Jey Posted August 25, 2014 Report Share Posted August 25, 2014 We got several hackers on our server today, each time we found that in our logs: "infiSTAR.de Log: SERVER ALERT! (FUNCTIONS BROKEN -[processInitCommands]- RESTART THE SERVER!) | " "infiSTAR.de Log: SERVER ALERT! (FUNCTIONS BROKEN -[forceEnd]- RESTART THE SERVER!) | " "infiSTAR.de Log: SERVER ALERT! (FUNCTIONS BROKEN -[endMission]- RESTART THE SERVER!) | " "infiSTAR.de Log: SERVER ALERT! (FUNCTIONS BROKEN -[failMission]- RESTART THE SERVER!) | " "infiSTAR.de Log: SERVER ALERT! (Remote Execution found - Ending Mission! #3) | " They banned all the admins online and started messing around with players and then server crashed or no one was able to rejoin the server. Any idea how to prevent this kind of hack ? Thanks Link to comment Share on other sites More sharing options...
0 DeanReid Posted August 25, 2014 Report Share Posted August 25, 2014 infiSTAR will probably release a patch soon Link to comment Share on other sites More sharing options...
0 Jey Posted August 25, 2014 Author Report Share Posted August 25, 2014 There's a new hack out since this morning, Rutler v7... it by pass infistar. Nothing we can do at the moment I think... Link to comment Share on other sites More sharing options...
0 Defent Posted August 25, 2014 Report Share Posted August 25, 2014 I think the default buttons to start Ruslter v7 is F3, Tab and Right shift. Try adding them to banned key list. Link to comment Share on other sites More sharing options...
0 Uro Posted August 25, 2014 Report Share Posted August 25, 2014 I think the default buttons to start Ruslter v7 is F3, Tab and Right shift. Try adding them to banned key list. Southpaws are gonna love you if you blacklist the right shift key :D Link to comment Share on other sites More sharing options...
0 MGT Posted August 25, 2014 Report Share Posted August 25, 2014 OK, a couple of things.... Whitelist all the allowed vehicles in your ahconfig. Add some popular vehicles to your deletevehicle.txt in your BE files, for example 5 "SUV_" will kick if someone deletes any SUV. When they use the RE function in Rustler, infiSTAR disconnects the game from the database so no damage is done and you get the restart message on hacklog. Defent 1 Link to comment Share on other sites More sharing options...
0 Jey Posted August 25, 2014 Author Report Share Posted August 25, 2014 Thanks for the tips MGT, I'm going to try that. Link to comment Share on other sites More sharing options...
0 Externized Posted August 25, 2014 Report Share Posted August 25, 2014 You have to add this to the bottom of your scripts.txt in battleye filters; 5 "(createGroup east)" 5 "_fren =" 5 "onMapSingleClick \"_setPos = _pos;" 5 "hint \"Ready\"" 5 "createUnit" !="BIS_MPF_logic = BIS_MPF_dummygroup createUnit [\"Logic\", [1000,10,0], [], 0, \"NONE\"];" !="_newUnit = _group createUnit [_class,position player,[],0,\"NONE\"];" !="_newUnit = _group createUnit [_class,getMarkerPos \"respawn_west\",[],0,\"NONE\"];" !"\"Sheep\" createUnit [[random 9000,random 9000,0], createGroup EAST,\";" Link to comment Share on other sites More sharing options...
0 itsatrap Posted August 25, 2014 Report Share Posted August 25, 2014 OK, a couple of things.... Whitelist all the allowed vehicles in your ahconfig. sounds like you already have the lidt please share :D Link to comment Share on other sites More sharing options...
0 MGT Posted August 25, 2014 Report Share Posted August 25, 2014 I do, using my phone browser atm, when I'm home I'll upload it, or you can check my pastebin - MGT itsatrap 1 Link to comment Share on other sites More sharing options...
0 Uro Posted August 25, 2014 Report Share Posted August 25, 2014 http://pastebin.com/QfUec5BG He means this link :D Phone browsing FTL :P MGT and itsatrap 2 Link to comment Share on other sites More sharing options...
0 StiflersM0M Posted August 26, 2014 Report Share Posted August 26, 2014 Maybe someone will buy this hack and bypass the functions in the battleye filters ? i think about it... but i dont think i will get the menu by itself, so i need to fish the files out of the cache which could be difficult. Link to comment Share on other sites More sharing options...
0 LunatikCH Posted August 26, 2014 Report Share Posted August 26, 2014 I could send you the file, but beware there is a keystealer inside that gets your cd key from the regestry. Pm me if you want to try your luck, i tried but no luck. About the battleye filters, my friend buyed the hack and we tested every thing on our testserver i have enabled full logging for BE with adding 1 "" to the top of every filter but still no luck... hope infistar will bring a fix soon :) Link to comment Share on other sites More sharing options...
0 StiflersM0M Posted August 26, 2014 Report Share Posted August 26, 2014 I could send you the file, but beware there is a keystealer inside that gets your cd key from the regestry. Pm me if you want to try your luck, i tried but no luck. About the battleye filters, my friend buyed the hack and we tested every thing on our testserver i have enabled full logging for BE with adding 1 "" to the top of every filter but still no luck... hope infistar will bring a fix soon :) (I hope i can write on german) Welches file ? die decrypt ? bin gerade dabei die .dll zu decompilen. mit infistar schreibe ich gerade schon, der ist im urlaub. kommt aber morgen wieder. Link to comment Share on other sites More sharing options...
0 LunatikCH Posted August 26, 2014 Report Share Posted August 26, 2014 (I hope i can write on german) Welches file ? die decrypt ? bin gerade dabei die .dll zu decompilen. mit infistar schreibe ich gerade schon, der ist im urlaub. kommt aber morgen wieder. Die .pbo in der die scripts drin sind Link to comment Share on other sites More sharing options...
0 StiflersM0M Posted August 26, 2014 Report Share Posted August 26, 2014 Die .pbo in der die scripts drin sind schön wärs xD da ist bloß die start datei drinne die das menü staret.... meinst doch ui_addons oder ? soweit ich weiß liegen die direkten scripte in einer .dll im cache. Link to comment Share on other sites More sharing options...
0 LunatikCH Posted August 26, 2014 Report Share Posted August 26, 2014 in den .bin dateien in der pbo ist aber auch so einiges drinn ;) Link to comment Share on other sites More sharing options...
0 StiflersM0M Posted August 26, 2014 Report Share Posted August 26, 2014 in den .bin dateien in der pbo ist aber auch so einiges drinn ;) did you find anything related ? think they will insert the scripts into the memory....... Link to comment Share on other sites More sharing options...
0 Triage Posted August 26, 2014 Report Share Posted August 26, 2014 Just saw a video on youtube. This isn't good... I hope infistar is aware. Link to comment Share on other sites More sharing options...
0 StiflersM0M Posted August 27, 2014 Report Share Posted August 27, 2014 Just saw a video on youtube. This isn't good... I hope infistar is aware. Bought it and try to decompile it..... but nothing so far...... only that i know is that a .dll will manage the hack which is placed in temporary files, then if you start arma it load a .pbo where the script executor is in it. and the .dll is written with VS12 Link to comment Share on other sites More sharing options...
0 Jey Posted August 28, 2014 Author Report Share Posted August 28, 2014 Can you tell what is that ? I got almost thousand lines for that guy in my deletevehicle log. Most of the time I found hacker is that log, deleting zombies... but for this one everything is blank. I have no idea what it means. 26.08.2014 16:20:23: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:90 26.08.2014 16:20:23: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:96 26.08.2014 16:20:23: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:88 26.08.2014 16:20:23: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:94 26.08.2014 16:20:23: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:92 26.08.2014 16:20:23: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:84 26.08.2014 16:20:23: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:82 26.08.2014 16:20:23: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:86 26.08.2014 16:20:25: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:90 26.08.2014 16:20:25: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:96 26.08.2014 16:20:25: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:88 26.08.2014 16:20:25: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:94 26.08.2014 16:20:25: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:92 26.08.2014 16:20:25: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:84 26.08.2014 16:20:25: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:82 26.08.2014 16:20:25: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:86 26.08.2014 16:20:27: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:90 26.08.2014 16:20:27: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:96 26.08.2014 16:20:27: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:88 26.08.2014 16:20:27: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:94 26.08.2014 16:20:27: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:92 26.08.2014 16:20:27: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:84 26.08.2014 16:20:27: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:82 26.08.2014 16:20:27: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:86 26.08.2014 16:20:29: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:90 26.08.2014 16:20:29: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:96 26.08.2014 16:20:29: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:88 26.08.2014 16:20:29: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:94 26.08.2014 16:20:29: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:92 26.08.2014 16:20:31: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:90 26.08.2014 16:20:31: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:96 26.08.2014 16:20:31: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:88 26.08.2014 16:20:31: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:94 26.08.2014 16:20:31: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:92 26.08.2014 16:20:33: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:90 26.08.2014 16:20:33: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:96 26.08.2014 16:20:33: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:88 26.08.2014 16:20:33: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:94 26.08.2014 16:20:33: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:92 26.08.2014 16:20:35: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:90 26.08.2014 16:20:35: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:96 26.08.2014 16:20:35: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:88 26.08.2014 16:20:35: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:94 26.08.2014 16:20:35: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:92 26.08.2014 16:20:38: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:90 26.08.2014 16:20:38: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:96 26.08.2014 16:20:38: Pall Mall (188.105.140.20:2352) bc468407c07b3dc1b2b2e9062d12e432 - #0 109:88 Link to comment Share on other sites More sharing options...
0 itsatrap Posted August 31, 2014 Report Share Posted August 31, 2014 Hey I was on holiday since the day they released it (probably why they released it) till the 28th - the hack is not working anymore ;) Contact me using email if you need the update and did not get it yet. I don't know why but my server and I are getting ddossed a-lot Latest update I have is from the 22th Link to comment Share on other sites More sharing options...
Question
Jey
We got several hackers on our server today, each time we found that in our logs:
"infiSTAR.de Log: SERVER ALERT! (FUNCTIONS BROKEN -[processInitCommands]- RESTART THE SERVER!) | "
"infiSTAR.de Log: SERVER ALERT! (FUNCTIONS BROKEN -[forceEnd]- RESTART THE SERVER!) | "
"infiSTAR.de Log: SERVER ALERT! (FUNCTIONS BROKEN -[endMission]- RESTART THE SERVER!) | "
"infiSTAR.de Log: SERVER ALERT! (FUNCTIONS BROKEN -[failMission]- RESTART THE SERVER!) | "
"infiSTAR.de Log: SERVER ALERT! (Remote Execution found - Ending Mission! #3) | "
They banned all the admins online and started messing around with players and then server crashed or no one was able to rejoin the server.
Any idea how to prevent this kind of hack ?
Thanks
Link to comment
Share on other sites
21 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now