Hacker crashing server on connection NEED HELP - REWARD FOR

[Luc_Mathlin]

Hello We are running a very popular island life server (Evolution Gaming) and this guy must either be from one of the other community that run island life or maybe we banned him in the past and he is taking a grudge against us.

Here is what happens:

We are all running well everyone is having fun and all of a sudden we see in chat "PLAYERNAME Connected", then immediately after he connects before battleye has a chance to load everyone on the server gets no message received. If we restsrt the server we can start playing again but this dude just keeps coming back time after time again.

This is destroying our server, for the moment we are just keeping it down until either we find a solution or he gives up.

I hope you can help me as this is such a pain. If you don't know how to help wit this is there anywhere you would recommend going to.


IF SOMEONE CAN HELP ME TO STOP THIS COMPLETELY I WILL GIVE YOU $50 !

[Jamy]

Just to get this straight.... have you tried banning the UID of that person? (Stupid question, but just getting an understanding =P)

Also, got a log file of when this event occurs?

[Caliban55]

What kind of Arma server is this? Arma 2, 3, CO?

BattlEye is loaded directly with server start, so you can either use a ban of IP, or SteamID/GUID in the BattlEye bans.txt.

You can use BEC to exclude player names and define a minium/maximum number of characters for player names.

http://ibattle.org/

Also, how is the crash applied, look in your .RPT file (server) what is happening.

[Luc_Mathlin]

Forgot to include server type: Arma 2 oa

He is banned but he crashes the server before battle eye has a chance to kick him for being banned, I will look in my rpt file

Luc

[Luc_Mathlin]

Think I have just found the crash in the RPT file, but im not sure this could just be something coincidental.

http://pastebin.com/uYxKifZA

Luc

[Caliban55]

Arma 2 OA is unfortunatley not that secure; you can create new GUID without too much effort.

The .RPT info is most likely shows just a random related crash.

There are not many options, you can try to ban the IP/IP range (not nice though) through the Firewall, you can use a player whitelist system.

BTW, BattlEye is loaded before the server accepts clients in the lobby, so it can't be a player whose GUID is banned, though there are external exploits if I remember correctly, that do not require an actual client connection (well, sort of... some type of connection has to be stablished) - I would suspect something like this here.

I would say that your best option here is a Firewall rule.

[Luc_Mathlin]

I have been peerblocking the hackers, but he must be using a vpn so it keeps changing

[Caliban55]

Another option would be to use Wireshark (or a similar tool) to try and isolate the packets/strings responsible for the crash and then block those through a firewall filter. The packets/string should be quite different to those commonly send to a Arma 2 server.

I don't know if this is practical (and it will most likely not be easy and work intensive), but I don't think that there are many more options left - Arma 2/BattlEye come to a limit what can be done here.

Edge100x would be a much better source/help for this, his knowledge about network filtering is a lot better than mine . He should be able to tell you if this is a option and how much work would be involved.