Hacking Global Ban Story (1st person)

[coindon 3]

I was globally banned, (like, an hour ago) and I pretty much deserved it.

Learn from My fail, and learn from what I learned about admin'ing a DayZ box:

Preamble: I take full responsibilty. I did what I did to have a better understanding of what actual cheating looks like in log files, but I stepped over the line a tad, and I'm cool with paying for it.

Those log files. (ehrmagherd those log files!)

from the createvehicle.log:

this log notes when something comes into existence by virtue of the player interacting with, or using it (backpack, tesnts, tank trap, etc...)

you're looking for large numbers of items/things coming into existence in very rapid succession (near- silmultaneously, those 30 40mmHE grenades, yeah- that's not normal.)

If I ever saw the word "parachute" in the log, I just kick/banned them on the spot.

If you see about a 3- 10 second interval, it's probably a little lag bringing the player and their gear into a new location to synch with the client (ah, ICMP. I luvz ya)

from remoteexec.log

This is a record of remote execution calls from the client to the server. This is where you will catch people in teh wierdest ways. Battleye is doing a good job of policing them, but the service is looking for specific behaviors or keywords that are outside the norm. A little interpretation will go a long way here. (when you see a script title: ["stop hammer time!","plain"] <--[actual cheat on my server] it's pretty obvious what's going on.)

most of the time a "hacker" will get their gear on another server and bring it to yours. you'll see the 9 tents the guy put up in 2 minutes. that guy? yeah- break out that ban hammer. Overall, just use some deductive reasoning in the log files: more than 24 items in less than a second? ban. spawns in and 2 seconds later has a DZ_Backpack_EP1?ban. you get the idea. I recommend looking around on ye olde' intertubez for sites like this one:

http://picacid.com/arma2/loot_en.html

it's really useful to see what someone spontaneously 'has'. noone seems to want a lowly makarov; but I'm pretty sure the guy with the ghille suit, the AS50, and the silenced M9 is up to somethin'.

Ultimately, when I started poking around to see what the actual artifacts of cheating are (in this case, by creating them), I found that it's actually easy to spot them if you just peruse your log files and use some common sense and google. Also: the Battleye service is actually doing pretty well. I only had a few instances that weren't caught before I found them (posted in these forums).

I started getting all tense when I'd play- 'cause I really wanted to ensure that my server was an environment where people like me could just play and be happy about that can of beans and a revolver. After a while I noticed that you're not going to catch the hacker until *after* they've executed. More often than not- they're easy to spot. (also- you're looking through *log* files, they are,by their nature, retrospective)

I nearly just decided to bite the bullet for going too far and just buy ARMAII:CO again, but then I decided against it, as work's gotten kinda crazy lately (dude, being an infosec guy will seriously drive you to fits towards the end of the calendar year).

US 2709 will be up until mid- september. I invite you all to jump on. the box reboots every 6 hours (0000, 0600, 1200, and 1800CST), so it's pretty stable, hacking on that server is all but non- existent, and every 6 hours that bicycle by the lighthouse E of Cherno will be there. I'll still be sifting though the log files and banning the guy with a gazillion lewtz, even if I won't be playing until the standalone comes out (ye *GODS* I am looking forward to that!)

So relax, enjoy the game. starting over is half the fun. I promise you will find that AK74S KOBRA, the coyote backpack, or that MP5SD6 again. (but not the NVG's. seriously- you're never going to have NVGs again.) ;)

[coindon 3]

Oddly enough, it was kinda reassuring to know that BE was able to pick out the activity and ban me for it. granted, I won't be enjoying the benefits of that security blanket- but I'm a bit more compelled to try out Lingor Island now ;)