pyBEscanner

Discussion in 'Anti Hack Tools and Discussions' started by Torndeco, Nov 4, 2012.

  1. Torndeco

    Torndeco Valued Member!

    Joined:
    Oct 30, 2012
    Messages:
    286
    Likes Received:
    32
    https://github.com/T...eco/pyBEscanner


    README

    pyBEscanner

    A simple python application with goal of scanning arma2 + battlelog files.
    This this not protect against people using a battleye bypass


    Features:

    * Multiple Servers ( No multi-threading support, it scans 1 server at a time )​
    * Scans battlelogs​
    * Whitelist + Blanlist + Kicklist filters with regrex features​
    * Auto-purges logs as it scans, reduces need to re-scan​
    * Makes backup logs files & splits them up into folders based on date​
    * Makes actions logs i.e​
    scripts-bans.txt /​
    scripts-kicks.txt /​
    scripts-unknown.txt.​
    * Ability to pick per file different scan settings​
    Standard - Ban only for blanlisted code...​
    Standard+Kick - Ban only for blacklisted code​
    + kick for unknown code entries...​
    Strict - Ban for everything not in​
    whitelist filter​
    * Ability to detect multiple attempts i.e user spamming an logfile​
    i.e​
    If u could ban a player than appears in setpos.log​
    10 times in 5 seconds if u wanted to...​
    Or​
    U can also add in different triggers i.e different triggers for​
    pipebombs / grenades etc...​

    Directory Layout
    <pyBEscanner install directory>pyBEscanner.py​
    [Main Python Script.... This is what u run]​

    <pyBEscanner install directory>/conf/servers.ini​
    [Settings File, reloaded everytime before a log scan]​

    <pyBEscanner install directory>/filters>​
    [Filter file directorys, were filters are located.​
    If u arent using Custom Filter Setting]​

    <pyBEscanner install directory>/rcon/​
    [Source code available for exe's in src directorys, read the readme.txts]​

    <server battleye directory>/pyBEscanner/filters​
    [Location of whitelist / kicklist / blacklist / spamlist filters]​

    <server battleye directory>/Logs/Battle Logs - %Year-%Month-%Day​
    [Location of archived battleye logs,​
    also contains any bans/kicks/unknown logs]​


    Installation
    Copy conf/servers-example.ini -> conf/servers.ini​
    Edit conf/servers.ini​
    Start pyBEscanner.py​


    Requirements
    Python 2.7​
    Mono + Wine (Only for Linux / Unix / BSD etc)​



    Known Issues
    * No python rcon networking code​
    * There is no to very little exception handling code...​
    So if u make a typo in filter files will cause app to crash​

    Notes:-
    * U can alter the settings & pyBEscanner filters & settings, while the​
    program is running. Just avoid making any typo mistakes​
     
    helldesign and Doc like this.
  2. shinkicker

    shinkicker Administrator Staff Member

    Joined:
    Oct 18, 2012
    Messages:
    741
    Likes Received:
    198
    Sounds cool, moved your thread into a new home. If it picks up traction we will set up a sub forum for it (keep me updated).
     
  3. MaRs

    MaRs Well-Known Member

    Joined:
    Oct 22, 2012
    Messages:
    121
    Likes Received:
    2
    Yet another log scanner..... What about hackers with script bypassers ?
    They can still hax to the max. Log scanning is just not enough.
     
  4. shinkicker

    shinkicker Administrator Staff Member

    Joined:
    Oct 18, 2012
    Messages:
    741
    Likes Received:
    198
    If someone has an undetected bypasser there is nothing no one can do. However they get detected soon enough which is when all the plebs are still trying to run it and so we get to pick them up and Ban them.
     
  5. MaRs

    MaRs Well-Known Member

    Joined:
    Oct 22, 2012
    Messages:
    121
    Likes Received:
    2
    Indeed. Not untill the standalone. arma coding is a mess. anti-cheat needs to memory scan or whatever. Not a simple log scanner. Thats just not enough.
     
  6. Torndeco

    Torndeco Valued Member!

    Joined:
    Oct 30, 2012
    Messages:
    286
    Likes Received:
    32
    Yes this app only scans battleye logs

    Its main purpose is to archive the logs based on day.
    Scan at regular intervals i.e 10 seconds
    Ban / Kick players based on filter settings...

    But yes it will basicly never catch a player using a battleye bypass, never said it would.
    If u wanted u could try & write some server code, and then output some code to the rpt logs & get app to banned based off that. But thats prob gonna cost u cpu wise, with v.limited payoff.

    I just wrote the above to help reduce my admin workload, and to hopefully replace dayz anti-hax (as it is currently barely working for me).

    warning:- This app is not quiet ready yet to replace dayz anti-hax.
     
  7. shinkicker

    shinkicker Administrator Staff Member

    Joined:
    Oct 18, 2012
    Messages:
    741
    Likes Received:
    198
    Its good work Torndeco, please do keep us up to date and let us know the areas where you could use some help.
     
  8. Quarterbreed

    Quarterbreed Well-Known Member

    Joined:
    Oct 22, 2012
    Messages:
    564
    Likes Received:
    4
    i dont know why i can creat a thread.. its saying the code i put it to post is wrong.. even tho i did it 20 times and was correct...

    anyways heres my problem with Anti Hacks can anyone help me

    i dont know why it doesnt, unless their named something else in DB.. i looked at all sapwns and there isnt 1 motorcycle on it, and i have 55 vehicles on it..

    and another note i installed anti hack on my server got it running but shows this code.. how do i fix it

    WARNING: Failed to read from remoteexec.log!
    The file may not exist as BE hasn't created it yet, you can ignore this message if
    you make sure the executable is located in your server's '/BattlEye' directory!
    WARNING: Failed to read from mpeventhandler.log!
    The file may not exist as BE hasn't created it yet, you can ignore this message if
    you make sure the executable is located in your server's '/BattlEye' directory!
     
  9. Torndeco

    Torndeco Valued Member!

    Joined:
    Oct 30, 2012
    Messages:
    286
    Likes Received:
    32
    @ Quarterbreed
    Kinda depends which server package u are running... default spawns that come with it, might not have all the vehicles on it.....


    The warnings dayz ant-hax is just telling u the log file isnt there. Battleye wont create the log file till there is something to log in it...
    Once u are running dayz-anti-hax in your battleye folder u should be ok... Try making an empty remoreexec.log & u should see the warning go away...


    @ Everyone
    Update news for anyone interested

    Added kicklist filter & renamed existing filters, to make it easier & more flexiable
    Its is now
    *.banlist / *.kicklist / *.whitelist

    Added parsing addmagazinecargo.log

    Goal for weekend is to fix outstanding issues + added code for detecting of multiple entries in a short period.
     
  10. Quarterbreed

    Quarterbreed Well-Known Member

    Joined:
    Oct 22, 2012
    Messages:
    564
    Likes Received:
    4
    ok so i made a remoreexec.log and a mpeventhandler.log when their empty and i run anti hax does this mean its working

    Initialization complete. Waiting to execute first pass...
    11/7/2012 4:54:01 PM - Starting pass #1...
    11/7/2012 4:54:01 PM - Finding GUIDs to ban...
    11/7/2012 4:54:01 PM - 0 GUIDs banned. Cleaning up...
    11/7/2012 4:54:02 PM - Pass #1 complete.
    11/7/2012 4:54:32 PM - Starting pass #2...
    11/7/2012 4:54:32 PM - Finding GUIDs to ban...
    11/7/2012 4:54:32 PM - 0 GUIDs banned. Cleaning up...
    11/7/2012 4:54:32 PM - Pass #2 complete.
    11/7/2012 4:55:02 PM - Starting pass #3...
    11/7/2012 4:55:02 PM - Finding GUIDs to ban...
    11/7/2012 4:55:03 PM - 0 GUIDs banned. Cleaning up...
    11/7/2012 4:55:03 PM - Pass #3 complete.
    11/7/2012 4:55:33 PM - Starting pass #4...
    11/7/2012 4:55:33 PM - Finding GUIDs to ban...
    11/7/2012 4:55:34 PM - 0 GUIDs banned. Cleaning up...
    11/7/2012 4:55:34 PM - Pass #4 complete.
     
  11. Quarterbreed

    Quarterbreed Well-Known Member

    Joined:
    Oct 22, 2012
    Messages:
    564
    Likes Received:
    4
    or do i have to add the txt from the remoreexec.txt and mpeventhandler.txt
     
  12. Torndeco

    Torndeco Valued Member!

    Joined:
    Oct 30, 2012
    Messages:
    286
    Likes Received:
    32
    @Quarterbreed
    No don't do that...

    Long version =
    Battleye doesnt create any log files till there is something to put in it...
    Dayz Anti-hax was just telling u it couldnt find 2 log files... because battleye didnt create them yet
    Was nothing to worry about

    Simple version = its working...
     
  13. Quarterbreed

    Quarterbreed Well-Known Member

    Joined:
    Oct 22, 2012
    Messages:
    564
    Likes Received:
    4
    ok thx jsut wanted to be sure.. so once someone gets banned it will add it to its thing i c.. thx for the help.. and as for custom vehicles im gonna have to look that up now.. i added a suv to spawn and class but not surre what to put for the id
     
  14. Quarterbreed

    Quarterbreed Well-Known Member

    Joined:
    Oct 22, 2012
    Messages:
    564
    Likes Received:
    4
    does anyone know what this error is for my server log BattlEye Server: Failed to open event log file thx for the help
     
  15. Torndeco

    Torndeco Valued Member!

    Joined:
    Oct 30, 2012
    Messages:
    286
    Likes Received:
    32
    @Quarterbreed
    Ignore the warning, its the very same thing again...


    @ Everyone else..
    Tagged release 1.0, really should have called it 0.1 but oh well new to git...
    Nothing has changed, just what i call stable minus the issues in README

    The latest commits are aimed @ solving race conditions when battleye writes multiple lines when pyBEscanner is scanning at the same time.

    Will see about get some standard examples of filters together tomorrow for app...
     
  16. shinkicker

    shinkicker Administrator Staff Member

    Joined:
    Oct 18, 2012
    Messages:
    741
    Likes Received:
    198
    sticking this thread.
     
  17. Torndeco

    Torndeco Valued Member!

    Joined:
    Oct 30, 2012
    Messages:
    286
    Likes Received:
    32
    Ok so a status update for anyone curious...

    Been doing some polishing work, in regards to the setup file servers.ini
    To make it easier to setup and getting a default set of filters together
    Also been ironing out some parsing bugs...

    Also added ability for server admins to customize the ban messages for example
    Code:
    Ban Message = DATE_TIME: PLAYER_NAME on SERVER_NAME

    Assuming no last minute typos / bugs will tag this latest commits in afew hours

    ---------
    ---------

    Hoping to get starting on added feature to detect when players spawn log files i.e createvehicles.log, sometime tomorrow...
     
  18. zedar

    zedar Moderator Staff Member

    Joined:
    Nov 2, 2012
    Messages:
    193
    Likes Received:
    6
    Create the missing log like. remoteeec.log and check if isn't checked the "read onlye" attrib.
     
  19. Torndeco

    Torndeco Valued Member!

    Joined:
    Oct 30, 2012
    Messages:
    286
    Likes Received:
    32
    Already told Quaterbreed its safe to ignore those warnings, since there is nothing logged there is no log file...
    Aud u shouldn't tick read-only, as battleye will need to write to the file to update the log file...

    Also would be nice if people made up another thread for questions on dayz anti-hax...
     
  20. Torndeco

    Torndeco Valued Member!

    Joined:
    Oct 30, 2012
    Messages:
    286
    Likes Received:
    32
    Another small weekly update...

    Spam detection is basicly almost done, will finish it after i get some sleep :)

    Basicly the new spam filters format =
    <Number of detections> <elapsed time in seconds> <action> <regrex rule>

    Other changes over the week were mainly small fixes & some small improvements to performance i.e using cPickle over pickle.

    Also thx to k4n30 for making for updating the filters so they are actually usefull outof the box now :cool:
     

Share This Page