pyBEscanner
- Thread starter Torndeco
- Start date
Strikes
Well-Known Member
Thanks for the info Torndeco - Would you, or anyone else, have a personally recommendation on a script that auto-updates the detection files?
k4n30
Member
These days the BE filters rarely change with the exception of new hacks or DayZ version changes. Not sure what server package your using, but if your using Bliss it includes a script file to automatically update these files for you, thats how I do mine
Strikes
Well-Known Member
It would be for use on Public Servers mostly.
Strikes
Well-Known Member
Also; I'm starting to see a number of these being banned - Anyone else had these come up and know if they're legit bans or not? Or people that were being teleported by hackers?
"ublicVariableServer"Teleported";_Teleported="helihempty"createVehicle(position player);"
"ublicVariableServer"Teleported";_Teleported="helihempty"createVehicle(position player);"
Thanks for the reply in my .cfg I have logFile = "Arma2oaserver.rpt"; is that wrong? Am I putting all the stuff into a single file and could just point pyBEScanner at the same file for both?
Have no idea if what u have will result in 1 single logfile with everything or will server just log only the 1 thing
Try change the setting + see what happens
logFile = "server_console.log";
Anyway pyBEscanner code assumes the log files are from 2 different log files...
If u point the to the same logfile twice.
It will end up scanning the same file twice, everytime time it notices timestamps have changed...
Also it will make 2 seperate backups of the same file, with the same contants.
Or if u want u could just disable scanning server logs in servers.ini..
Atm it just makes archives of server log files + makes a seperate chatlog.
Try change the setting + see what happens
logFile = "server_console.log";
Anyway pyBEscanner code assumes the log files are from 2 different log files...
If u point the to the same logfile twice.
It will end up scanning the same file twice, everytime time it notices timestamps have changed...
Also it will make 2 seperate backups of the same file, with the same contants.
Or if u want u could just disable scanning server logs in servers.ini..
Atm it just makes archives of server log files + makes a seperate chatlog.
Can you share the relevant sections of your configuration? Right now, with a pretty default bliss configuration, I'm just getting an RPT. Server console stuff doesn't get logged anywhere. Besides getting the scanner working, I'd just like to get that info logged for myself.
Edit - Nevermind. Looks like setting
Code:
logfile = server_console.logStrikes
Well-Known Member
I've been running pyBEscanner for about a week now on my public servers that are updated with the Filters from Dwardens bans/filter community list.
I have an odd feeling that some people are getting falsely banned; like in my previous question/post before this one.
As an administrator of both public and private servers... it's almost becoming a hassle to keep up with what software/tools/filters/etc work best with what...
So I'm hoping that someone might take the time (someone knowledgeable in this regard) to give us, the administrative community, a running/updated list of what to use/run with what... etc.
I have an odd feeling that some people are getting falsely banned; like in my previous question/post before this one.
As an administrator of both public and private servers... it's almost becoming a hassle to keep up with what software/tools/filters/etc work best with what...
So I'm hoping that someone might take the time (someone knowledgeable in this regard) to give us, the administrative community, a running/updated list of what to use/run with what... etc.
helldesign
Member
Hi again,
Need little help with filters.
I removed an item from my server's spawn tables and all player/vehicle/tent inventories, let's say "Binocular" (for example). Then added
to "publicvariableval.txt" (in my BattlEye folder).
That line gets me kicked from the server only when I press "Esc" key, but I want all users that have that item to be banned instantly when they get it in their inventory. Is that possible?
I added also
to the "addmagazinecargo-banlist.txt" (in "dayz-default"), but no success.
Need little help with filters.
I removed an item from my server's spawn tables and all player/vehicle/tent inventories, let's say "Binocular" (for example). Then added
Code:
5 "\"Binocular\""That line gets me kicked from the server only when I press "Esc" key, but I want all users that have that item to be banned instantly when they get it in their inventory. Is that possible?
I added also
Code:
Binocular@helldesign
Pretty sure u pressing escape is just trigger an inventory sync.
Battleye should kick u anyways, it might just take abit i.e whenever it syncs your player inventory to database.
Inregards to pyBEscanner try add it to
publicvariable-banlist.txt
@strikes
But yes what u pasted is a hack... try google the code entries like createvehicle + heliempty as a vehicle type.
That way u get used to figuring out what different code logged from battleye was meant todo.
But that's not to say another script kiddie using a bypass didn't remote execute the code.
Or that a regular on your server isn't a hacker, had afew of them before.
----------
----------
pyBEscanner is just a tool u can use, @ the end of the day.
It is just a log parser, there is no magically receipe to which battleye filters u use.
If u use a different set of battleye filters
Its still gonna scan the log file using pyBEscanner's filter files.
Worse case u have to whitelist extra entries + alter the spam detection rules.
i.e
If u alter your battleye publicvariable filters to log banned weapons...
pyBEscanner can ban a user for having a weapon.
Doesn't mean they hacked / spawned in the gun, they could be just an innocent victim that just picked up wrong gun.
----------
----------
Also u really should just make a seperate thread asking if something is a hack...
That way more people might read the post + they can answer it, without it getting lost in the thread.
Pretty sure u pressing escape is just trigger an inventory sync.
Battleye should kick u anyways, it might just take abit i.e whenever it syncs your player inventory to database.
Inregards to pyBEscanner try add it to
publicvariable-banlist.txt
@strikes
But yes what u pasted is a hack... try google the code entries like createvehicle + heliempty as a vehicle type.
That way u get used to figuring out what different code logged from battleye was meant todo.
But that's not to say another script kiddie using a bypass didn't remote execute the code.
Or that a regular on your server isn't a hacker, had afew of them before.
----------
----------
pyBEscanner is just a tool u can use, @ the end of the day.
It is just a log parser, there is no magically receipe to which battleye filters u use.
If u use a different set of battleye filters
Its still gonna scan the log file using pyBEscanner's filter files.
Worse case u have to whitelist extra entries + alter the spam detection rules.
i.e
If u alter your battleye publicvariable filters to log banned weapons...
pyBEscanner can ban a user for having a weapon.
Doesn't mean they hacked / spawned in the gun, they could be just an innocent victim that just picked up wrong gun.
----------
----------
Also u really should just make a seperate thread asking if something is a hack...
That way more people might read the post + they can answer it, without it getting lost in the thread.
k4n30
Member
Strikes I run a private server with no modifications to the loot table from the public hive. Therfore the default pyBEscanner will be fine on your server it's only when you make modifications that you need to adjust the filters.
When you see these lines as long as it's NOT in your scripts.log then 99% of the time the person listed hacked it in, or executed it themselves. If it's in the scripts.log it could have been executed remotely so in that case I'd just add it to the scripts.kicklist
As a side note, I notice only one other person other than myself is making pull requests to improve the quality of the scanning. If you detect something, PLEASE make a pull request so we can add it in to the filters
I will be making a pull request this week with dayz-2017 and dayz-2017-weapons, just need to test it out a bit more.
Strikes
Well-Known Member
I probably need to read up more on pyBEscanner and the in's and out's.
I'm guessing that if I wanted to just have pyBEscanner just kick for that line... I just add it to the scripts.kicklist and it'll stop banning? This is what's showing up in the bans file: "ublicVariableServer"Teleported";_Teleported="helihempty"createVehicle(position player);"
I just copy/paste that with the quotes and all? --> "ublicVariableServer"Teleported";_Teleported="helihempty"createVehicle(position player);"
I'll also try and familiarize myself with those pull requests...
I'm guessing that if I wanted to just have pyBEscanner just kick for that line... I just add it to the scripts.kicklist and it'll stop banning? This is what's showing up in the bans file: "ublicVariableServer"Teleported";_Teleported="helihempty"createVehicle(position player);"
I just copy/paste that with the quotes and all? --> "ublicVariableServer"Teleported";_Teleported="helihempty"createVehicle(position player);"
I'll also try and familiarize myself with those pull requests...
helldesign
Member
Thanks for the answer Torndeco. I will try it.
My idea is to replace some weapon/item spawns with another not banned entries, so when a hacker joins my server first or second time, he will not know which items are allowed and most likely he will spawn the wrong item and will get banned.
If the ban is instant there is no way someone to loot that "banned" weapons/items from a body and use it as an excuse. (or maybe there is way if they spawn a crate/ammo box containing that items...not sure)
I'm targeting that group of 'cheaters' that when join the server start killing players one after another till they kill everyone and don't care if they get banned (and most likely don't bother to check/ask which items are allowed).
Edit: I added "Binocular" in publicvariable.banlist (dayz-default) and the server kick/banned me, but only when I press "Esc" key (again). Maybe the fact that I already had that item in my inventory before I joined the server didn't trigger the ban instantly or maybe I need to wait more. I'm not sure what will happen if someone spawn it "realtime", will he get banned instantly or he will have time to kill half the server...
My idea is to replace some weapon/item spawns with another not banned entries, so when a hacker joins my server first or second time, he will not know which items are allowed and most likely he will spawn the wrong item and will get banned.
If the ban is instant there is no way someone to loot that "banned" weapons/items from a body and use it as an excuse. (or maybe there is way if they spawn a crate/ammo box containing that items...not sure)
I'm targeting that group of 'cheaters' that when join the server start killing players one after another till they kill everyone and don't care if they get banned (and most likely don't bother to check/ask which items are allowed).
Edit: I added "Binocular" in publicvariable.banlist (dayz-default) and the server kick/banned me, but only when I press "Esc" key (again). Maybe the fact that I already had that item in my inventory before I joined the server didn't trigger the ban instantly or maybe I need to wait more. I'm not sure what will happen if someone spawn it "realtime", will he get banned instantly or he will have time to kill half the server...
Two questions - what is 'Count Restriction'?
Another point, looking at the examples used 'dayz-default' 'dayz-weapons-default'
You have duplicates, as in 'addmagazinecargo.banlist' exists in both filter directories? So does one take presidence and get loaded over the other?
Should I just have one unique 'addmagazinecargo.banlist' across both 'dayz-default' 'dayz-weapons-default'?
EDIT: I guess you should only have one directory declared, as the scripts creates all of the files in both directories so you end up with a full set of duplicates?
Another point, looking at the examples used 'dayz-default' 'dayz-weapons-default'
You have duplicates, as in 'addmagazinecargo.banlist' exists in both filter directories? So does one take presidence and get loaded over the other?
Should I just have one unique 'addmagazinecargo.banlist' across both 'dayz-default' 'dayz-weapons-default'?
EDIT: I guess you should only have one directory declared, as the scripts creates all of the files in both directories so you end up with a full set of duplicates?
To many questions from everyone lol
@shinkicker
U can use multiple filters, app just creates an empty file if it doesn't exist in a directory.
Makes it easier for user to known that the filter file exists &
its easier coding wise for pyBEscanner to create the file for every filter location.
For example
This will load the filters from both directories...
U can define multiple directories, just once u have a comma between them in the settings file...
Makes it handy to have weapons split to a seperate filter set
Incase admin is using custom weapons + still wants convience of keeping there filters up to-date.
-----------
-----------
Original Logs -> Whitelist -> Kicklist -> Banlist -> Unknown Logs
So for log X
1/
pyBEscanner will parse log X using the whitelist filters,
It will use the filters in the same load order as listed in servers.ini
first using dayz-default & then dayz-weapons whitelist filters.
2/
Then it will parse what is left using the kicklist filters,
It will use the filters in the same load order i.e
first using dayz-default & then dayz-weapons whitelist filters.
3/
Then it will parse what is left using the banlist filters,
It will use the filters in the same load order i.e
first using dayz-default & then dayz-weapons whitelist filters.
4/
Anything left is put into a unknown logfile
So whitelist filters > kicklist > banlist in priority of parsing.
-----------
-----------
Spam rules are slightly different.
App loads up all the spam rules (in load order as listed in servers.ini)
U can only have 1 rule per (exact same) regrex rule.
If u have multiple regrex rules the exact same, last one loaded overwrites previous one
There is a new option for spam rules, called DELETE.
This just deletes a previous loaded spam rule.
All spam rules for logfile are loaded first, before app does the scanning for spam detection
-----------
-----------
Count Restriction is a battleye feature u can set to stop players from flooding a server.
Its basicly battleye form of spam detection, but it counts everything (even if stuff isn't getting logged)
Sorry don't have a link handy atm
@shinkicker
U can use multiple filters, app just creates an empty file if it doesn't exist in a directory.
Makes it easier for user to known that the filter file exists &
its easier coding wise for pyBEscanner to create the file for every filter location.
For example
Code:
Filters = dayz-default, dayz-weaponsThis will load the filters from both directories...
U can define multiple directories, just once u have a comma between them in the settings file...
Makes it handy to have weapons split to a seperate filter set
Incase admin is using custom weapons + still wants convience of keeping there filters up to-date.
-----------
-----------
Original Logs -> Whitelist -> Kicklist -> Banlist -> Unknown Logs
So for log X
1/
pyBEscanner will parse log X using the whitelist filters,
It will use the filters in the same load order as listed in servers.ini
first using dayz-default & then dayz-weapons whitelist filters.
2/
Then it will parse what is left using the kicklist filters,
It will use the filters in the same load order i.e
first using dayz-default & then dayz-weapons whitelist filters.
3/
Then it will parse what is left using the banlist filters,
It will use the filters in the same load order i.e
first using dayz-default & then dayz-weapons whitelist filters.
4/
Anything left is put into a unknown logfile
So whitelist filters > kicklist > banlist in priority of parsing.
-----------
-----------
Spam rules are slightly different.
App loads up all the spam rules (in load order as listed in servers.ini)
U can only have 1 rule per (exact same) regrex rule.
If u have multiple regrex rules the exact same, last one loaded overwrites previous one
There is a new option for spam rules, called DELETE.
This just deletes a previous loaded spam rule.
All spam rules for logfile are loaded first, before app does the scanning for spam detection
-----------
-----------
Count Restriction is a battleye feature u can set to stop players from flooding a server.
Its basicly battleye form of spam detection, but it counts everything (even if stuff isn't getting logged)
Sorry don't have a link handy atm