DayZ Anti-Hax - a very simple server-side console application for automatically banning hackers in DayZ

[muppet1856 25]

After running this for a few hours and finally fixing issues people are now complaining that the server is really slow.

Looking at the server resources i now see that my CPU usage is COMPLETELY MAXED OUT.

Anti-Hax is causing it to use EVERYTHING my computer has... were talking 3.0 quad core machine here being TANKED due to a simple program.

Wow - you need prozac. Notice the part where it never finishes pass 1. Thats cuz your l337 server is not getting done with pass one in 30 seconds. The whole point is to ban people before they can get back in to cause more havoc. Fortunately for you, 60 seconds is fine. So reset it.

You may also want to look at the size of your logs. If they are really long, then you won't get through them in 30 seconds, 60 seconds, or even an hour, depending on how long its been since you cleaned house. No sense keeping logs older than a week. I rotate mine each server restart. See the following batch:

@echo off
set debug=0
set servername=** You need to put something here ** ** like a directory name **  **like NoHaxor or whatever the subdirectory you put it in**
for /f "tokens=1-8 delims=.:/-, " %%i in ('echo exit^|cmd /q /k"prompt $D $T"') do (
for /f "tokens=2-4 delims=/-,() skip=1" %%a in ('echo.^|date') do (
set dow=%%i
set mm=%%j
set dd=%%k
set yy=%%l
set hh=%%m
set min=%%n
set sec=%%o
set hsec=%%p
)
)
:: ensure that hour is always 2 digits
if %hh%==0 set hh=00
if %hh%==1 set hh=01
if %hh%==2 set hh=02
if %hh%==3 set hh=03
if %hh%==4 set hh=04
if %hh%==5 set hh=05
if %hh%==6 set hh=06
if %hh%==7 set hh=07
if %hh%==8 set hh=08
if %hh%==9 set hh=09
:: assign timeStamp:
:: Add the date and time parameters as necessary - " yy-mm-dd-dow-min-sec-hsec "
set dtStamp=%yy%%mm%%dd%_%hh%-%min%-%sec%
set MYTIME=%hh%-%min%-%sec%
cls
echo (%date%) (%time%) Starting Log Rotation.
IF NOT EXIST %servername%\Logs (
Mkdir %servername%\Logs
)
IF EXIST %servername%\arma2oaserver.RPT (
Echo Copying arma2oaserver_%dtStamp%.RPT
mkdir %servername%\Logs\%dtstamp%
move %servername%\arma2oaserver.RPT %servername%\Logs\%dtstamp%\arma2oaserver_%MYTIME%.RPT
del %servername%\arma2oaserver.RPT
if %debug% == 1 (
pause
)
)
IF EXIST %servername%\arma2oaserver.mdmp (
Echo Copying arma2oaserver_%dtStamp%.mdmp
mkdir %servername%\Logs\%dtstamp%
move %servername%\arma2oaserver.mdmp %servername%\Logs\%dtStamp%\arma2oaserver_%MYTIME%.mdmp
del %servername%\arma2oaserver.mdmp
if %debug% == 1 (
pause
)
)
IF EXIST %servername%\arma2oaserver.bidmp (
Echo Copying arma2oaserver_%dtStamp%.bidmp
mkdir %servername%\Logs\%dtstamp%
move %servername%\arma2oaserver.bidmp %servername%\Logs\%dtStamp%\arma2oaserver_%MYTIME%.bidmp
del %servername%\arma2oaserver.bidmp
if %debug% == 1 (
pause
)
)
IF EXIST %servername%\server_console.log (
Echo Copying server_console_%dtStamp%.log
mkdir %servername%\Logs\%dtstamp%
move %servername%\server_console.log %servername%\Logs\%dtStamp%\server_console_%MYTIME%.log
del %servername%\server_console.log
if %debug% == 1 (
pause
)
)
IF EXIST %servername%\Battleye\scripts.log (
Echo Copying scripts_%MYTIME%.log
mkdir %servername%\Logs\%dtstamp%
move %servername%\Battleye\scripts.log %servername%\Logs\%dtStamp%\scripts_%MYTIME%.log
del %servername%\Battleye\scripts.log
if %debug% == 1 (
pause
)
)
IF EXIST %servername%\Battleye\remoteexec.log (
Echo Copying remoteexec_%MYTIME%.log
mkdir %servername%\Logs\%dtstamp%
move %servername%\Battleye\remoteexec.log %servername%\Logs\%dtStamp%\remoteexec_%MYTIME%.log
del %servername%\Battleye\remoteexec.log
copy NUL %servername%\Battleye\remoteexec.log
if %debug% == 1 (
pause
)
)
IF EXIST %servername%\Battleye\createvehicle.log (
Echo Copying createvehicle_%MYTIME%.log
mkdir %servername%\Logs\%dtstamp%
move %servername%\Battleye\createvehicle.log %servername%\Logs\%dtStamp%\createvehicle_%MYTIME%.log
del %servername%\Battleye\createvehicle.log
copy NUL %servername%\Battleye\createvehicle.log
if %debug% == 1 (
pause
)
)
IF EXIST %servername%\Battleye\publicvariable.log (
Echo Copying publicvariable_%MYTIME%.log
mkdir %servername%\Logs\%dtstamp%
move %servername%\Battleye\publicvariable.log %servername%\Logs\%dtStamp%\publicvariable_%MYTIME%.log
del %servername%\Battleye\publicvariable.log
copy NUL %servername%\Battleye\publicvariable.log
if %debug% == 1 (
pause
)
)
IF EXIST %servername%\Battleye\setpos.log (
Echo Copying setpos_%MYTIME%.log
mkdir %servername%\Logs\%dtstamp%
move %servername%\Battleye\setpos.log %servername%\Logs\%dtStamp%\setpos_%MYTIME%.log
del %servername%\Battleye\setpos.log
copy NUL %servername%\Battleye\setpos.log
if %debug% == 1 (
pause
)
)
IF EXIST %servername%\Battleye\setdamage.log (
Echo Copying setdamage_%MYTIME%.log
mkdir %servername%\Logs\%dtstamp%
move %servername%\Battleye\setdamage.log %servername%\Logs\%dtStamp%\setdamage_%MYTIME%.log
del %servername%\Battleye\setdamage.log
copy NUL %servername%\Battleye\setdamage.log
if %debug% == 1 (
pause
)
) IF EXIST %servername%\Battleye\mpeventhandler.log (
Echo Copying mpeventhandler_%MYTIME%.log
mkdir %servername%\Logs\%dtstamp%
move %servername%\Battleye\mpeventhandler.log %servername%\Logs\%dtStamp%\mpeventhandler_%MYTIME%.log
del %servername%\Battleye\mpeventhandler.log
copy NUL %servername%\Battleye\mpeventhandler.log
if %debug% == 1 (
pause
)
)
echo (%date%) (%time%) Ending Log Rotation.
if %debug% == 1 (
Pause
)
TIMEOUT /T 3
cls

[muppet1856 25]

yeah i noticed that after i uploaded it...its already been changed.

I'll look into the code to see why that would happen. It shouldn't be by design, so if it is, it's broken. Unfortunately, I won't be rolling an update tonight but I plan on rolling one at some point this week. I've been on a real tear at work and couldn't find time to do an update.

[worsin 16]

First off thanks for the prescription recommendation, however i don't need any prozac, not sure why you think i do lol. I prefer a more green solution =)

Secondly your files have it set to 30 seconds by default so i was just running things according to how you set them initially.

Third, thanks for the .bat file and quick responses. Much appreciated.

Edited October 13, 2012 by worsin

[muppet1856 25]

Secondly your files have it set to 30 seconds by default so i was just running things according to how you set them initially.

Yeah, that figure may be a bit aggressive, especially if you don't regularly clean your logs. I would recommend putting it to 60 and leave the rest alone. That will likely take care of it.

Are you using BEC or anything to restart your server on a schedule? You could add those lines to your batch file.

[worsin 16]

Yeah, that figure may be a bit aggressive, especially if you don't regularly clean your logs. I would recommend putting it to 60 and leave the rest alone. That will likely take care of it.

Are you using BEC or anything to restart your server on a schedule? You could add those lines to your batch file.

Yeah i have a series of bat files that trigger not only the server reboot but also inject a new time into the timezone table to make it always daytime. I just finished implementing your bat file into this and its working great so far.

Thanks again!

[Omaran 18]

Some questions if I may :)

I'm quite happy to have the message 'This server protected by Dayz AntiHax' being sent out to all, but is there a way to add to it - or change it to 'MYSERVERNAME protected by DayZ AntiHax'?

Also, I see mentioned about rotating logs, i have not set this up on my server, so is it ok to just delete all logs from time to time and let them recreate theirselves?

@worsin - I'd be interested to hear about how you change the timezone, as I have just changed the TZ on the server, and this is not really ideal..........

[muppet1856 25]

Customize the message? Maybe. I'll look at it. It wouldn't be hard.

[Sleepycc1 2]

Hello Sleepy here Trying to find out how to get unbanned from Asylum? Got banned today at aprox 2pm Admin ban??? Jumped out of a chopper just a touch to high and died....They came and picked my new spawn up and took me back to my body to get my gear... As soon as I got my gear off my dead body boom admin ban???? My best guess is because a new spawn all of a sudden got gear they thought something was wrong but it is just the gear from my dead body????? Can't find an email address to email or a way to join the web site.. Am usually on the team speak in the mornings though sleepy! Thanks and have a Great day!

[muppet1856 25]

Hello Sleepy here Trying to find out how to get unbanned from Asylum? Got banned today at aprox 2pm Admin ban??? Jumped out of a chopper just a touch to high and died....They came and picked my new spawn up and took me back to my body to get my gear... As soon as I got my gear off my dead body boom admin ban???? My best guess is because a new spawn all of a sudden got gear they thought something was wrong but it is just the gear from my dead body????? Can't find an email address to email or a way to join the web site.. Am usually on the team speak in the mornings though sleepy! Thanks and have a Great day!

Not a lot I can do to help you... You need to post in the Server General area. This probably will go unnoticed by the admin there.

[mibz0r 141]

Is this of any use to me on a server provided by Zap-hosting? I installed it as the guide says but I cant seem to run it and haven't yet seen a message to say that the server is protected by it so can only assume it isn't running, I would love a decent anti-hack solution and if this won't work for me can somebody advise me what I can use?

[mibz0r 141]

Is this of any use to me on a server provided by Zap-hosting? I installed it as the guide says but I cant seem to run it and haven't yet seen a message to say that the server is protected by it so can only assume it isn't running, I would love a decent anti-hack solution and if this won't work for me can somebody advise me what I can use?

Can anyone answer this??? PLEASE

[linkinx 9]

#38 "[this] spawn BIS_Effects_AirDestruction"

#49 "[this] spawn BIS_Effects_AirDestruction"

- #38 "[this, 0, 13406.8]spawn BIS_Effects_AirDestructionStage2"

#49 "[this, 0, 13406.8]spawn BIS_Effects_AirDestructionStage2"

"[this, 0, 13406.8,false,true]spawn BIS_Effects_Burn"

#49 "[this, 0, 13406.8,false,true]spawn BIS_Effects_Burn"

Hey guys I am getting people kicked and banned for this, which is just crashing a heli, is it as simple as removing the lines from remotexec.txt?

Thanks

[Magotchi 74]

linkinxp: Yes, but you'll have to remove the lines each time you update the filter from the DCBL, and you'll have to tell DAH to not automatically update the file.

[FairZ 0]

I run this on my server and people are being falsely banned every time the server restarts... for reasons as:

remote code execution

object access flooding

This has been a CONTINUOUS problem and I have to shut down the server to un-ban these people. I hate to leave the server unprotected, but at the same time, players are becoming extremely frustrated.

[muppet1856 25]

I run this on my server and people are being falsely banned every time the server restarts... for reasons as:

remote code execution

object access flooding

This has been a CONTINUOUS problem and I have to shut down the server to un-ban these people. I hate to leave the server unprotected, but at the same time, players are becoming extremely frustrated.

I'm not sure what to do with this. I am running the latest everything and not having any issues. Are you using the latest filters? I have no other reports of this as a problem? Are you running vanilla DayZ or another mod?

[muppet1856 25]

#38 "[this] spawn BIS_Effects_AirDestruction"

#49 "[this] spawn BIS_Effects_AirDestruction"

- #38 "[this, 0, 13406.8]spawn BIS_Effects_AirDestructionStage2"

#49 "[this, 0, 13406.8]spawn BIS_Effects_AirDestructionStage2"

"[this, 0, 13406.8,false,true]spawn BIS_Effects_Burn"

#49 "[this, 0, 13406.8,false,true]spawn BIS_Effects_Burn"

Hey guys I am getting people kicked and banned for this, which is just crashing a heli, is it as simple as removing the lines from remotexec.txt?

Thanks

The latest dayz (1.7.3) should have resolved this.

[muppet1856 25]

Can anyone answer this??? PLEASE

Does zap give you console access to the server? Did you update your config.cfg to include the rcon password? I had to actually login to the ip of the server as opposed to the local address...

[nohrt 18]

any chance of adding scan feature for setpos/addbackpackcargo/addmagazinecargo/setvariable

??

[Verbal (DayZ) 1]

ok, i dropped everything in my battleye folder, but when i launch it, it seems to have an issue finding the logs it needs to read. publicvariable,setdamage,createvehicle,remoteexec,mpeventhandler. Did i miss a step? It seems to be running, just dont think its actually doing anything,

[Omaran 18]

ok, i dropped everything in my battleye folder, but when i launch it, it seems to have an issue finding the logs it needs to read. publicvariable,setdamage,createvehicle,remoteexec,mpeventhandler. Did i miss a step? It seems to be running, just dont think its actually doing anything,

Are those logs actually there? They will be created once an event requires it to log to them, or you can create blank ones to start with.

[Verbal (DayZ) 1]

ok, so i created all those files, and noticed there are ones there already with a .txt extension on them. they came in my DAH download, but i kept the .log ones i made. then i reran DAH and had no errors... do i still need the ones ending in .txt? I also noticed i dont have the auto message when i am playing on the server, the protected by DAH message.

Edited December 6, 2012 by Verbal

[Verbal (DayZ) 1]

I'm gonna guess i had the DAH installed in the wrong file. i had it in the battleye folder in arma2, not the battleye folder in cfgdayz. This one had log files in it already.

such as:

05.12.2012 16:18:13: textbookasp (144.136.160.117:2304) b8bacd4d1d9439ebb1e671815cf9742a - Value Restriction #11 "dayzDeath" = ["78",0,<NULL-object>,"76918918","textbookasp"]

in public variable log

Edited December 7, 2012 by Verbal

[Omaran 18]

I'm gonna guess i had the DAH installed in the wrong file. i had it in the battleye folder in arma2, not the battleye folder in cfgdayz. This one had log files in it already.

such as:

05.12.2012 16:18:13: textbookasp (144.136.160.117:2304) b8bacd4d1d9439ebb1e671815cf9742a - Value Restriction #11 "dayzDeath" = ["78",0,<NULL-object>,"76918918","textbookasp"]

in public variable log

That's the right place for it, and yes you do need to keep the .txt files - these are your 'rule' files, the logs are generated from whatever you have set in the .txt files

[NoyZ (DayZ) 66]

I was on your server tonight (US 1534) on sniper hill and noticed the entire firehouse behind the powerplant was blown up, and a tree on sniper hill was as well. I was there for about an hour and noone was around and suddenly the small building/hut on the side of the powerplant spontaneously blew up with no apparent cause. Any idea what was going on? Must have been around 10-11pm EDT on 8/16

I seen this on my clans private server yesterday. I thought I had an invisible hacker with satchels.

[Verbal (DayZ) 1]

found 10 tents on my server today with various items, most unusual was a rocket launcher. Should this have been detected?