Jump to content


Welcome to PBBans


Sign In 

Create Account
Welcome to PBBans, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of PBBans by signing in or creating an account.
  • Start new topics and reply to others
  • Subscribe to topics and forums to get email updates
  • Get your own profile page and make new friends
  • Send personal messages to other members.
 
Guest Message by DevFuse

Photo

Streaming Security


  • This topic is locked This topic is locked
1 reply to this topic

#1 MaydaX

MaydaX

    Developer

  • Site Staff
  • 9,530 posts
  • Gender:Male
  • Location:Regina SK, Canada
  • Origin:maydax
  • Steam:maydax
  • XFire:maydax
Reputation: 1,619
Demigod

Posted Jan 24, 2012 - 05:28 PM

Posted Image

After the recent fake ban events at GGC-Stream this week it's no secret that streaming is not completely secure. It has never been completely secure and the events of 2008 brought that to light. At which time we informed our streaming admins about the situation and possible solutions. The solution was to either close down for good or continue and tighten our security. Streaming admins wanted to continue so that was our decision.

The known fake bans exploit involves using an application to hook into a server and edit its memory to falsify PB logs streamed to a 3rd party. In order for that to happen the person must have full access to the server. In the case of Battlefield 3 the leaked server files could be used to achieve that goal.

The mass fake ban attack in 2008 was a wakeup call for us and we took it very seriously. That is the reason we have the high streaming requirements of requiring teams to have a working website, roster, forums showing activity to name a few. The rest of those requirements can be found here.

It's why we:
- manually approve all newly added servers to stream
- manually approve all newly added users to existing streaming accounts
- don't allow free online email accounts for streaming applicants.
- don't allow home servers to stream
- don't allow teams with cheaters to stream
- don't allow any server whose IP is found in the MPi (used by a player) to stream
- don't allow cracked servers to stream
- don't show the full 32 character GUID for clean players.

We also provide many details for all our bans to aid players in the appeal process should they wish to do so. That includes the server log entry of the violation raised, the server ip and group it belongs to, the guid, alias and IP address of the player.

Should any player end up on our banlist they always have the option to appeal. We treat ban appeals very seriously at PBBans. For example if a ban was the result of a PB raised violation from Even Balance (Violation #50000+) then we have the user submit a ticket to Even Balance. If they say it's a false positive or there is no record of a person with that violation (can be caused by network errors) then we lift the ban. For MD5 tool bans if we do not have the exact cheat file (using MD5 checksum) in our database we lift the ban. Better to let a cheater go free than to keep an innocent player banned.

Streaming was never a 100% secure system and technically any system where logs are sent to a remote location could also suffer the same problem. We knew the problem existed in 2008 and took the above steps (plus others) to help protect server admins and players from being exploited.
  • 12

#2 MaydaX

MaydaX

    Developer

  • Site Staff
  • 9,530 posts
  • Gender:Male
  • Location:Regina SK, Canada
  • Origin:maydax
  • Steam:maydax
  • XFire:maydax
Reputation: 1,619
Demigod

Posted Jan 26, 2012 - 09:01 AM

Also want to point out that the mass number of PnkBstrB.exe restriction kicks recently in Battlefield 3 is completely unrelated to the events listed above. It seems a growing number of players are confusing the fake ban events with the mass restriction kicks for PnkBstrB.exe which is not the case.

PunkBuster was updated a few days ago and is likely the cause of those RESTRICTION kicks.

Monday 01.23.2012

Version 2.287 of the PB Client for BF3 has been released to our PB Master Servers for auto-update and to our website download page. This is a maintenance release.


There is a server command that will stop players from being kicked for that restriction (pb_sv_restrictions 0) but a server admin has to enter it.

I've sent that command to all the streaming servers at PBBans so players won't be kicked for now. A list of some BF3 servers with bookmark links can be found at.
http://www.pbbans.com/files/msi/bf3_server_list.html
  • 1




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



DMCA.com