DayZ Anti-Hax - a very simple server-side console application for automatically banning hackers in DayZ

[Magotchi 74]

Thanks for the update.

I hate to be the ultimate nitpicker, but the log shows this for setdamage detections: " for Hacking Damage (30.09.2012 07:18:06: publicvariable.log)". Should be "setdamage.log". :-)

[Omaran 18]

If you reboot the server you will indeed need to restart Anti-Hax. You do not need BEC if you run this, unless you want to restart the server on a schedule.

Thanks, I don't need scheduled restarts, I just wondered if I still needed BEC to reload the ban list.

[muppet1856 25]

Thanks for the update.

I hate to be the ultimate nitpicker, but the log shows this for setdamage detections: " for Hacking Damage (30.09.2012 07:18:06: publicvariable.log)". Should be "setdamage.log". :-)

Updated the source - will be included in the next build.

[muppet1856 25]

Thanks, I don't need scheduled restarts, I just wondered if I still needed BEC to reload the ban list.

Nope. AntiHax will do it.

[maddyn99 (DayZ) 25]

Is there anyway to configure AH to kick or ban players from the setpos.log since BE or BEC doesn't seem able to do it.

[muppet1856 25]

Is there anyway to configure AH to kick or ban players from the setpos.log since BE or BEC doesn't seem able to do it.

It poses a few problems, but I can look at it. Can you add it as an issue to the site? http://code.google.com/p/dayz-anti-hax/

[Omaran 18]

Nope. AntiHax will do it.

Thanks, it does still state on site that BEC is needed to do this though, that is why I asked :)

'Technically, you're all set at this point, however by default, a server's ban list is only loaded when a server starts and not on a regular basis while the server is running. This means that while DayZ Anti-Hax might ban a user while the server is running, that user's ban will not actually be registered until the server has been restarted.

To get around this pitfall, you can use Battleye Extended Controls (BEC), which allows you to run custom scheduled operations at regular intervals or at specific times while your server is running. In our case, we can use it to tell the server to reload the ban list on a regular basis so that DayZ Anti-Hax's bans are registered in a timely manner.'

http://code.google.com/p/dayz-anti-hax/wiki/InstallationInstructions

[nohrt 18]

It seems like the latest version is giving me insane CPU usage.

20-30% usage when scanning guid's

For Science!

Edited October 2, 2012 by nohrt

[muppet1856 25]

It seems like the latest version is giving me insane CPU usage.

20-30% usage when scanning guid's

For Science!

What was it before? I know we are adding some overhead with RCON and the additional log files.

[nohrt 18]

i dont think so...

i can switch back to an older version and give it a shot. Actually... let me do that... ill report back with results.

[muppet1856 25]

Thanks, it does still state on site that BEC is needed to do this though, that is why I asked :)

I think I've correctly adjusted this... Thanks for the catch.

[nohrt 18]

What was it before? I know we are adding some overhead with RCON and the additional log files.

Alright here is a screen cap of me running version 8.0 on 1 server and as you can see cpu usage maxes at 13%. This only lasts 1-2 seconds. In version 8.1 it would take a long time to scan and cpu would stay pinned at 100% **Note pinned at 100% due to 3 servers and 3 instances of DayZantihax 8.1**

Screen Cap

[muppet1856 25]

Alright here is a screen cap of me running version 8.0 on 1 server and as you can see cpu usage maxes at 13%. This only lasts 1-2 seconds. In version 8.1 it would take a long time to scan and cpu would stay pinned at 100% **Note pinned at 100% due to 3 servers and 3 instances of DayZantihax 8.1**

Screen Cap

Can you send me the logs, bans.txt, filters, and lst files you are using? You can submit them in an issue on the Anti-Hax Site. Just zip them up first.

[muppet1856 25]

Alright here is a screen cap of me running version 8.0 on 1 server and as you can see cpu usage maxes at 13%. This only lasts 1-2 seconds. In version 8.1 it would take a long time to scan and cpu would stay pinned at 100% **Note pinned at 100% due to 3 servers and 3 instances of DayZantihax 8.1**

Screen Cap

Just to recap - it appears that you have 30+ days of logs. You need to get that under control and AH will not be such a burden. I recommend you use a batch file or something to rotate your logs.

[worsin 16]

taking issue up with community ban list

Edited October 12, 2012 by worsin

[madkowa@gmail.com 11]

I am going to say to everyone that this program is total crap.

I used it for a while and never ran with it on because it would ban people using the community ban list that i knew were not hackers.

Those people are no longer playing so i started it up again and guess what happened.

It banned me from my own server saying i was on the community ban list.

I can guarantee you that as the owner of a server and someone who only plays on his own server i have never hacked. I have no idea where to petition to have myself removed from this obviously inaccurate list now.

All someone has to do is find out what your GUID is and attach fake info to the ban list and WHAMMO your banned from all servers that use Anti-Hax.

I have even checked with the community ban list website at http://code.google.c...hax/issues/list and my GUID is no where to be found.

Complete garbage!!!

Sounds like you have a bone to pick with the guys running the DayZ Community Banlist, not the developers of DayZ Anti-Hax. Take this issue up with them, or continue to complain here where no one can help you and talk shit to people who are just trying to make your server a better place to play. Your choice.

[worsin 16]

Sounds like you have a bone to pick with the guys running the DayZ Community Banlist, not the developers of DayZ Anti-Hax. Take this issue up with them, or continue to complain here where no one can help you and talk shit to people who are just trying to make your server a better place to play. Your choice.

I thought it was run by Anti-Hax. Forgive my hasty judgement. I will contact them i guess.

[worsin 16]

I have found the problem with my being banned.

I am running a private server. The remoteexec.txt file throws false positives for my private server so i have been using the suggested version given on the FAQ for ANTI-HAX.

Here is the big issue im having with your software. The config file you provide that is supposed to allow me to disable auto-updating that file does not work.

I have set this to FALSE and even REMOVED THE PATH to the file as shown below.

remoteexecURL=http://
remoteexecUpdate=false

Yet it still updates with the version that i cannot use and ends up banning everyone for false positives.

So in the end all of this was absolutely caused by Anti-Hax simply not working as it is supposed to.

[muppet1856 25]

I have found the problem with my being banned.

I am running a private server. The remoteexec.txt file throws false positives for my private server so i have been using the suggested version given on the FAQ for ANTI-HAX.

Here is the big issue im having with your software. The config file you provide that is supposed to allow me to disable auto-updating that file does not work.

I appreciate the feedback. What version are you using so we can fix it?

[worsin 16]

I appreciate the feedback. What version are you using so we can fix it?

I am using version 8.0

Also to make sure im doing this right...i only reboot Anti-Hax after making these changes not the server.

Do i need to be rebooting the server also?

[muppet1856 25]

I am using version 8.0

Also to make sure im doing this right...i only reboot Anti-Hax after making these changes not the server.

Do i need to be rebooting the server also?

Nope. You have that right.

You need to get the latest version of AH though. Specific bug fixes are already integrated to address this.

[worsin 16]

Just updated my anti-hax to most recent version and ran it with the following settings.

// The IP Address of the server
serveraddress=127.0.0.1
//The port of the server
serverport=2302
//The RCON password
serverpassword=XXXXX
// Defines how frequently DayZ Anti-Hax checks log files for hacks (in seconds)
parsingFrequency=30
// Enable / Disable Protected by Anti-Hax message
shouldShowMessage=true
// Defines the number of parses before showing the Protected by Anti-Hax message.
messageFrequency=120
// Defines the number of parses before updateing the filter update frequency.
filterFrequency=2500
//Defines the number of parses before updating from the Community Ban List.
banlistFrequency=3
//Use the Community Ban Lists (WARNING: Turning this off could result in hackers.)
shouldUseCBL=false
// Defines whether or not DayZ Anti-Hax should check for log flooding in createvehicle.log
// WARNING: If your server frequently encounters long periods of desync, you may want to disable this feature to prevent false-positive detections
shouldCheckForFlooding=false
// URLS This will take dw_scripts.txt and save it as scripts.txt etc.
scriptsURL=http://dayz-community-banlist.googlecode.com/git/filters/scripts.txt
scriptsUpdate=false
publicvariableURL=http://dayz-community-banlist.googlecode.com/git/filters/publicvariable.txt
publicvariableUpdate=true
publicvariableScan=true
setdamageURL=http://dayz-community-banlist.googlecode.com/git/filters/setdamage.txt
setdamageUpdate=true
createvehicleURL=http://dayz-community-banlist.googlecode.com/git/filters/createvehicle.txt
createvehicleUpdate=true
createvehicleScan=true
publicvariablevalURL=http://dayz-community-banlist.googlecode.com/git/filters/publicvariableval.txt
publicvariablevalUpdate=true
setposURL=http://dayz-community-banlist.googlecode.com/git/filters/setpos.txt
setposUpdate=true
remoteexecURL=http://dayz-community-banlist.googlecode.com/git/filters/remoteexec.txt
remoteexecUpdate=false
remoteexecScan=true
mpeventhandlerURL=http://dayz-community-banlist.googlecode.com/git/filters/mpeventhandler.txt
mpeventhandlerUpdate=true
mpeventhandlerScan=true

But it seems to be throwing an error. See Screenshot.

I have anti-hax in my battle-eye directory...same one i had before when it was working but banning everyone lol

Edit Update:

I have been running this for about 30 min now and just looked at my remoteexec.txt file and it has been updated automatically even though i have it set to false in the config. I am rebooting anti-hax now and just replaced that file with my working version again to test but i think that anti-hax is still bugged and ignoring my "false" setting.

Edited October 12, 2012 by worsin

[Magotchi 74]

Everyone subscribed to this thread just got emailed your rcon password, worsin. I highly recommend you change it.

[worsin 16]

yeah i noticed that after i uploaded it...its already been changed.

[worsin 16]

After running this for a few hours and finally fixing issues people are now complaining that the server is really slow.

Looking at the server resources i now see that my CPU usage is COMPLETELY MAXED OUT.

Anti-Hax is causing it to use EVERYTHING my computer has... were talking 3.0 quad core machine here being TANKED due to a simple program.

Edited October 13, 2012 by worsin