HOWTO: Use publicvariableval.txt to auto-kick players with hacked weapons

[Magotchi 74]

My current settings:

MaxCreateVehiclePerInterval 20 1

MaxSetPosPerInterval 1 180

MaxSetDamagePerInterval 3 1

MaxAddBackpackCargoPerInterval 2 1

MaxAddMagazineCargoPerInterval 70 2

MaxAddWeaponCargoPerInterval 10 1

I can't tell you if they're good or bad, but I don't have many false-positives with them as far as I know, and they don't seem to affect server performance.

[dagg929 20]

For the l85, when people hit esc it is kicking them, but otherwise I had some players test and they were running with them for around 90 minutes, no boot. Could this be because I am logging everything via publicvariable and just the sheer amount of lines?

[Magotchi 74]

I'm looking into it. What's strange is that I can't find a single dayzPlayerSave line that also has the text "l85" in it in my publicvariable.log files either, although I see plenty showing other items in inventories. I also log everything (1 "" at the end of both publicvariableval.txt and publicvariable.txt).

[hohlraum 9]

MaxCreateVehiclePerInterval is actually pretty useless. When a player spawns in inside a town many of the player spawned items will count against this total. Including all the items that aren't logged to the file due to the exceptions in the dcbl createvehicle.txt filter. If you want to get an idea just back up your createvehicle.txt and replace it with 1 "" sometime and then go log in in the middle of cherno after a restart.

[dagg929 20]

It's not kicking for any of these anymore, even if I hit esc which triggers a save. Gotcha has no problem announcing they have hacked in gear, though. Been testing it by spawning myself in with g36's

[Magotchi 74]

Gotcha only works by telling the filters to log to the server console (and therefore to RCon) rather than just to individual files for each filter. If Gotcha is working, it just means that the game is properly logging the information to the console, but not to the filter log files.

Edit:

I just added 1 "\"ItemPainkiller\"" right after the log to kick for the L85, and immediately ItemPainkiller starting showing up in the logs for dayzPlayerSave with its appropriate detection number (121 in my case), so the logging is working to a degree. Odd that it's not working for other items.

Edit:

Anyway, I'm doing a lot of experimenting with publicvariableval.txt and talking about it in IRC. Even without my supplemental filter, but just with 1 "" at the end, I'm having difficulty getting it to log all the player inventories. Even with a nearly full server, it logs very infrequently. My hunch is that something changed in the way BattlEye logs things, because it indeed used to work. I used to spectate people and watch them get kicked for it, without fail.

Edit:

With 3 "" in publicvariableval.txt, RCon shows way more stuff than either server_console.log or publicvariable.log. Something is indeed wrong with the logging system, I believe.

Edit:

I'm probably wrong.

Edited December 1, 2012 by Mister_Magotchi

[Magotchi 74]

Anyway, my conclusion is that there's nothing wrong with my filter, and that something's wrong with the game or BattlEye with regard to logging instead, as per my testing above.

Edit:

Again, I'm probably wrong.

Edited December 1, 2012 by Mister_Magotchi

[Magotchi 74]

Edit:

While I was testing things, I got dayzPlayerSave entries for bad items to log in that log file, but now that I'm up and running with the script, I haven't seen any yet (only dayzCharDisco). I'll keep testing, but logging is certainly being funky.

Edit:

I *thought* I had gotten dayzPlayerSave entries for weapons to log to Bec's log file earlier, but I can't reproduce it, so I'm probably just out of my mind. Anyway, dagg929, if you're sure Gotcha is able to detect hacked weapons, at this point I'd really like to know what magic they're using that I can't figure out. I've even stuck 2 "" in all the filter files they say in their install instructions to try to reproduce the kind of data Gotcha normally gets sent to it, and I still can't see information about the weapons (specifically) in player inventories. As Gotcha, AFAIK, only uses the data that BattlEye sends it via logging things to the server console, I don't know how Gotcha could know about it any faster than Bec's log would show it, assuming the same settings.

This post had contained a script I wrote and instructions for it, but it didn't work.

Edited December 3, 2012 by Mister_Magotchi

[dagg929 20]

No luck with gotcha, either. It's not logging and the only time it detects is if they hit esc (triggers save I think.)

It could be that the last dayz update changed what shows via the rpt, which I do think it did.

[Magotchi 74]

Well that makes me feel better. I was sort of going off you saying Gotcha worked in my thought-process that whole time I think. Anyway, hopefully we can figure out a better way to do it. One way is to parse the hive extension log for the hacked weapons and kick or temp-ban based on the player name. I'll look into that, since it's possible.

Edit:

Nevermind. The default hive code doesn't log the name there. It's possible to edit it, but I may just say meh for a while.

Edited December 2, 2012 by Mister_Magotchi

[Magotchi 74]

I've written a new script. This time it parses the RPT log for both dayzPlayerSave (requires hive code tweak) and logins, and if anyone has invalid items (or an invalid skin) at those times, it temp-bans them and tells them the offending items they had.

This script also makes the publicvariableval.txt method obsolete, unless you care to additionally kick players when they do dayzCharDisco (happens on hitting escape and at some other times).

Requirements:

• The ability to edit your server's hive files
  
• PHP - You do not need a web server.
  
• some way of running commands on a schedule
  

Instructions:

1. In your hive files, inside "dayz_server.pbo", inside "compile\server_playerSync.sqf",
   replace:

   //diag_log ("HIVE: WRITE: "+ str(_key) + " / " + _characterID);

   
   with:

   diag_log ("HIVE: WRITE: "+ str(_key) + " / " + (name _character));

   
   This will simply make the server log what it writes to the hive when it does server_playerSync (happens at dayzPlayerSave), and include the player's name at the end.
   To extract/create .pbo files, use cpbo, found here.
   

2. Restart your server.
   
3. Extract my script (two files) to anywhere you want.
   
4. Edit the top portion of the script (invalid-items-ban.php) to match your server details. $state_file_path can be any valid path; the file size of the RPT log will be stored there between runs.
   
5. Run the script often (preferably about every 30 seconds) via Task Scheduler, Bec, or whatever method you want. The command should be like: php -f invalid-items-ban.php
   If you don't have PHP's path in your PATH environment variable on your system, you'll need to specify its full path, and if you aren't starting in the directory where the script resides, you'll need to specify its full path.
   I personally run mine from the batch file which monitors my server, so that it doesn't pop up a new window every time.
   

Notes:

• On the first run, the script never bans anyone. It only records the current file size of the RPT log in its state file and closes.
  
• Only players still in the server will be temp-banned when the script runs.
  
• I think either loadBans or writeBans need to be run to clean up expired bans from bans.txt. I'm not sure, but when another script I have runs loadBans, that seems to be the time it happens on mine.
  
• The rcon.inc.php code was modified from the DayZAdmin for Sanctuary project.
  

Last updated (2013-03-04):

Added:

A bunch of empty soda cans and MuzzleFar.

Edited March 4, 2013 by Mister_Magotchi

[Verbal (DayZ) 1]

ok, so i just read every page of this, and i am as confused at the end as i was at post 1. So simple question time.

1. does this work with my current install of DAH?

2. What exactly do i need to do? I already have some of those files with things in them, do i copy over? ammend?

3. Where do i get the latest versions of the files.

This looks to be exactly like what i am looking for, i just hope i am bright enough to make it work.

[Magotchi 74]

1. Yes. If you're talking about either the publicvariableval.txt method (doesn't work anymore), or my new method, a couple posts ago, neither should interfere with operation of DAH.
   
2. You already have some of what files? Again, the method originally described in this thread no longer works. Originally most people, I assume, were using the DayZ Community Banlist version of publicvariableval.txt and then appending the filters for invalid items to the end. I must repeat, though, that using invalid item filters in publicvariableval.txt is no longer effective.
   
3. There are no files in this thread which are still effective at preventing players from using invalid items in a server, except for my script, above, that I know of. My recommendations for filters on your server (not for handling invalid items) are currently as follows:
   
   • Use all the filters from http://code.google.c...se/#git/filters . DayZ Anti-Hax has the ability to do this, but some new filters have come out recently which are available there, and I'm not sure DayZ Anti-Hax updates them all.
     
   • As that scripts.txt hasn't been updated since the latest version of DayZ, in order to prevent it from kicking for certain normal in-game events, you'll need to tweak it a bit.
     
   • Tack 1 "" onto the end of publicvariable.txt, publicvariableval.txt, setvariable.txt, and setvariableval.txt . This will result in massive logs for those files, with a ton of duplicate lines, but as hackers are constantly evolving their methods to avoid Dwarden's latest filters, that will at least ensure you're logging everything. And yes, you do need 1 "" in both the val and non-val versions, despite it appearing to cause duplicates. Most are duplicates, but some things only appear with one but not the other.
     
   • Just to reiterate, none of the DayZ Community Banlist filters have anything to do with preventing the use of invalid inventory items in your server, and there is currently no known way (at least to me) to effectively do so via the use of BattlEye filters, as there had been for a long time prior to the last couple DayZ updates, due to changes in the way the dayzPlayerSave variable is used on the client side (as I believe).

Edited December 7, 2012 by Mister_Magotchi

[Verbal (DayZ) 1]

Thank you for getting back to me so quickly. So the very last post from you is the only working option at the moment? That looks a little more involved than i had planned on getting (not a big fan of editing .pbo files). But i guess thats what i need to do. I'll start chopping away, and see what happens. Thanks for taking the time to keep working on all this.

[CamP 81]

Are the weapons updated to the current changes in DayZ? A lot of weapons are being unbanned while some like the L85 thermal are being taken out.

[Magotchi 74]

The whitelist used in my script a few posts before this reflects the current items available in DayZ 1.7.4.4.

[polli 57]

Your method with the php-script gives me an error: The Server is running an incorrect version.....

I´ve extracted the pbo-file and edited the playerSync.sqf with notepad++ with the replace you posted above.

Is there a file check serverside or from battleye that watches for edited server files? I use hive 0.9.6.6

Edited December 8, 2012 by Polli

[Magotchi 74]

There are no checks for authenticity done on you dayz_server.pbo. It works on mine. There is nothing special about that edit; all you're doing is uncommenting a line which outputs things that were originally in there for debugging that code, so it shouldn't have any effect on the operation of your server. Did you extract the PBO with cbpo, then edit the file, then rebuild the PBO with cpbo?

[polli 57]

There are no checks for authenticity done on you dayz_server.pbo. It works on mine. There is nothing special about that edit; all you're doing is uncommenting a line which outputs things that were originally in there for debugging that code, so it shouldn't have any effect on the operation of your server. Did you extract the PBO with cbpo, then edit the file, then rebuild the PBO with cpbo?

I´ve done as you described. The file-size changed from 60kb to 55 kb. Is there something wrong with my createPBO?

There are 20 files inside the dayz_server.pbo. Is that correct?

Could you please send me your modified dayz_server.pbo file? So I´m able to see if the problem is on my side.

Thanks in advance

Edited December 8, 2012 by Polli

[Magotchi 74]

To test, just now I downloaded "@Server-1.7.4.4-Full_hotfix.rar" from the official location. I extracted it. dayz_server.pbo was 61,870 bytes. I extracted it using cpbo ("cpbo -e dayz_server.pbo"). I made the exact edit described above. I deleted the original dayz_server.pbo. I created a new dayz_server.pbo from the dayz_server directory using cpbo ("cpbo -p dayz_server"). The new dayz_server.pbo is 61,873 bytes (only 3 bytes different).

To answer your other question, when I extract the official dayz_server.pbo using cpbo, it has 21 files (not including directories, but including "$PBOPREFIX$".

Are you using cpbo from the ArmA Tools package at http://www.kegetys.fi/arma/ ?

Edited December 8, 2012 by Mister_Magotchi

[polli 57]

Ok. I´ve just 20 files in the directory including the $PBOPREFIX$ and i use the same file as you. I´ve tried it again with downloading again and recompile.

And i use the ArmA Tools from your link with the same result. I think there is something wrong with my system.

Edit: I´ve got it now. I used the commandline and another location for the file for extract and now i have 21 files. With the explorer context menu it has not worked. Thanks for your help and hints :)

Edited December 8, 2012 by Polli

[polli 57]

Sorry for double post.

The script is working fine now. It detects illegal items and ban the player.

But loadBans do not delete/cleans the tempban. Do i have to use another command?

I have DAH and Gotcha installed. I also use a batch for updating the CBL files and merge it for Gotcha with 2 "".

The script runs every minute with a command from BEC.

Edit: The entrys in the bans.txt file only stay in when the ban is still active during a server restart. All other bans are normaly cleared.

Example:

Server restarts at 12:00 a ban at 11:56 for 5 minutes stays in the bans.txt file

Server restarts at 12:00 a ban at 11:54 for 5 minutes will get cleared.

Edited December 8, 2012 by Polli

[Magotchi 74]

Well you might try "writeBans". It's the command that's documented to do that: http://community.bistudio.com/wiki/BattlEye#GUID_banning

Also, even if it doesn't work, temp bans don't hurt anything by sitting in bans.txt. The number on them is the Unix timestamp at which they expired.

Edited December 8, 2012 by Mister_Magotchi

[polli 57]

Ok. Thanks for the info and your help :) writebans was the solution.

Edited December 9, 2012 by Polli

[hohlraum 9]

fyi, you can just use DAH to ban people who use hacked weapons. comment out all the lines that start with 1 in both your publicvariable.txt and publicvariableval.txt (leaving only the 5's). then edit variables.lst and add:

"teleported"

"dayzCharDisco"

"remExField"

"dayzPlayerSave"

This will ban any people that get kicked for issues in those files.