Jump to content
DayZ Forums

Forums Announcement

Read-Only Mode for Announcements & Changelogs

Dear Survivors, we'd like to inform you that this forum will transition to read-only mode. From now on, it will serve exclusively as a platform for official announcements and changelogs.

For all community discussions, debates, and engagement, we encourage you to join us on our social media platforms: Discord, Twitter/X, Facebook.

Thank you for being a valued part of our community. We look forward to connecting with you on our other channels!

Stay safe out there,
Your DayZ Team

Sign in to follow this  
Followers 0
itze1337

Hacker DE 822 and server MOTD ABUSE

By itze1337, in Mod Servers & Private Hives

Recommended Posts

itze1337    1

itze1337
Posted

* Server this happened on.

DE 822

* Time that it happened including your timezone.

2012-08-08 9:00 PM - Central European Summer Time

* What happened during the incident.

First: Hacker spawned all players to one location (about 30 meters into the air), I instantly logged off and restarted the server (within 10 seconds of the incident). By that I saved the lives of some players.

Second: After I logged back in to lobby, I saw, that the Server MOTD was altered or someone was abusing it (don't know how). It contained some URLs (hacker/trojans, stuff) like dayzmod.in or dayzmod.in/laid.php and such stuff.

Here are screenshots and information considering the incident:

https://www.dropbox.com/sh/g4et02iktei210g/_gSXVKyndY

Share this post

Link to post
Share on other sites

Steiyn    6

Steiyn
Posted

This is more advanced then the normal script kiddies you find.. could be the owner of the server or this guy is a real hacker and not some scripting moron.

Share this post

Link to post
Share on other sites

[email protected]    4

marc.gaehwiler@gmail.com
Posted (edited)

Are you using an own dedicated server? If yes be sure to rename your configuration file (cfgdayz/server.cfg by default) to something not as easily guessable. As far as I know there are some scripts out there which allow everybody to get any file in the operation arrowhead directory, if he knows it's exact path. It's generally a good idea to move your server configuration directory (with the server.cfg, the .RPT log and the BattlEye files to a folder, which is not in your operation arrowhead directory.

After you've done that you have to apply these changes to the arma2oaserver.exe launch options (-profiles=<path to your new profile location where the server.cfg and stuff is> -config=<path to you renamed server.cfg>

An example: If you rename your cfgdayz folder to US123_RND and rename the server.cfg in that folder to server_1234.cfg the launch options should be -profiles=US123_RND -config=US123_RND/server_1234.cfg.

But if the "hacker" could change your MOTD, he has to have access to the server over commandline/MSTSC, which implies that you have bigger security issues. If it is possible that your server has been breached I don't see another possibility than to reset your whole server.

Edited by DrEpic
  • Like 2

Share this post

Link to post
Share on other sites

itze1337    1

itze1337
Posted (edited)

The server is hosted by gamed.de, i have no chance to change any settings or stuff.

Edited by itze1337

Share this post

Link to post
Share on other sites
Sign in to follow this  
Followers 0
Go To Topic Listing Mod Servers & Private Hives
×