody Hacks In Arma 2, Its Pointless)

That's Why Battle-Eye Is Useless For Dayz (People Bringing PvP Hacks).

BUT Punk Buster And VAC Are PvP Anti-Hack (Software Is Programmed To Counter PvP Hacks)

Are Using Different Anti-Cheat/Hacks Method (Working Very Well)

And Changing Anti-Cheat Software Cost A LOT of Money (You Probably Dont Understand, But Its Not Easy As It Sound Changing Anti-Cheat Software)

They Wont Change Anti-Cheat Method Until The Stand-Alone.

OR if Bohemia Decide To "UPDATE" Their Anti-Cheat

(Need A BIG and Expensive Update)!

Update: Since Arma 2 Is On Steam Maybe Its Possible For Them To Change For VAC (but Probably Cost A Lot Of Money To Bohemia)

Just based on your MiXeD CaSe i can tell you probably don' know what you're talking about.

First of all, game modes doesn't matter to anti-cheat software (like VAC and PunkBuster). Both are used in PvP and PvE (co-op) games and both do very good jobs.

Anti-cheat software's purpose is to prevent modified game files and memory/code injection in the game client. It does not have deep levels of integration to monitor player gameplay or anything like that. It simply monitors memory, DLLs, and common injection methods for "fishy" stuff going on in the user's game client.

The problem it seems with BattlEye is it has an odd ability to be so easily bypassed. For the last month or so we've been hearing rumblings about most hackers being catchable, but some were using bypasses that didn't appear in the log files. In the last week or two, it seems these bypasses became public and hacking has just EXPLODED.

It's not all BattlEye's fault. ARMA2 is designed to be script and it's designed to accept the game client's word/commands as valid, even in scenarios where what the game client is suggesting should be ignored.

The one thing you are right about is that switching would be expensive. VAC is only an option of the game is required to run through Steam (which ARMA2 is not) so that's out. That leaves PunkBuster which would have expensive licensing. Integrating it into the game would also require development time and extensive testing. At the end of the day, using a piece of software that has proven itself as valid vs one that has proven itself as bypassable is probably the right choice.

Just another thing to point out that is mildly amusing: When talking about VAC and PunkBuster, cheaters/script kiddies/hackers refer to being "undetectable" by VAC and PunkBuster. In BattlEye it's referred to bypassing the software completely. Kind of scary.

[nik21 287]

If You Don't Know What You're Talking About, Just Don't Post On Forum...

Alright! Battle-Eye Is Not Programmed To Counter "PvP Hacks" , Because Arma 2 Is A Coop Game (Nobody Hacks In Arma 2, Its Pointless)

That's Why Battle-Eye Is Useless For Dayz (People Bringing PvP Hacks).

BUT Punk Buster And VAC Are PvP Anti-Hack (Software Is Programmed To Counter PvP Hacks)

Are Using Different Anti-Cheat/Hacks Method (Working Very Well)

And Changing Anti-Cheat Software Cost A LOT of Money (You Probably Dont Understand, But Its Not Easy As It Sound Changing Anti-Cheat Software)

They Wont Change Anti-Cheat Method Until The Stand-Alone.

OR if Bohemia Decide To "UPDATE" Their Anti-Cheat

(Need A BIG and Expensive Update)!

Update: Since Arma 2 Is On Steam Maybe Its Possible For Them To Change For VAC (but Probably Cost A Lot Of Money To Bohemia)

Congratulations, you just disqualified yourself from a proper discussion about Anticheats.

First off, BIS will not change to VAC because Arma 2 is not a steam bound game. VAC would be the worst decision anyway, because it's doing delayed bans meaning it bans people weeks or months after the actual cheat detection. So hackers would have enough time to fuck up the servers anyway.

Cheat detection itself has nothing to do of a game being PvP or PvE or whatever. Arma 2 has PvP as well as PvE Game modes, and an AC does not care about that. VAC is as well integrated in co-op games.

BattlEye scans the game and the system in RAM and on HDD, mainly using generic methods that globally catch all cheats/hacks of one type (heuristic).

The BE Client and the BE Server communicate with each other through the game's netcode. In addition, there is the BE Master which is queried for new core software and cheat detection updates. The BE Client (as well as the BE Server) runs within the game, which allows a better detection of Cheats. (VAC for example is using the Steam Client). The BE Server and BE Client are communicating via highly encrypted network packets enforcing quick and constant responses from all BE Clients and instantly kicking violating players (as well as Globally banning since the DayZ central server had to be dropped once).

PunkBuster is designed similar but most likely used in (First-Person) Multiplayer Shooters. Having features like the PBSS function which is pretty much useless in Arma since most types of Hacks aren't using any kind of ESP or Radar Hack - and being the first thing bypassed by actual cheats - but abusing the possibilities of the engine to spawn something, drop bombs or something like that. And if there is a professional coder, doing his own stuff, there's just nothing you can do about it, no matter if you use BattlEye, VAC, PunkBuster, GameGuard, Hackshield, UAC, Xray, TZAC or all of them together, it won't become much better. BattlEye has done the job for Arma 1 and has been doing for Arma 2 before you even heard about this game.

DayZ is just being flooded by new players, attracts cheaters and it just takes some time to eliminate all the upcoming hacks, public ones as well as private ones.

---------------

And If you feel like you found an unknown cheat for Arma 2/ DayZ, send an e-mail to support@battleye.com.

Edited August 2, 2012 by Nik21

[Gogster (DayZ) 626]

Said stuff.

BE fundamentally lacks the ability to send data to a remote client, take screenshots and load custom checks.

How can you say that PB wouldn't do a better job?

[nik21 287]

BE fundamentally lacks the ability to send data to a remote client, take screenshots and load custom checks.

How can you say that PB wouldn't do a better job?

The screenshot functionality could be easily implented, but BE is designed to have close to zero impact on performance and network load. Other reasons see my post above.

You can also add you own custom checks for BE as mentoied here: http://forums.bistudio.com/showthread.php?131759-New-BattlEye-features-for-server-admins <- similar to the PunkBuster CVAR Check

And one thing why I prefer BattlEye in Arma: Public cheats get detected extremely fast. Maybe you've read about the BE bypass released to public yesterday? It's detected already. PB usually needs a few days or sometimes up to a week to do that job (since they also have 20 other games to support - and Battlefield 3 for example does not have many less cheaters).

[theo@theodormay.com 49]

Grufftech I don't mean to sound like a downer but you are pretty much SoL. Hackers love to find populated servers because then they have the biggest impact. Combine that with the fact that you are running servers for a very popular Machinima/Gaming site and that makes you a prime target. I don't know if it would help but not advertising that they are hosted by RoosterTeeth might help a bit. I notice on my own server that once we hit 35-40 people online the chances of hacking increases.

As for logs, I just look at the scripts.log and the .rpt log to check for anything that seems out of the ordinary. Sadly 99/100 times it isn't enough to prove anything because you have no clue if that person hacked or the hacker made them do it via scripts.

P.S.: I have always been a fan of the RT servers, it is where I learned of the game and learned how to survive.

Edited August 2, 2012 by TheLaughingMan