Welcome to PBBans
|Welcome to PBBans, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of PBBans by signing in or creating an account.
[Tutorial]PBBans for dummies..or how to protect your server from hackers
Posted Jan 15, 2007 - 02:02 PM
08.14.2007 Revised (hub streaming, new referals, features and findings)
foxdie & fozzer for explaining the mechanics of pbbans
Why this tutorial?
Intentions were to provide an quick introduction on how to use and setup PBBans, i.e PBBans for dummies. It is basically just a compiled reference of existing documentations on the pbbans website but spiced up with some information I couldnt find directly or didn't understand in the documentation at hand, while I setup Rep streaming on our clan match server.
1) Procedure will take approximately 30-45 minutes.
2) Procedure is based upon setup for game Enemy Territory (but the general idea is applicable for all games afaik)
3) Procedure is based upon Windows environment (almost equal to linux but small changes are necessery afaik)
4) Procedure refers to hub streaming.
5) You need to be registered on the PBBans website.
6) Note that some of the links below will first be accessible once you have been upgraded to streaming game admin status on this web site
7) If you encounter problems/questions you have (almost) 24/7 assistance in IRC - nothing but nice people ready to help out.
Who will benefit from tutorial?
Persons that have full access to an Enemy Territory server (RCON/FTP) and that want to make life even more difficult for hackers by using (streaming to) PBBans - basically persons that want to contribute to the war on hackers by doing a straight forward server change.
Why use PBBans at all?
PBBans extends the functionality of Punkbuster by enforcing extra security checks on the players using your server. This includes cvars and MD5 checks, which is not used default by Punkbuster. In effect it means that every player using your server is checked for certain file and cvar occurences and if a match is found the person is flagged as a hacker and added to a ban list. These cvars- and MD5-lists are updated whenever needed by pbbans staff - may be more times per day if the need arises. As a user of pbbans you are provided with latest updated definitions available as Master CVAR Library (MCL) and Master MD5 Library (MDL) so that your pbbans streaming server always will repel the newest discovered hacks and added bans. Basically it means that your server is always as updated as possible when it comes to hackers - much like updating your virus definitions in your virus killer. On top of this you benefit from a compiled database that holds information from all other servers streaming to PBBans - much like yawn from where you can do all sorts of data mining, but especially benefit from the bans issued from equally minded server admins. Other references ref #1 ref #2
How does it all work?
The idea is two threaded:
1) Streaming process
| Your server | ------------- streaming -------------> | PBBans Repository |
Whenever a Punkbuster log is created on your server it is sent to PBBans for processing (untouched by human hand so to speak). PBBans will process the log instantly (hub streaming) - rep streaming will process once a day instead. All registered violations will automatically be added to the ban list - Master Ban Index (MBI) - as all violations per definition are indisputable hacks.
2) Update process
| Your server | <------- bans update ------- | PBBans Repository |
When new bans are added to the MBI (from your streaming server or another PBBans streaming server) it is available/broadcasted to all hub streaming servers immediately. This means that a ban for a given player issued on another server will be included in the ban list of your server immediately (note that this is not the case for rep streaming - it requires manual ban list update) - please consult this for technical details. The newest feature of PBBans regarding this is that you as a PBBans user is able - via flag settings on your server account - to have the system check all users that connects to your server against the MBI (i.e. you access PBBans server) and if there is a match the user is instantly kicked from your server. Hence you dont need to have a bloated bans list local on you server - you instead use the centralised MBI. This will reduce strain on your server as well as you dont have to maintain an updated ban list local on your server and you will only access the MBI whenever you need (when people connect to your server). Hence it is not necessary to do anyting when it comes to maintaining the ban list of your server.
| Your server | <------- MD5/cvars update ------- | PBBans Repository |
When changes in the config list are announced you have to update your server with the new MDL (MD5) and MCI (cvar) definitions available at PBBans Master Config Index (MCI). This is necessary as new hacks and cvars are discovered all the time. This update is a manual process - the definitions are not pushed automatically by PBBans. The definition update is made straight forward also by the Java version of PBBans Admin Tool (jPAT).
How to setup streaming process:
Follow this process (or this) - refer to the part talking about Hub streaming can be done via rcon (one line at a time) if no FTP access is available. My experience is that doing the initial setup with RCON is the best. Once streaming is confirmed you can always refer to PBBans Hub setup via FTP on how to do it config style. Once done you need to confirm with a PBBans staff member that streaming is active.
You then need to add the new streaming server to your PBBans Team Account by navigating to Account and adding the server. Your PBBans user status is now upgraded to Streaming Game Admin (may take an hour) and you will have access to some more information and forums on the PBBans site - your server is now securely streaming all PunkBuster logs it generates to PBBans for processing.
How to setup update process:
To simplify the update process PPbans has developed (j)PAT. Please refer to documentation for details about setup procedure.
My additional notes on the procedure:
- When downloading the jPAT tool please be aware that Windows might alter the extenstion on the file to .zip when downloading. If this is the case you need to change it back to .jar otherwise you wont be able to run the program.
- FTP paths are case sensitive(!)
- Note that PBBans will NOT have acess to RCON nor FTP so you need not worry about entering the passwords
In theory you will just need to double click the jPAT_Update.bat file everytime MCL or MDL changes. You can easily be notified of changes if you track this page - please consult site help files on how to track threads.
Config files for hub streaming
Once your server is streaming you can setup everyting config style. A fast template would look something like
// LOAD SETTINGS FROM OTHER CFG FILES
pb_sv_load pbbans_hub.cfg //PBucon hub streaming
pb_sv_load pat_reload.cfg // reload definitions (CVAR,MD5,BANS)
// **** PBBans Hub Config ****
// Remember to post on the forum so your server can be added to the Hub
// Put the pbucon.use file in your root PB folder.
// Add the line: "pb_sv_load pbbans_hub.cfg" in your pbsv.cfg file.
// Enjoy the benefits of Multi-Streaming with Live Banning today at PBBans.com.
pb_sv_autoupdban 1 // this ensures that hub bans are not lost after a server restart
pb_sv_usessionlimit 2 // Adjust number accordingly should you use the pbucon feature for your admins.
pb_sv_uconadd 1 188.8.131.52 pbbanshub pbbanshub
Please come to the private forums once you are streaming admin for more details on the above and how to do random screenshots and much much more.
One thing to be aware of is that game configs rule all (configuration). A game config controls the cvar and MD5 lists within the game environment in which they are loaded. This means they can also empty the cvar and MD5 list for the environment and hence render our MCL and MDL useless. This is exactly what Clanbase configs do - empties the lists without adding any cvar or MD5 checks of relevance. In other words, when you load a Clanbase config your server will be more open to hackers. This seems to be changing (hopefully) now that the winds of change flows trough Clanbase.
A PBBans member mangu has taken the initiative to do PBBans own configs. They are a complete clone of Clanbase configs BUT they encompass the most known cvar and MD5s and will hence provide a much better protection compared to Clanbase configs AND they have been MD5 signed by the ETPro team. Problem is that most players dont know them and will therefore tend to reject the notion of playing a scrim using them - let us all try to change that! If you have nothing to hide please play with the PBBans config if available as it ensures you a more safe environment and they are EXACTLY the same as Clanbase configs besides the beefed up security. Please note that even if the PBBans config is just loaded in warmup period the extended checks still run - so it is still better than nothing. From the above it may sound as if streaming is a complete waste of time. It is not! For instance, automated pb screenshots are useless if streaming is not set up - streaming will authenticate that the screenshot is in fact authentic based on the pb log sent to PBBans repository.
You now have a base setup of PBBans with the possiblity of updating definitions. From here you can do so much more wrt. PunkBuster and PPBans if you have the need or urge. I suggest that you start here - a nice introduction to a base config for PunkBuster by mcsteve of Ghostworks and also have a look at this feature newly introduced by PBBans
If you have additions or comments to this tutorial please feel free to pm me.
Posted Jan 15, 2007 - 03:05 PM
I edited it just a bit for some minor corrections
Posted Jul 9, 2007 - 02:08 AM
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users