Jump to content

Clark

Recommended Posts

Having good BattlEye filters is essential. Infistar doesn't really do much for antihack, it is more an admin tool now. Most of the stuff in it is useless. Use the Epoch scripts.txt, the devs put a nice selection of variables in it to filter.

Link to comment
Share on other sites

3 minutes ago, Clark said:

we just got hacked again lol like the 6th time the day :( can you link me to get some good filters

In the default Epoch server files, open the BattlEye folder, then find the scripts.txt

Link to comment
Share on other sites

Having decent BE filters is essential, it will filter out like 90% of the script kids but then there are the realy strange ppl, who are able to do stuff like giving everyone speedhack, spawning in weapons which are set to 5 in addweaponcargo.txt, massteleport players, wipe all bases, writing as a fake "(Global Admin)" and all this without leaving a piece of a trace behind them.

So having good battleye filters is nice but ppl are still able to do stuff without getting logged in them, kinda reminds me of this "bug" that should have been "fixed" in the betapatch:

https://dev.withsix.com/issues/75896

 

Link to comment
Share on other sites

@LunatikCH sums it up really, decent battleye filters will help with those that are coming straight from unknowncheats and other forums. Clark asked me to come on his teamspeak after all the bases on his server were getting deleted, and deletevehicle.log and publicvariable.log were getting spammed by the script kiddies. A good idea is to have one of those log scanners made in python, and have them instantly ban anyone that uses any blacklisted code.

Also, if anyone uses infistar, be careful because it's really quite easy to hijack the RE that is used on the admin menu. 

Link to comment
Share on other sites

yea i backup every 15 minutes too and they still cry.  I had 2 rollbacks last night due to the same issue. TP everyone and blow up bases.  Its easier to roll back then to try and fight the very confusing battleye configuration.

personally i think of the hackers as North Korea. never know when they might do something shitty like delete all bases. Its a feature not a bug!

just to compare notes, was it these idiots?

76561198385493429 (Steam ID, 17 hours ago)
882edfd4d0528954da2ecaee37c9f809 (BattlEye GUID, 17 hours ago)

f8f11e760dbb4e2457207b7b6f70ecfd (BattlEye GUID, 16 hours ago)
76561198047135962 (Steam ID, 16 hours ago)

e9c1b4fcf6ba68073a4f0a5aa943cd10 (BattlEye GUID, 12 hours ago)
76561198074925233 (Steam ID, 12 hours ago)

882edfd4d0528954da2ecaee37c9f809 (BattlEye GUID, 17 hours ago)
76561198385493429 (Steam ID, 17 hours ago)

abd60ed9cc54f330817fab9412404fff (BattlEye GUID, 3 days ago)
76561198384250901 (Steam ID, 3 days ago)

Link to comment
Share on other sites

8 minutes ago, Shawn said:

What I do is find public menu's that are around, such as this:

https://pastebin.com/Ta6Jv5N2

And then filter for specific stuff in them. I set it to log instead of kick so i can get chunks of code that these guys use. 

Most of the guys that go around deleting all the bases on servers are using the same menu..

someone will ask so might as well be me... how to block this? 

Link to comment
Share on other sites

In scripts.txt, you can filter for stuff that is usually used in menu's.

I recommend filtering for stuff like playableUnits, allUnits, FunctionsManager, addWeapon, execVM, etc.

There are a lot more, just look through public menu's and find out what most of them use. 

To actually add it, what i do is add this into the scripts.txt for example

1 execVM

And then let the server log all the legit code, so that i make make an exception for them.

Then I use: http://137.74.172.109/BEF.php

Which works by you pasting the log quote mark to quote mark, and it will create the exception which you can then paste onto the end of the line. 

Then when a script kiddie comes along, and tries to execute something that isn't in the exception, it logs like this:

02.05.2017 11:33:37: Negan (45.32.158.187:57668) 4c10e157b302cda8f11254fe13240df0 - #32 "[] execVM "Hashtag2\basewipe.sqf"; if (!isNil 'reRunCheck') then { endMission 'loser'; };"

That was someone that deleted all the bases on my friends server, so go ahead and ban him, if you want of course.

Link to comment
Share on other sites

21 minutes ago, Shawn said:

In scripts.txt, you can filter for stuff that is usually used in menu's.

I recommend filtering for stuff like playableUnits, allUnits, FunctionsManager, addWeapon, execVM, etc.

There are a lot more, just look through public menu's and find out what most of them use. 

To actually add it, what i do is add this into the scripts.txt for example


1 execVM

And then let the server log all the legit code, so that i make make an exception for them.

Then I use: http://137.74.172.109/BEF.php

Which works by you pasting the log quote mark to quote mark, and it will create the exception which you can then paste onto the end of the line. 

Then when a script kiddie comes along, and tries to execute something that isn't in the exception, it logs like this:


02.05.2017 11:33:37: Negan (45.32.158.187:57668) 4c10e157b302cda8f11254fe13240df0 - #32 "[] execVM "Hashtag2\basewipe.sqf"; if (!isNil 'reRunCheck') then { endMission 'loser'; };"

That was someone that deleted all the bases on my friends server, so go ahead and ban him, if you want of course.

God damn it, you are a genius.

Link to comment
Share on other sites

16 minutes ago, DieTanx said:

Does anybody have any filters they would be willing to share.  For battle eye. Or any that I should add to help log check.  

Figured I would go with the basics first:

 

Get Battlemetrics Rcon.... I cannot stress this enough. Create a trigger that kicks all players on vpns and those accounts that are younger than 30 days old.

 

Then:

Throw in the default mpeventhandler.txt, remotecontrol.txt, remoteexec.txt, setdamage.txt, setpos.txt, teamswitch.txt, waypointcondition.txt, and waypointstatement.txt filters from the Epoch server files. These should require very minimal tuning if any at all.

 

Then for the scripts.txt, I would recommend starting off with a clean file (throwing in all the defaults and filtering for them is a lot of work if you don't know what you're doing). I would start with this at the top:

//new2
4 dedicatedServerInterface 
4 openDSInterface !="a _lbindex;\n};\n\nif (_lbselected == \"DSInterface\") then {openDSInterface;};\nif (isMultiplayer) then {player createDiarySubject [\""

This keeps people from opening server controls etc from in game.

 

Then, add the following below that and filter them out:

1 execVM !"\z\addons\dayz_code"
1 playableUnits
1 onMapSingleClick 
1 setDamage
1 modelToWorld
1 displayAddEventHandler
1 reveal
1 allUnits
1 showCommandingMenu

 

Once you have it to where they are no longer throwing logs, turn them from a 1 to a 5 - this will then kick them and log them for you to see.

 

Then, slowly add variables from the default scripts.txt and filter them out.

 

I use the awesome tool BEM to filter my scripts.txt:

http://bem.themeq.xyz/

 

Just paste them in and it does all the work for you!

 

Once again though, half the work is taken care of with Battlemetrics. It is a must have tool.

Link to comment
Share on other sites

10 hours ago, BigEgg said:

Figured I would go with the basics first:

 

Get Battlemetrics Rcon.... I cannot stress this enough. Create a trigger that kicks all players on vpns and those accounts that are younger than 30 days old.

 

Then:

Throw in the default mpeventhandler.txt, remotecontrol.txt, remoteexec.txt, setdamage.txt, setpos.txt, teamswitch.txt, waypointcondition.txt, and waypointstatement.txt filters from the Epoch server files. These should require very minimal tuning if any at all.

 

Then for the scripts.txt, I would recommend starting off with a clean file (throwing in all the defaults and filtering for them is a lot of work if you don't know what you're doing). I would start with this at the top:


//new2
4 dedicatedServerInterface 
4 openDSInterface !="a _lbindex;\n};\n\nif (_lbselected == \"DSInterface\") then {openDSInterface;};\nif (isMultiplayer) then {player createDiarySubject [\""

This keeps people from opening server controls etc from in game.

 

Then, add the following below that and filter them out:


1 execVM !"\z\addons\dayz_code"
1 playableUnits
1 onMapSingleClick 
1 setDamage
1 modelToWorld
1 displayAddEventHandler
1 reveal
1 allUnits
1 showCommandingMenu

 

Once you have it to where they are no longer throwing logs, turn them from a 1 to a 5 - this will then kick them and log them for you to see.

 

Then, slowly add variables from the default scripts.txt and filter them out.

 

I use the awesome tool BEM to filter my scripts.txt:

http://bem.themeq.xyz/

 

Just paste them in and it does all the work for you!

 

Once again though, half the work is taken care of with Battlemetrics. It is a must have tool.

You sir, are a legend. Whomever made this program, is a legend.   Yall are amazing! this is exactly what i needed!!!!!

 

I plan on regutting all my filters from stock and redoing them on my test server.

THANK YOU!!!!!!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Discord

×
×
  • Create New...