pyBEscanner

Damn server updates, taking my little free time...
Spam Detection is now working... :)

The following is an example of the setpos-spam.txt

Code: 
Player Name = Weezy
    Action = BAN
        1353934456.0: Weezy IP_REMOVED GUID_REMOVED - #0 81:307 Bandit1_DZ [5471,1272,96]
        1353934456.0: Weezy IP_REMOVED GUID_REMOVED - #0 17:2541 Survivor2_DZ [5471,1272,96]
        1353934456.0: Weezy IP_REMOVED GUID_REMOVED - #0 58:239 Survivor2_DZ [5471,1272,96]
        1353934456.0: Weezy IP_REMOVED GUID_REMOVED - #0 85:13 Bandit1_DZ [5471,1272,96]
        1353934456.0: Weezy IP_REMOVED GUID_REMOVED - #0 69:265 Bandit1_DZ [5471,1272,96]
 
Player Name = (Next Player)
    Action = BAN
xxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxx

Some notes:-
The user is automatic banned based on filters, the files are just for admins beening able to review why someone got banned.



U can also different triggers
i.e for createvehicle u could have
1 rule for everything,
2 differnt rules for pipebombs i.e 1 for 10 second period & different one for a 1 minute period if u wanted

And yes i still have to convert the epoch seconds back to normal battleye timestamp format :)
 
Hi all,
i have a spectating tool with gCam on my server and when i trying to connect with pyBEscanner i banned every time.

my config -
Scan Scripts = strict

my scripts.whitelist
Code: 
#34 "dayz_logDamage = [name _unit, name _source, _damage];
#34 "dayz_logDamage = [name _unit, name _source, _damage];publicVariableServer "dayz_logDamage";};if (_unit == pl"
#35 "else {publicVariable "dayzUpdateVehicle";};_unit removeAllEventHandlers "HandleDamage";_unit removeAllEventHandlers "Killed"
#67 "openDSInterface;"
#127 " [player,_config] call BIS_fnc_invAdd;
#127 " [player,_config] call BIS_fnc_invAdd;if (_isOk) then {deleteVehicle _holder;} else {_holder setVariable["clai"
#128 "private ['_dummy']; _dummy = [_this,'onload'] call compile preprocessfile '\ca\ui\scripts\server_interface.sqf';"
#223 "rivate ["_dummy"]; _dummy = [_this,"players"] execVM "\ca\ui\scripts\dedicatedServerInterface.sqf";"
#227 "rivate ["_dummy"]; _dummy = [_this,"players"] execVM "\ca\ui\scripts\dedicatedServerInterface.sqf";"

and scripts.log when i trying to enter server. -
Code: 
29.11.2012 11:47:20: Barmaley (192.168.0.172:2304) d85a6503084ec819c669ee9d027e41af - #2 "until {!(IsNull (findDisplay 46))};
(findDisplay 46) displayAddEventHandler ["keyDown", "_this call fnc_keyDown"];
 
diag_log fo"
29.11.2012 11:47:20: Barmaley (192.168.0.172:2304) d85a6503084ec819c669ee9d027e41af - #26 "until {!(IsNull (findDisplay 46))};
(findDisplay 46) displayAddEventHandler ["keyDown", "_this call fnc_keyDown"];
 
diag_log fo"
29.11.2012 11:47:26: Barmaley (192.168.0.172:2304) d85a6503084ec819c669ee9d027e41af - #23 "ong! disconnect and try again!", "BLACK OUT",1];
player enableSimulation false;
};
};
dayz_losChance = {
private["_agent","_max"

need help) thx
 
@brobo

Looks like u are missing the escape char \ for the brackets {} []...

Try out the following filter
Code: 
#34 "dayz_logDamage = \[name _unit, name _source, _damage\];
#34 "dayz_logDamage = \[name _unit, name _source, _damage\];publicVariableServer "dayz_logDamage";\};if \(_unit == pl"
#35 "else \{publicVariable "dayzUpdateVehicle";\};_unit removeAllEventHandlers "HandleDamage";_unit removeAllEventHandlers "Killed"
#67 "openDSInterface;"
#127 " \[player,_config\] call BIS_fnc_invAdd;
#127 " \[player,_config\] call BIS_fnc_invAdd;if \(_isOk\) then \{deleteVehicle _holder;\} else \{_holder setVariable\["clai"
#128 "private \['_dummy'\]; _dummy = \[_this,'onload'\] call compile preprocessfile '\ca\ui\scripts\server_interface.sqf';"
#223 "rivate \["_dummy"\]; _dummy = \[_this,"players"\] execVM "\ca\ui\scripts\dedicatedServerInterface.sqf";"
#227 "rivate \["_dummy"\]; _dummy = \[_this,"players"\] execVM "\ca\ui\scripts\dedicatedServerInterface.sqf";"
#2 "until \{!\(IsNull \(findDisplay 46\)\)\};\(findDisplay 46\) displayAddEventHandler \["keyDown", "_this call fnc_keyDown"\]; diag_log fo"
#23 "ong! disconnect and try again!", "BLACK OUT",1\];player enableSimulation false;\};\};dayz_losChance = \{private\["_agent","_max"
#26 "until \{!\(IsNull \(findDisplay 46\)\)\};\(findDisplay 46\) displayAddEventHandler \["keyDown", "_this call fnc_keyDown"\]; diag_log fo"

I also recommend u turn scan scripts = standard until u get filters setup right...
U avoid false bans till u get your whitelist filter setup right...

This way u can watch your <battleye folder>\Logs\<date>\scripts-unknown.txt
If the filter is right u shouldn't see any new entries in there for spectator tool GCam...

Once filter is setup right u can turn back on scripts = strict if u want
Don't recommend it, incase a hacker gets a client to remoteexec a script.


-----------------------------------
-----------------------------------

Note:-
U will get action logs showing what the bans aswell
<battleye folder>/Logs/<Date>
logname-bans.txt (for blacklisted filter bans)
or
logname-unknown-bans.txt (for unknown code bans, only get if u have scan setting = strict)

-----------------------------------
-----------------------------------

Tip:

If u want to test out a rule to see if it works....
Try out http://www.pythonregex.com/
U can paste your filter rule in there & the line of battleye log text.
Very handy to quickly see if your filter is worded right...



EDIT:- Update the Filter code box with additions for filtering out GCAM script...
 
Just update the whitelist scripts.txt filter on git-hub, if u want to grab the latest one & check it out...
Should do the trick for u
 
Important fixes today if anyone is using has spam filters turned on in servers.ini
Recommend u update to avoid false bans
 
Besides finishing off the code for kicking players, pretty just the c# code that needs to be done....

Are there any requests / ideas for any other features.... thx
 
Just tagged another release with filter updates from k4n30...

Remember to use the filters as a base i.e l85 is removed from banlist because it isnt banned on all maps...
But if it is banned from your server map u can always add it in....

------------------
------------------

Anyway assuming i dont magically figure out how to get rcon protocol to work in python...
I will finish off a c# app for kicking players this weekend...

Next feature am thinking of is just a more advanced spam filters with ACTION filter, which launchs outside app / bat file (app to launch to be configured in server.ini file)

i.e Was thinking if mass teleport trigger a custom script / bat file.
Which u could have made to stop server & roll it back to last backup for example
 
Haven't had to much time lately with rl & switching to tavianna map on servers etc....

Just a small fix in regards to decoding when hackers attempt to obfuscate code.
Note if u notice any obfuscated code get pass into unknown action logs... plz send me an extract of it thx.

But mainly its been some more filter updates from k4n30.

-------------
-------------
Now if anyone has some time + good @ c# since i wont get anytime to figure out c# for abit...

Really could with small app to kick players off server...

Ideally be nice to have
rcon_kick.exe <ip> <port> <password> <text file>

1) read a txt file each line = a player name
2) connect to server via rcon
3) issue playerlist command
4) parse playerlist
5) if playername = player in txt file
6) issue kick player

https://github.com/ziellos2k/BattleNET
 
We have some users that made small donations who have custom loadouts, i.e. a gold gun and a skin i.e. rocket_dz, I've found that I am forever going through the filters and removing the ammo, gun and skin only to find that it's also stored some place else so the user gets banned until I fix it.

Given I don't want to open up these items to everyone is there an easy way to whitelist a player based on name or GUID? or is it just a matter of removing the offending items from the filters.
 
Whitelisting a player is just troublesome
i.e what happens if that user starts to hack.... or someone kills the user picks up their items

Anyway ist really just a matter of changing up the publicvariable & addmagazinecargo filters really...

publicvariable.banlist
addmagazinecargo.banlist
addmagazinecargo.whitelist
 
Very few people donate, it's generally the people that stick around for a while so I am not really worried about them doing anything and I would be very surprised if they did.

I can modify those files but then it opens it up for everyone, which defeats the purpose of it.
 
Its easy enough to add an additional check to compare GUID's & exempt certain players getting added to bans.txt ......
But i don't feel this is a positive feature as it up makes it easier for abuse by admins running scripts...

Besides it doesn't solve the problem if someone kills an exempt player & picks up their golden ak from their corpse.

If u have added custom code to your server to solve this problem....
U should be able to figure out to alter pyBEscanner to suit your needs...
 
Am thinking about add support to define multiple filters to use....
This way we could have in server.ini

Filters = default, default-weapons

or u could have

Filters = default, gcam, custom-weapons

The idea behind it is u could split up the filters, and maintain your own custom weapons filters...
And not have to worry about comparing latest changes...

Anyway its one of the ideas i currently having.... not sure when i get a chance to code it.
Am abit busy lately...
 
would be nice to have these options!
I'm trying to learn to Use pyBE still hehehehe, he only reads the scripts directory?
 
i download New Files on Git
u need change
# Config Version
#If byBEscanner complains about bad config version...
#U will need to look @ servers-examples.ini for changes, most of the time it will be just a new option
Version = 9 <<< 8 not work why?
 
Thx for pointing it out, have it changed now...

The reason for the increase in version count from 8 -> 9.
Is because i never added a version check to the temp files (this is were the app store info so it doesn't need to rescan log files).
So when i changed the format of the temp files, i needed the user to remove the old temp folders otherwise app will crash on loading up old version temp files.
 
Torndeco said:
Haven't had to much time lately with rl & switching to tavianna map on servers etc....

Just a small fix in regards to decoding when hackers attempt to obfuscate code.
Note if u notice any obfuscated code get pass into unknown action logs... plz send me an extract of it thx.

But mainly its been some more filter updates from k4n30.

-------------
-------------
Now if anyone has some time + good @ c# since i wont get anytime to figure out c# for abit...

Really could with small app to kick players off server...

Ideally be nice to have
rcon_kick.exe <ip> <port> <password> <text file>

1) read a txt file each line = a player name
2) connect to server via rcon
3) issue playerlist command
4) parse playerlist
5) if playername = player in txt file
6) issue kick player

https://github.com/ziellos2k/BattleNET
Click to expand...

My 2 cents

https://github.com/nanomo/rconKick
 
You must log in or register to reply here.
Back
Top