New Major BattlEye Anti-Cheat Features

[disorder 344]

Hi can anyone tell me how many files have the same format as scripts/remoteexec?

What I mean is the format

DATE TIME: NAME (IP) ID - #X

[Magotchi 74]

Have any of you seen or know of BattlEye: Script Restriction #195?

Can't find anything on Google...which leads me to believe it doesnt exist ;)

"#195" means it's the 195th entry in your scripts.txt file. Look at the detection in your scripts.log to see what the script looked like, and then go to line 195 in your scripts.txt, and look in that general area for that detection's entry.

The script detection numbers are server-dependent. The only reason many of them match is that many people use the official scripts.txt.

[hohlraum 9]

19.08.2012 11:57:12: [»©Я«] The End (:2304) - #0 "
if (isServer) then {
		_dsasadsa = createVehicle ['S1203_TK_CIV_EP1', [4898.79, 2291.6, 0], [], 0, 'CAN_COLLIDE'];
		_dsasadsa setVariable ['ObjectID', 5602.6, true];
		dayz_serverObjectMonitor set [count dayz_serverObjectMonitor, _dsasadsa];
		_uid = _dsasa"
19.08.2012 11:57:12: [»©Я«] The End (:2304) - #3 "
if (isServer) then {
		_dsasadsa = createVehicle ['S1203_TK_CIV_EP1', [4898.79, 2291.6, 0], [], 0, 'CAN_COLLIDE'];
		_dsasadsa setVariable ['ObjectID', 5602.6, true];
		dayz_serverObjectMonitor set [count dayz_serverObjectMonitor, _dsasadsa];
		_uid = _dsasa"
19.08.2012 13:12:54: Dylan Coe (:2304) - #0 "
if (isServer) then {
_object = createVehicle ['PBX', [11644.8, 3413.89, 0], [], 0, 'CAN_COLLIDE'];
_object setVariable ['ObjectID', 9654.21, true];
dayz_serverObjectMonitor set [count dayz_serverObjectMonitor, _object];
_uid = _object call dayz_objectUID"
19.08.2012 13:12:54: Dylan Coe (:2304) - #3 "
if (isServer) then {
_object = createVehicle ['PBX', [11644.8, 3413.89, 0], [], 0, 'CAN_COLLIDE'];
_object setVariable ['ObjectID', 9654.21, true];
dayz_serverObjectMonitor set [count dayz_serverObjectMonitor, _object];
_uid = _object call dayz_objectUID"
19.08.2012 13:16:41: Dylan Coe (:2304)  - #0 "
if (isServer) then {
_object = createVehicle ['S1203_TK_CIV_EP1', [11647.6, 3408.86, 0], [], 0, 'CAN_COLLIDE'];
_object setVariable ['ObjectID', 6373.26, true];
dayz_serverObjectMonitor set [count dayz_serverObjectMonitor, _object];
_uid = _object call d"
19.08.2012 13:16:41: Dylan Coe (:2304) - #3 "
if (isServer) then {
_object = createVehicle ['S1203_TK_CIV_EP1', [11647.6, 3408.86, 0], [], 0, 'CAN_COLLIDE'];
_object setVariable ['ObjectID', 6373.26, true];
dayz_serverObjectMonitor set [count dayz_serverObjectMonitor, _object];
_uid = _object call d"

Any idea what is going on here? These guys actually spawning these things or just getting in them or fixing them?

[(OCN)Vortech 65]

Any idea what is going on here? These guys actually spawning these things or just getting in them or fixing them?

createVehicle = ban. Please submit to the CBL(link in my sig). Also in the future you can research specific functions from the other link in my sig.

Edited August 20, 2012 by (OCN)Vortech

[hohlraum 9]

And we're 100% sure on this when these show up in the remoteexec? Seeing a lot of them recently. I submitted the log file.

How are other admins integrating the community ban list into their existing ban files? Does BE have some facility for "including" a secondary read-only ban file?

Edited August 20, 2012 by Hohlraum

[(OCN)Vortech 65]

And we're 100% sure on this when these show up in the remoteexec? Seeing a lot of them recently. I submitted the log file.

How are other admins integrating the community ban list into their existing ban files? Does BE have some facility for "including" a secondary read-only ban file?

Yes, read Dwarden's comments on the topic over at the official BIS forums. If you doubt anything use the commands by function link and check them out yourself. As as administrator its your job to research possible cheaters before you ban/submit them.

As far as integrating the list I pull it and merge it with my start up.

[(OCN)Vortech 65]

As an update keep an eye on your scripts.log, it looks like a new method is somehow attaching spawned items to legit sqf files:

19.08.2012 14:38:44: username (X.X.X.X:PORT) GUIDGUIDGUIDGUIDGUIDGUIDGUID - #106 "a\ui\scripts\handleGear.sqf'; _dummy; player addweapon "BAF_AS50_scoped"; player addMagazine "10Rnd_"

19.08.2012 14:38:44: username (X.X.X.X:PORT) GUIDGUIDGUIDGUIDGUIDGUIDGUID - #115 "yer addMagazine "10Rnd_127x99_m107"; player addBackPack"DZ_Backpack_EP1"; "

While very much a WIP Cheat Finder helps parse the noise http://dayzmod.com/forum/index.php?/topic/42702-cheat-finder-script-parser-for-admins

[byteslam (DayZ) 0]

19.08.2012 12:50:12: Admin (IP:2304) UIDUIDUIDUIDUIDUIDUIDUIDUIDUIDUIDU - #0 "AmmoBoxBig" 242:17 [7749,3185,5]

19.08.2012 12:50:12: Admin (IP:2304) UIDUIDUIDUIDUIDUIDUIDUIDUIDUIDUIDU - #0 "DZ_Backpack_EP1" 242:18 [0,0,0]

19.08.2012 12:50:12: Admin (IP:2304) UIDUIDUIDUIDUIDUIDUIDUIDUIDUIDUIDU - #0 "DZ_Backpack_EP1" 242:19

AmmoBoxBig is not allowed in DayZ or?

[umandez 139]

To stop the global dance script you will need to add this to your remoteexec

5 "playMove"

[byteslam (DayZ) 0]

Hello,

How to block CE - Script Executer v4 ?

Some people use this for execute script without take ban or kick..

Thanks,

Mariko.

Mariko, please REMOVE the link immidiatly, you give these scriptkiddies the information they are looking for.

Write this information in PM to the Battleye team from BI

[sekkari 0]

createVehicle = ban. Please submit to the CBL(link in my sig). Also in the future you can research specific functions from the other link in my sig.

Do NOT ban for this line. It's legit and after little investigation (huge one) it will come for some strange reason.

[hohlraum 9]

On the BIS forums Dwarden says to ban for anything that shows up in the remoteexec.log.

[(OCN)Vortech 65]

Do NOT ban for this line. It's legit and after little investigation (huge one) it will come for some strange reason.

lol, nice try. Show us your "huge investigation" or take your misinformation somewhere else.

On the BIS forums Dwarden says to ban for anything that shows up in the remoteexec.log.

Don't just ban on sight, there are a few things that pop up. Also you need to watch for remote exectuions, especially in the createvehicle. Here is an example of a remoteexec I wouldn't ban for:

19.08.2012 07:41:03: Username (x.x.x.x:port) GUIDGUIDGUIDGUIDGUIDGUIDGUIDGUID - #38 "[this] spawn BIS_Effects_AirDestruction"

19.08.2012 07:41:03: Username (x.x.x.x:port) GUIDGUIDGUIDGUIDGUIDGUIDGUIDGUID - #38 "[this, 8.07061, 13132.9]spawn BIS_Effects_AirDestructionStage2"

19.08.2012 07:41:05: Username (x.x.x.x:port) GUIDGUIDGUIDGUIDGUIDGUIDGUIDGUID - #38 "[this, 8.07061, 13132.9,false,true]spawn BIS_Effects_Burn"

These logs are a work in progress, changing daily.. sometimes hourly. As an admin it is our job to perform our due diligence before banning anyone. Some situations are easier then others, we need to stay on top of things, share, and communicate with one another.

[Magotchi 74]

lol, nice try. Show us your "huge investigation" or take your misinformation somewhere else.

Are you saying you should always ban for anything in createvehicle.log? If you look at a createvehicle.log with the latest DCB createvehicle.txt, you'll see all kinds of things you shouldn't be banning for.

Edited August 20, 2012 by Mister_Magotchi

[Orcworm 18]

Are you saying you should always ban for anything in createvehicle.log? If you look at a createvehicle.log with the latest DCB createvehicle.txt, you'll see all kinds of things you shouldn't be banning for.

I think he's referring to the createvehicle script that pops up in remoteexec.log.

[(OCN)Vortech 65]

Are you saying you should always ban for anything in createvehicle.log? If you look at a createvehicle.log with the latest DCB createvehicle.txt, you'll see all kinds of things you shouldn't be banning for.

Did you even attempt to read my post or just throw your arms up at the first sign of aggression? :/ Please keep up, the context was lost through replies :P createVehicle command, not the log itself.

These logs are a work in progress, changing daily.. sometimes hourly. As an admin it is our job to perform our due diligence before banning anyone. Some situations are easier then others, we need to stay on top of things, share, and communicate with one another.

Edited August 20, 2012 by (OCN)Vortech

[Magotchi 74]

I only saw that you originally said "createvehicle = ban", and told someone off who disagreed. Be civil, please.

EDIT (in reply to your edit): Yeah. The context was indeed lost.

Edited August 20, 2012 by Mister_Magotchi

[sekkari 0]

lol, nice try. Show us your "huge investigation" or take your misinformation somewhere else.

For example this line in logs(scripts.txt):

player (**.***.***.***:2304) 4938f09cb27**********b466b9c5784 - #20 "

if (isServer) then {

_object = createVehicle ['UAZ_CDF', [6085.27, 1865.83, 0], [], 0, 'CAN_COLLIDE

Would you ban ?

Edited August 20, 2012 by sekkari

[(OCN)Vortech 65]

For example this line in logs(scripts.txt):

player (**.***.***.***:2304) 4938f09cb27**********b466b9c5784 - #20 "

if (isServer) then {

_object = createVehicle ['UAZ_CDF', [6085.27, 1865.83, 0], [], 0, 'CAN_COLLIDE

Would you ban ?

You're missing a bit but yeah it looks good http://code.google.com/p/dayz-community-banlist/issues/detail?id=20

[sekkari 0]

You're missing a bit but yeah it looks good http://code.google.c...es/detail?id=20

Yes there might be some missing. That text were in scripts.txt file. Not in remoteexec/createvehicles (or something).

Point is that if/when some admin googles things and see only that "createVehicle = ban" line he starts to ban people.

In that case I posted with that line 3 guys in chopper and 12 guys on the ground would have been banned (including me but not 2 guys in chopper. With their name there was no that kind lines.) WITHOUT reason.

We can't get that new ARMA patch on our server because GSP have problems with that and devs won't help... just screwing with them.And as i heard that new patch screwed 1 server from our provider. That's why we cant get remoteexec/createvehicles work...

Edited August 20, 2012 by sekkari

[Frop 33]

What about this one? I'd say it's a fairly creative alternative to spawning in high-end gear directly (if he's actually cheating).

20.08.2012 22:56:40: <hidden> (<hidden>) <hidden> - #20 "0,2000,0] call BIS_fnc_findSafePos;
_veh = createVehicle ["UH1Wreck_DZ",_position, [], 0, "CAN_COLLI"

[sekkari 0]

What about this one? I'd say it's a fairly creative alternative to spawning in high-end gear directly (if he's actually cheating).

20.08.2012 22:56:40: <hidden> (<hidden>) <hidden> - #20 "0,2000,0] call BIS_fnc_findSafePos;
_veh = createVehicle ["UH1Wreck_DZ",_position, [], 0, "CAN_COLLI"

Crashed chopper ?

[(OCN)Vortech 65]

Yes there might be some missing. That text were in scripts.txt file. Not in remoteexec/createvehicles (or something).

Point is that if/when some admin googles things and see only that "createVehicle = ban" line he starts to ban people.

In that case I posted with that line 3 guys in chopper and 12 guys on the ground would have been banned (including me but not 2 guys in chopper. With their name there was no that kind lines.) WITHOUT reason.

We can't get that new ARMA patch on our server because GSP have problems with that and devs won't help... just screwing with them.And as i heard that new patch screwed 1 server from our provider. That's why we cant get remoteexec/createvehicles work...

I agree with not confusing fellow admins, we all agree the context was lost. That bit about guys in a chopper and on the ground "would have been banned" I don't follow though since you say you don't have a compatible patch running?

What about this one? I'd say it's a fairly creative alternative to spawning in high-end gear directly (if he's actually cheating).

20.08.2012 22:56:40: <hidden> (<hidden>) <hidden> - #20 "0,2000,0] call BIS_fnc_findSafePos;
_veh = createVehicle ["UH1Wreck_DZ",_position, [], 0, "CAN_COLLI"

Gotta give him credit for trying, I bet in a hurry that could get overlooked. Make sure to submit him to the CBL and his thinking outside the box ass.

[Frop 33]

Gotta give him credit for trying, I bet in a hurry that could get overlooked. Make sure to submit him to the CBL and his thinking outside the box ass.

I submitted all of them, but I'm kind of wondering how you double-check all the submissions (obviously it's rather easy to fake a log as opposed to for instance a Punkbuster screenshot).

Edited August 20, 2012 by Frop

[Numi 9]

Hi,

Is there anyway to know which servers are using the filters and ban list from the Community Ban List?