DayZ Anti-Hax - a very simple server-side console application for automatically banning hackers in DayZ

[madkowa@gmail.com 11]

DayZ Anti-Hax is a very simple server-side console application for automatically banning hackers from a DayZ server. Utilizing some of the new features first introduced with the latest BattlEye update (v1.158) and ArmA 2 OA beta patch 95883, DayZ Anti-Hax parses server logs for only the most obvious hacker behavior and adds those deemed nefarious to the server's ban list. When used in combination with Battleye Extended Controls, which can automatically reload a server's ban list while it is running, this is a completely automated solution that requires little to no maintenance, making DayZ Anti-Hax an extremely useful tool when used in combination with good 'ol fashion manual log combing.

Project Page on Google Code: http://code.google.c.../dayz-anti-hax/

Original Reddit Post: http://www.reddit.co...simple_console/

Before asking a question here, please read the FAQ!

Edited August 15, 2012 by GreyEcho

[Remus (DayZ) 8]

The use of a global ban list? What crap. You realize if some power hungry admin bans a player from their server for raiding their tents, that player now would then be banned from many servers using that global ban list....

PS: It talks about the use of a global ban list in the first link the OP gives.

Edited August 15, 2012 by Remus

[Psyl3nt 125]

Look slike the streaming PBbans type deal, which works fairly well.

[madkowa@gmail.com 11]

The use of a global ban list? What crap. You realize if some power hungry admin bans a player from their server for raiding their tents, that player now would then be banned from many servers using that global ban list....

PS: It talks about the use of a global ban list in the first link the OP gives.

The DayZ Community Banlist is an intuitive started by a DayZ developer. Any bans submitted require concrete evidence, otherwise the ban is discarded. Each ban is carefully examined manually. This combined with the fact that DayZ Anti-Hax does not push bans to the list, only pulls makes this feature of the program almost fool-proof.

EDIT: Added an FAQ entry about this, thank you.

Edited August 15, 2012 by GreyEcho

[symptom 185]

Interesting....But I think I'll wait till I get some positive feedback from DayZ staff before using this.

[Cyphersphere 0]

I run this on my server. Its a good little security addition, on the first run it caught one very obvious offender and actually banned him twice. It looks like it flags bans for each log type. I look forward to future versions.

[Torndeco (DayZ) 46]

From the sites faq

In the case of 'remoteexec.log', it is very liberal with its bans because this log should be configured to contain only illegal remote execution of scripts on the server and/or other clients.

Last i checked u cant assume all entries in remoteexec.log are all people hacking

http://dayzmod.com/forum/index.php?/topic/71904-new-major-battleye-anti-cheat-features/page__st__20#entry686256

One simple example is helicopter crashes.

For now, ignore anything related to BIS_Effects_AirDestruction, we've looked into BIS_Effects_Burn and aren't 100% sure all logged instances of it are legitimate, but many are, so we'll have to see what can be done with that.

Personally i perfer manual way atm, but its an interesting idea

[madkowa@gmail.com 11]

From the sites faq

Last i checked u cant assume all entries in remoteexec.log are all people hacking

http://dayzmod.com/f..._20#entry686256

Personally i perfer manual way atm, but its an interesting idea

DayZ Anti-Hax includes a modified version of remoteexec.txt specifically designed to ensure that anything that appears in remoteexec.log can be considered a hack. As of right now, it is the same as the one available from the DayZ Community Banlist. For example, those explosion effects you mention are one of the many I consider false-positives and filter out to prevent inappropriate banning. Again, I've tried to take a conservative route with this tool; it won't ban all hackers, but it will certainly catch many. It also isn't for everyone; if you don't trust it, don't use it. That said, quite a few servers are now running this tool with positive results.

Edited August 15, 2012 by GreyEcho

[ryahn 112]

Will be adding this to my program

[mdevch 12]

we are using this too, its a good solution so far.

[WalBanger 11]

ok i just got kicked from a server saying i need to sign up for this, on this forum....

But where/how do i do this??

[ryahn 112]

I have this installed and I havent been kicked

[madkowa@gmail.com 11]

ok i just got kicked from a server saying i need to sign up for this, on this forum....

But where/how do i do this??

I don't understand, there's nothing to sign up for here. This is a server-side console application for DayZ servers. Were you kicked from a server running this program?

[ribbles 2]

I was on your server tonight (US 1534) on sniper hill and noticed the entire firehouse behind the powerplant was blown up, and a tree on sniper hill was as well. I was there for about an hour and noone was around and suddenly the small building/hut on the side of the powerplant spontaneously blew up with no apparent cause. Any idea what was going on? Must have been around 10-11pm EDT on 8/16

[Ped 80]

The DayZ Community Banlist is an intuitive started by a DayZ developer. Any bans submitted require concrete evidence, otherwise the ban is discarded. Each ban is carefully examined manually. This combined with the fact that DayZ Anti-Hax does not push bans to the list, only pulls makes this feature of the program almost fool-proof.

EDIT: Added an FAQ entry about this, thank you.

Who is the developer you mention. I think it's common knowledge DayZ has only one developer, Rocket.

[madkowa@gmail.com 11]

I was on your server tonight (US 1534) on sniper hill and noticed the entire firehouse behind the powerplant was blown up, and a tree on sniper hill was as well. I was there for about an hour and noone was around and suddenly the small building/hut on the side of the powerplant spontaneously blew up with no apparent cause. Any idea what was going on? Must have been around 10-11pm EDT on 8/16

There's nothing unusual to report in the logs. It sounds like either a helicopter or something exploded or someone was using grenades and/or satchel charges (i.e. there are possible legitimate reasons for what you experienced). Also, in the future, please send me a private message or an email for reports like this. I want to keep this thread strictly on-topic. Thanks in advance.

Who is the developer you mention. I think it's common knowledge DayZ has only one developer, Rocket.

DayZ may only have one "real" developer, Rocket, but it does have support staff, one of whom is Jens, the individual I spoke to and the one spearheading the DayZ Community Banlist. I also spoke to Dwarden, a developer at Bohemia Interactive.

Edited August 17, 2012 by GreyEcho

[KayLuz 1]

Seems great. Been using this on my server which is highly populated with high success rates. Ofocurse just now it can't be a full replacement for manuall log checking but it takes a lot of work out for me.

Thanks.

[SqTH 260]

Its fucking awesome.

I don't need to manually ban players anymore.

[khalimerot 76]

Oh yeah ,

we finally can die in peace , and no false positiv until now

Edited August 17, 2012 by khalimerot

[madkowa@gmail.com 11]

DayZ Anti-Hax v0.4 has been released. For a full list of changes and a download link, please click here to be redirected to the project's Google Code page.

[(OCN)Vortech 65]

Nice work so far, looks promising. Do you have any intentions to also automate a way for this to benefit the community? I'm not familiar with your solution as I haven't installed it on any of our servers but can you make it easier in any way for your users to contribute to the community ban list (http://code.google.com/p/dayz-community-banlist/issues/list)?

[snipes1031 1]

Does this require a dedicated server or can I install it/get it installed on my managed server?

[madkowa@gmail.com 11]

Nice work so far, looks promising. Do you have any intentions to also automate a way for this to benefit the community? I'm not familiar with your solution as I haven't installed it on any of our servers but can you make it easier in any way for your users to contribute to the community ban list (http://code.google.c...ist/issues/list)?

As of v0.3, DayZ Anti-Hax already pulls bans from the DayZ Community Banlist, however it does not push them. This is because while I am confident in the bans my solution makes, DayZ Community Banlist is more tailored for manual bans than it is automatic ones. Perhaps in future iterations I'll include an optional global ban list for all DayZ Anti-Hax users to tap into (and perhaps non-users too to give back to the community), but in the meantime, the current feature set will have to do. This is a suggestion I'll take to heart though, and thanks for your comments.

Does this require a dedicated server or can I install it/get it installed on my managed server?

You will need your server provider to set this up for you if you are not under a dedicated server. Most should be able to do this for you, just direct them here, here and here. If they are concerned about security, be sure to let them know that the entire project is open-source and hosted on Google Code, so they are free to compile the program themselves if they are uncomfortable downloading an executable directly.

[ryahn 112]

Nice work so far, looks promising. Do you have any intentions to also automate a way for this to benefit the community? I'm not familiar with your solution as I haven't installed it on any of our servers but can you make it easier in any way for your users to contribute to the community ban list (http://code.google.c...ist/issues/list)?

Even though he will add an option to allow it. I will adding his system in with mine. My system will be using the community ban list and download it only when its updated.

[khalimerot 76]

Hi ,

one of my friend has been banned from my server with the new version of your software .

I think it's due to the new fuction who ban spamming player in logs .

I have unban my friends , in fact he was experiencing some Hive lags , when trying to put a ghillie

here is the related logs :

18.08.2012 02:23:46: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:325 [1,1,0]

18.08.2012 02:23:46: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:329 [1,1,0]

18.08.2012 02:23:46: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:333 [1,1,0]

18.08.2012 02:23:46: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:337 [1,1,0]

18.08.2012 02:23:46: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:341 [1,1,0]

18.08.2012 02:23:48: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:345 [1,1,0]

18.08.2012 02:23:48: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:349 [1,1,0]

18.08.2012 02:23:48: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:353 [2,0,0]

18.08.2012 02:23:48: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:357 [2,0,0]

18.08.2012 02:23:48: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:361 [2,0,0]

18.08.2012 02:23:48: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:365 [0,2,0]

18.08.2012 02:23:49: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:369 [2,0,0]

18.08.2012 02:23:49: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:373 [0,2,0]

18.08.2012 02:23:49: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:377 [2,0,0]

18.08.2012 02:23:49: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:381 [2,0,0]

18.08.2012 02:23:50: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:385 [2,0,0]

18.08.2012 02:23:50: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:389 [2,0,0]

18.08.2012 02:23:50: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:393 [2,0,0]

18.08.2012 02:23:50: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:397 [2,0,0]

18.08.2012 02:23:50: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:401 [2,0,0]

18.08.2012 02:23:51: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:405 [2,0,0]

18.08.2012 02:23:51: wiccan (85.69.157.137:2304) xxxx - #0 "Sniper1_DZ" 171:409 [2,0,0]

Hope this can help to remove this false positiv ban .

Could you also add a feature who will give date / hours of the ban ,

I could post the complete ban reason on the forum easily with that.

Or your software can manage to have his own logs.

Thank you.

Edited August 18, 2012 by khalimerot