madkowa@gmail.com 11 Posted August 15, 2012 (edited) DayZ Anti-Hax is a very simple server-side console application for automatically banning hackers from a DayZ server. Utilizing some of the new features first introduced with the latest BattlEye update (v1.158) and ArmA 2 OA beta patch 95883, DayZ Anti-Hax parses server logs for only the most obvious hacker behavior and adds those deemed nefarious to the server's ban list. When used in combination with Battleye Extended Controls, which can automatically reload a server's ban list while it is running, this is a completely automated solution that requires little to no maintenance, making DayZ Anti-Hax an extremely useful tool when used in combination with good 'ol fashion manual log combing.Project Page on Google Code: http://code.google.c.../dayz-anti-hax/Original Reddit Post: http://www.reddit.co...simple_console/Before asking a question here, please read the FAQ! Edited August 15, 2012 by GreyEcho 7 Share this post Link to post Share on other sites
Remus (DayZ) 8 Posted August 15, 2012 (edited) The use of a global ban list? What crap. You realize if some power hungry admin bans a player from their server for raiding their tents, that player now would then be banned from many servers using that global ban list....PS: It talks about the use of a global ban list in the first link the OP gives. Edited August 15, 2012 by Remus Share this post Link to post Share on other sites
Psyl3nt 125 Posted August 15, 2012 Look slike the streaming PBbans type deal, which works fairly well. Share this post Link to post Share on other sites
madkowa@gmail.com 11 Posted August 15, 2012 (edited) The use of a global ban list? What crap. You realize if some power hungry admin bans a player from their server for raiding their tents, that player now would then be banned from many servers using that global ban list....PS: It talks about the use of a global ban list in the first link the OP gives.The DayZ Community Banlist is an intuitive started by a DayZ developer. Any bans submitted require concrete evidence, otherwise the ban is discarded. Each ban is carefully examined manually. This combined with the fact that DayZ Anti-Hax does not push bans to the list, only pulls makes this feature of the program almost fool-proof.EDIT: Added an FAQ entry about this, thank you. Edited August 15, 2012 by GreyEcho Share this post Link to post Share on other sites
symptom 185 Posted August 15, 2012 Interesting....But I think I'll wait till I get some positive feedback from DayZ staff before using this. 1 Share this post Link to post Share on other sites
Cyphersphere 0 Posted August 15, 2012 I run this on my server. Its a good little security addition, on the first run it caught one very obvious offender and actually banned him twice. It looks like it flags bans for each log type. I look forward to future versions. Share this post Link to post Share on other sites
Torndeco (DayZ) 46 Posted August 15, 2012 From the sites faqIn the case of 'remoteexec.log', it is very liberal with its bans because this log should be configured to contain only illegal remote execution of scripts on the server and/or other clients.Last i checked u cant assume all entries in remoteexec.log are all people hackinghttp://dayzmod.com/forum/index.php?/topic/71904-new-major-battleye-anti-cheat-features/page__st__20#entry686256One simple example is helicopter crashes.For now, ignore anything related to BIS_Effects_AirDestruction, we've looked into BIS_Effects_Burn and aren't 100% sure all logged instances of it are legitimate, but many are, so we'll have to see what can be done with that.Personally i perfer manual way atm, but its an interesting idea Share this post Link to post Share on other sites
madkowa@gmail.com 11 Posted August 15, 2012 (edited) From the sites faqLast i checked u cant assume all entries in remoteexec.log are all people hackinghttp://dayzmod.com/f..._20#entry686256Personally i perfer manual way atm, but its an interesting ideaDayZ Anti-Hax includes a modified version of remoteexec.txt specifically designed to ensure that anything that appears in remoteexec.log can be considered a hack. As of right now, it is the same as the one available from the DayZ Community Banlist. For example, those explosion effects you mention are one of the many I consider false-positives and filter out to prevent inappropriate banning. Again, I've tried to take a conservative route with this tool; it won't ban all hackers, but it will certainly catch many. It also isn't for everyone; if you don't trust it, don't use it. That said, quite a few servers are now running this tool with positive results. Edited August 15, 2012 by GreyEcho Share this post Link to post Share on other sites
ryahn 112 Posted August 15, 2012 Will be adding this to my program Share this post Link to post Share on other sites
mdevch 12 Posted August 16, 2012 we are using this too, its a good solution so far. Share this post Link to post Share on other sites
WalBanger 11 Posted August 17, 2012 ok i just got kicked from a server saying i need to sign up for this, on this forum....But where/how do i do this?? Share this post Link to post Share on other sites
ryahn 112 Posted August 17, 2012 I have this installed and I havent been kicked Share this post Link to post Share on other sites
madkowa@gmail.com 11 Posted August 17, 2012 ok i just got kicked from a server saying i need to sign up for this, on this forum....But where/how do i do this??I don't understand, there's nothing to sign up for here. This is a server-side console application for DayZ servers. Were you kicked from a server running this program? Share this post Link to post Share on other sites
ribbles 2 Posted August 17, 2012 I was on your server tonight (US 1534) on sniper hill and noticed the entire firehouse behind the powerplant was blown up, and a tree on sniper hill was as well. I was there for about an hour and noone was around and suddenly the small building/hut on the side of the powerplant spontaneously blew up with no apparent cause. Any idea what was going on? Must have been around 10-11pm EDT on 8/16 Share this post Link to post Share on other sites
Ped 80 Posted August 17, 2012 The DayZ Community Banlist is an intuitive started by a DayZ developer. Any bans submitted require concrete evidence, otherwise the ban is discarded. Each ban is carefully examined manually. This combined with the fact that DayZ Anti-Hax does not push bans to the list, only pulls makes this feature of the program almost fool-proof.EDIT: Added an FAQ entry about this, thank you.Who is the developer you mention. I think it's common knowledge DayZ has only one developer, Rocket. Share this post Link to post Share on other sites
madkowa@gmail.com 11 Posted August 17, 2012 (edited) I was on your server tonight (US 1534) on sniper hill and noticed the entire firehouse behind the powerplant was blown up, and a tree on sniper hill was as well. I was there for about an hour and noone was around and suddenly the small building/hut on the side of the powerplant spontaneously blew up with no apparent cause. Any idea what was going on? Must have been around 10-11pm EDT on 8/16There's nothing unusual to report in the logs. It sounds like either a helicopter or something exploded or someone was using grenades and/or satchel charges (i.e. there are possible legitimate reasons for what you experienced). Also, in the future, please send me a private message or an email for reports like this. I want to keep this thread strictly on-topic. Thanks in advance.Who is the developer you mention. I think it's common knowledge DayZ has only one developer, Rocket.DayZ may only have one "real" developer, Rocket, but it does have support staff, one of whom is Jens, the individual I spoke to and the one spearheading the DayZ Community Banlist. I also spoke to Dwarden, a developer at Bohemia Interactive. Edited August 17, 2012 by GreyEcho Share this post Link to post Share on other sites
KayLuz 1 Posted August 17, 2012 Seems great. Been using this on my server which is highly populated with high success rates. Ofocurse just now it can't be a full replacement for manuall log checking but it takes a lot of work out for me.Thanks. Share this post Link to post Share on other sites
SqTH 260 Posted August 17, 2012 Its fucking awesome.I don't need to manually ban players anymore. 1 Share this post Link to post Share on other sites
khalimerot 76 Posted August 17, 2012 (edited) Oh yeah ,we finally can die in peace , and no false positiv until now Edited August 17, 2012 by khalimerot Share this post Link to post Share on other sites
madkowa@gmail.com 11 Posted August 17, 2012 DayZ Anti-Hax v0.4 has been released. For a full list of changes and a download link, please click here to be redirected to the project's Google Code page. Share this post Link to post Share on other sites
(OCN)Vortech 65 Posted August 18, 2012 Nice work so far, looks promising. Do you have any intentions to also automate a way for this to benefit the community? I'm not familiar with your solution as I haven't installed it on any of our servers but can you make it easier in any way for your users to contribute to the community ban list (http://code.google.com/p/dayz-community-banlist/issues/list)? Share this post Link to post Share on other sites
snipes1031 1 Posted August 18, 2012 Does this require a dedicated server or can I install it/get it installed on my managed server? Share this post Link to post Share on other sites
madkowa@gmail.com 11 Posted August 18, 2012 Nice work so far, looks promising. Do you have any intentions to also automate a way for this to benefit the community? I'm not familiar with your solution as I haven't installed it on any of our servers but can you make it easier in any way for your users to contribute to the community ban list (http://code.google.c...ist/issues/list)?As of v0.3, DayZ Anti-Hax already pulls bans from the DayZ Community Banlist, however it does not push them. This is because while I am confident in the bans my solution makes, DayZ Community Banlist is more tailored for manual bans than it is automatic ones. Perhaps in future iterations I'll include an optional global ban list for all DayZ Anti-Hax users to tap into (and perhaps non-users too to give back to the community), but in the meantime, the current feature set will have to do. This is a suggestion I'll take to heart though, and thanks for your comments.Does this require a dedicated server or can I install it/get it installed on my managed server?You will need your server provider to set this up for you if you are not under a dedicated server. Most should be able to do this for you, just direct them here, here and here. If they are concerned about security, be sure to let them know that the entire project is open-source and hosted on Google Code, so they are free to compile the program themselves if they are uncomfortable downloading an executable directly. Share this post Link to post Share on other sites
ryahn 112 Posted August 18, 2012 Nice work so far, looks promising. Do you have any intentions to also automate a way for this to benefit the community? I'm not familiar with your solution as I haven't installed it on any of our servers but can you make it easier in any way for your users to contribute to the community ban list (http://code.google.c...ist/issues/list)?Even though he will add an option to allow it. I will adding his system in with mine. My system will be using the community ban list and download it only when its updated. Share this post Link to post Share on other sites
khalimerot 76 Posted August 18, 2012 (edited) Hi ,one of my friend has been banned from my server with the new version of your software .I think it's due to the new fuction who ban spamming player in logs .I have unban my friends , in fact he was experiencing some Hive lags , when trying to put a ghilliehere is the related logs :18.08.2012 02:23:46: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:325 [1,1,0]18.08.2012 02:23:46: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:329 [1,1,0]18.08.2012 02:23:46: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:333 [1,1,0]18.08.2012 02:23:46: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:337 [1,1,0]18.08.2012 02:23:46: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:341 [1,1,0]18.08.2012 02:23:48: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:345 [1,1,0]18.08.2012 02:23:48: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:349 [1,1,0]18.08.2012 02:23:48: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:353 [2,0,0]18.08.2012 02:23:48: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:357 [2,0,0]18.08.2012 02:23:48: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:361 [2,0,0]18.08.2012 02:23:48: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:365 [0,2,0]18.08.2012 02:23:49: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:369 [2,0,0]18.08.2012 02:23:49: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:373 [0,2,0]18.08.2012 02:23:49: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:377 [2,0,0]18.08.2012 02:23:49: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:381 [2,0,0]18.08.2012 02:23:50: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:385 [2,0,0]18.08.2012 02:23:50: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:389 [2,0,0]18.08.2012 02:23:50: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:393 [2,0,0]18.08.2012 02:23:50: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:397 [2,0,0]18.08.2012 02:23:50: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:401 [2,0,0]18.08.2012 02:23:51: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:405 [2,0,0]18.08.2012 02:23:51: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:409 [2,0,0]Hope this can help to remove this false positiv ban .Could you also add a feature who will give date / hours of the ban ,I could post the complete ban reason on the forum easily with that.Or your software can manage to have his own logs.Thank you. Edited August 18, 2012 by khalimerot Share this post Link to post Share on other sites