DayZ Anti-Hax - a very simple server-side console application for automatically banning hackers in DayZ

[madkowa@gmail.com 11]

Ya I tried joining and it came up with an error saying something and I quit and restarted with out reading it properly....

The second time I tried the same server it gave me the error again nd it was something like "you have been kicked, because this server runs this anti cheat mod and you can't join unless you sign up (or register) at dayz.com/forum"

That's when I did a search for the name of this mod and posted :-/

Your inquiry has already been answered here. Also, please refrain from continuing this conversation here. It appears to be very off-topic. Thanks.

[madkowa@gmail.com 11]

EDIT:

Reading the source it already appears that you are doing this for createvehicle.log entries. Which makes me wonder why you need custom filters for your software? kicking players based on the standard DCBL filters is pretty minor compared to banning them permanently.

My solution is about banning hackers, not letting them get away, because I believe simply kicking them for their actions will make some come back to try something else, and they might be successful in doing so the second time around -- who knows. That was the mentality in creating this parser anyhow, and to that end, custom filters are necessary because the DayZ Community Banlist is about banning only when deemed absolutely sure or necessary while simply kicking and even just logging actions I deem bannable. The ideologies are just very different, which is why each has its own set of filters, and why I don't have DayZ Anti-Hax push bans to the DayZ Community Banlist, I just pull them.

Also, the benefit in my method is that it rarely requires remoteexec.txt to be updated, and since the parser doesn't even look at scripts.txt, all I really have to worry about updating and editing for DayZ Anti-Hax on a daily basis is createvehicle.txt, which barely gets updated as it is.

Edited August 21, 2012 by GreyEcho

[WalBanger 11]

Your inquiry has already been answered here. Also, please refrain from continuing this conversation here. It appears to be very off-topic. Thanks.

It appears very off topic?

You for real?

It's your software or someone doing something to your software that stopped me joining a server..... It's very on topic!!!

But whatever.....

[madkowa@gmail.com 11]

It appears very off topic?

You for real?

It's your software or someone doing something to your software that stopped me joining a server..... It's very on topic!!!

But whatever.....

Your ban was not the result of my solution, it was the result of a completely different program that server is using that happens to have a relatively similar name, so yes, this is completely off-topic. If you would like to continue this conversation further for some reason, please private message me, but please refrain from doing so here. Thanks again.

Edited August 21, 2012 by GreyEcho

[Prion 61]

beans to you sir.

it may not be perfect yet, but it is a great idea and you took a big step forward putting out this first public version

[WalBanger 11]

Your ban was not the result of my solution, it was the result of a completely different program that server is using that happens to have a relatively similar name, so yes, this is completely off-topic.

I wasn't banned I was kicked by YOUR software.... But sure, it's not related

And It was your software as it said it uses "Dayz Anti-Hack"....... Hense why I searched and found this post!

I suppose they could of been lieing and using different software and just using your software name, which I guess still makes it related to ur software and still ON TOPIC.

[(OCN)Vortech 65]

My solution is about banning hackers, not letting them get away, because I believe simply kicking them for their actions will make some come back to try something else, and they might be successful in doing so the second time around -- who knows. That was the mentality in creating this parser anyhow, and to that end, custom filters are necessary because the DayZ Community Banlist is about banning only when deemed absolutely sure or necessary while simply kicking and even just logging actions I deem bannable. The ideologies are just very different, which is why each has its own set of filters, and why I don't have DayZ Anti-Hax push bans to the DayZ Community Banlist, I just pull them.

Also, the benefit in my method is that it rarely requires remoteexec.txt to be updated, and since the parser doesn't even look at scripts.txt, all I really have to worry about updating and editing for DayZ Anti-Hax on a daily basis is createvehicle.txt, which barely gets updated as it is.

Would you consider allowing administrators the control/ability to practice their own ideology? Possibly provide a tool rather then a solution, while your solution is fine.. I imagine more administrator would benefit by opening things up a bit more?

[madkowa@gmail.com 11]

I wasn't banned I was kicked by YOUR software.... But sure, it's not related

And It was your software as it said it uses "Dayz Anti-Hack"....... Hense why I searched and found this post!

I suppose they could of been lieing and using different software and just using your software name, which I guess still makes it related to ur software and still ON TOPIC.

My solution only bans players, it does not kick them, so if you were kicked and not banned by something called 'DayZ Anti-Hax', let alone something similar, I can assure you it was not my solution. And again, for the last time, if you would like to continue this conversation, we can do so via private message, otherwise all we're doing is spamming up this thread and continuing to go off-topic. Despite my complete disagreement with everything you've been saying, I am willing to talk this out and see it through, just not here, so please honor my one request. Thanks again.

Would you consider allowing administrators the control/ability to practice their own ideology? Possibly provide a tool rather then a solution, while your solution is fine.. I imagine more administrator would benefit by opening things up a bit more?

I am certainly willing to make the parser itself more standalone, but how would you suggest I do so/what purpose should it serve? Assuming it should still ban players, are you talking about allowing admins to set their own parameters as far as what is bannable and what is not? If so, I don't see how that's much different than just adding some configuration options allowing admins to turn certain features on and off, which would avoid me having to essentially completely rethink what the parser is supposed to do, if I understand you correctly.

Edited August 22, 2012 by GreyEcho

[Cuthof 2]

What, exactly, does the flood-check block? Seen a lot of wrong bans lately, so it's disabled at least until you can answer the previous question.

[madkowa@gmail.com 11]

What, exactly, does the flood-check block? Seen a lot of wrong bans lately, so it's disabled at least until you can answer the previous question.

Some script kiddies initialize variables calling for the creation of a bunch objects all at once. The flood checking catches this by making sure the accessing of these objects doesn't occur all at once as it would in the case of most scripts of this nature, thereby banning hackers before they have the chance to do anything wrong in the strictest sense.

It is DayZ Anti-Hax's most liberal feature as far as banning hackers is concerned, which is why it can be disabled (though it is still enabled by default, and perhaps this was a mistake on my part), and while large amounts of desync combined with the execution of a bunch of actions all at once can occasionally break the system, I still have it enabled on my server as it has proven its worth to me over the past few days. I've also come across several cases where all of DayZ Anti-Hax's other detection methods have failed, and where without the anti-flooding feature, these tricky SOBs would have managed to continue their reign of terror on my server, which is why I ended up deciding to include it in v0.5 in the first place.

Edited August 22, 2012 by GreyEcho

[realvava 0]

Thx a lot for your work.

I would ask for a filter (or external config) for scripts that are sent to the ban. I need this for myself, I could experiment with some cheat-script on my server.

And i want to edit reasons of bans.

It is possible?

Edited August 22, 2012 by RealVaVa

[malcon 8]

Oke for the info. 5 days online. 34 bans 49 kicks. No cheater on my server. Nice programe. I like this. Thanks m8 i see my server population growing again. Greets Mike

[hohlraum 9]

GreyEcho,

Can your log scanning code deal with a log file being truncated? We rotate our logs by copying them and then truncating them back to zero bytes.

[sfmadmax (DayZ) 1]

We are looking into using this tool on our managed server via Defcon, has anyone had any experience with installing this on managed servers? I saw in an earlier post there shouldn't be any pushback but just wanted to know has successfully installed it via a managed service.

Does the executable need to be run once by an admin @ defcon ? or is it something that continuously runs?

Edited August 22, 2012 by sfmadmax

[hohlraum 9]

sfmadmax, it runs continuously.

[madkowa@gmail.com 11]

Thx a lot for your work.

I would ask for a filter (or external config) for scripts that are sent to the ban. I need this for myself, I could experiment with some cheat-script on my server.

And i want to edit reasons of bans.

It is possible?

This is not possible currently, but it is something I can look into for future releases. I believe I've added all the functionality I need, so it might be good to make the process even more open and allow people to manage the tool on their own.

GreyEcho,

Can your log scanning code deal with a log file being truncated? We rotate our logs by copying them and then truncating them back to zero bytes.

I also truncate my logs every new release of DayZ Anti-Hax (as you should, actually), so no, you should not encounter any problems doing so. :)

sfmadmax, it runs continuously.

This is true, although occasionally you'll want to unban someone who has been banned by this tool (unless you disable log flooding detection, then that chance suddenly becomes a lot less), and the best way to do that involves bringing the tool down temporarily while you do so, then restarting it afterwards. This solution really is meant more for dedicated servers than managed ones, but as long as you are under a good provider with a good support staff, sfmadmax, you should be fine in the long run.

[hohlraum 9]

I also truncate my logs every new release of DayZ Anti-Hax (as you should, actually), so no, you should not encounter any problems doing so. :)

if the remotexec.log is truncated WHILE dayzantihax is running in mean.

[madkowa@gmail.com 11]

if the remotexec.log is truncated WHILE dayzantihax is running in mean.

Still shouldn't be a problem. Just make sure the parser isn't reading the file at the time, which, by default, only happens for about one second out of every minute. Even then, I'm pretty sure I gave it read permissions only, so that might not even matter. I've done this before as well.

[hohlraum 9]

GreyEcho

It's automated bro. No way I can confirm what your software is doing :)

Seeing something strange with your remoteexec.txt. I've had exactly zero new remoteexec.log entries since I started using it. :/ the file looks fine but something very strange is going on. Any ideas?

[madkowa@gmail.com 11]

GreyEcho

It's automated bro. No way I can confirm what your software is doing :)

Seeing something strange with your remoteexec.txt. I've had exactly zero new remoteexec.log entries since I started using it. :/ the file looks fine but something very strange is going on. Any ideas?

Frankly, the script kiddies are probably just getting smarter and realizing what gets them banned and what doesn't. The stuff my parser uses has been out there for a couple weeks now, which has given them ample time to try and come up with something new and, perhaps, undetected. I can confirm all filters are still operating as intended, so there's little else to explain the decrease in remoteexec.log entries. I'll continue to monitor the situation though.

EDIT: I am continuing to get bans via the remoteexec method of detection (as recently as a few minutes ago, actually), so just make sure your filters are up-to-date according to what's available in DayZ Anti-Hax v0.5 and you should be fine -- for now.

Edited August 23, 2012 by GreyEcho

[ryahn 112]

Just a question for you. Do you have it set to download the filters from the community ban list site? This might help keep it up to date.

Also since I have been running your anti-hax, its up to about 7k runs

http://gameboxtools.com/uploads/imagehost/20120823225205380.png

[madkowa@gmail.com 11]

Just a question for you. Do you have it set to download the filters from the community ban list site? This might help keep it up to date.

Also since I have been running your anti-hax, its up to about 7k runs

http://gameboxtools....23225205380.png

I cannot use the DayZ Community Banlist filters as-is because they use a fundamentally different mentality when designing them (e.g. my remoteexec.txt is designed with the expectation that anyone who shows up in remoteexec.log is going to be banned, which is not the case for DayZ Community Banlist's remoteexec.txt). Also, because of the way I've designed my filters, they don't need to be updated very frequently. That said, I do update them when necessary and use the ones the DayZ Community Banlist offers as a reference. Whenever I do this, I commit my changes to our Google Code subversion repository, so you're free to update from there manually or just wait until another major release of DayZ Anti-Hax. There's really no harm in waiting and you're protected either way.

Nice. If you ever feel the number of passes is getting a little ridiculous, you can always just restart the parser to reset the count to 1. :P

Edited August 24, 2012 by GreyEcho

[ryahn 112]

I cannot use the DayZ Community Banlist filters as-is because they use a fundamentally different mentality when designing them (e.g. my remoteexec.txt is designed with the expectation that anyone who shows up in remoteexec.log is going to be banned, which is not the case for DayZ Community Banlist's remoteexec.txt). Also, because of the way I've designed my filters, they don't need to be updated very frequently. That said, I do update them when necessary and use the ones the DayZ Community Banlist offers as a reference. Whenever I do this, I commit my changes to our Google Code subversion repository, so you're free to update from there manually or just wait until another major release of DayZ Anti-Hax. There's really no harm in waiting and you're protected either way.

Nice. If you ever feel the number of passes is getting a little ridiculous, you can always just restart the parser to reset the count to 1. :P

Alright. I have it set to check its memory every so often and it will restart after so much

[madkowa@gmail.com 11]

Alright. I have it set to check its memory every so often and it will restart after so much

Okay. You might not ever reach whatever threshold you set though; I was very careful with my memory usage and C# automatically manages memory. I'm also at a bit more than 7k passes and the parser's memory usage at any given time has either stayed the same or actually gone down since I last restarted it. Perhaps check by how long the process has been running or something instead?

[(OCN)Vortech 65]

I've been meaning to reply to your post earlier but I've been a little busy. We still haven't implemented Anti-Hax on our server BUT I see a large potential problem for admins who have this weekend. A cheater came on one of our server and remotely executed cheats on ALL of our players resulting in the following logs for ALL players:

24.08.2012 10:27:18: USERNAME (IP) GUID - #121 "
_whatIsThis = compile fap_fnExec; call _whatIsThis;
"
24.08.2012 10:27:18: USERNAME (IP) GUID - #122 "
_whatIsThis = compile fap_fnExec; call _whatIsThis;
"
24.08.2012 10:27:18: USERNAME (IP) GUID - #97 "if (isnil ("bInvisibleOn")) then {reyalPyMtcejbo hideObject true;};"

Later the last line was replaced with this

24.08.2012 10:31:15: USERNAME (IP) GUID - #20 "
if (isServer) then {
    _dsasadsa = createVehicle ['M1030', [554.713, 3819.73, 0], [], 0, 'CAN_COLLIDE']; 
    _dsasadsa setVariable"

I assume this would have triggered bans for every player logged if I was running AH on our server so hopefully this helps you guys. There were reports of mass deaths and all vehicles be teleported into the ocean.

Edited August 25, 2012 by (OCN)Vortech