report invisible cheater on rcon

[sinkope]

on fisrt time sry for my english its so bad...

 

i must be report a player in my server, he enter and kill everyone...

i try baning but he does not apear on rcon ... its a invisible cheater for rcon and in-game admin.

 

i find the user id from bf2s the nick is t_mato and the number of hes id 47059043

 

i dont know how he can make this , if is a cheat or if is a hacker... but he komes and kill wen he likes

wat i can make?

[andr3a]

on fisrt time sry for my english its so bad...

 

i must be report a player in my server, he enter and kill everyone...

i try baning but he does not apear on rcon ... its a invisible cheater for rcon and in-game admin.

 

i find the user id from bf2s the nick is t_mato and the number of hes id 47059043

 

i dont know how he can make this , if is a cheat or if is a hacker... but he komes and kill wen he likes

wat i can make?

Greetings, I will try to reply to your questions:

1. If you aren't a streaming admin, and even if you are, you cannot report a player like that.
   PBBans issue a BAN only with solid evidences of cheating, such as streamed server logs and PunkBuster Screenshots. You are also able to submit a demo when you are a Streaming Game Admin.
   
2. Has your server PunkBuster? If so, you can ban him through pb_sv_BanMask 12.34.56.78 where 12.34.56.78 is the IP Address of the player.
   
3. If you have full administrative control of your server, you can start streaming with PBBans. It is very simple: you can follow this instructions, and join PBBans!
   

I hope that helps :)

Edited July 24, 2008 by WL - andr3a

[sinkope]

I have files that make the user is not somebody could please do something?

[andr3a]

I have files that make the user is not somebody could please do something?

 

I will try to explain once again:

PBBans will raise a ban only under the following cases:

1. PunkBuster Violations

 

Cheat/Hack Violations:

When PunkBuster detects a cheat or hack by repeated positive identification on a player's computer, a violation is raised. These violation numbers are 50000 and higher. Families of cheats are listed below. Resolution: Remove cheats and hacks from the computer.

#50000s - Aimbot

#60000s - Wallhack

#70000s - Multihack

#80000s - Gamehack

#90000s - 'Cheat' Video Drivers

#100000s - Speedhack

#110000s - Autofire

#120000s - Game Hook

#130000s - Attempted PunkBuster Hack

See also http://www.pbbans.com/info-center-pbviols.html

 

2. PBBans Cheat/Hack Violations:

 

The following are violations that are unique to PBBans only.

 

Generic CVAR Ban (GCS) - Partial or full match of a cheat CVAR.

 

Generic BIND Ban (GBS) - Cheat CVAR found in players key bindings.

 

MD5 Cheat File Match (CFM) - MD5 signature match to a known cheat file.

See also http://www.pbbans.com/info-center-pbviols.html

 

3. PunkBuster Screenshots/Demo from a SGA showing clearly that a hack was in use at the time the screenshot or demo was taken.

 

In no other cases PBBans will raise a ban.

[Tazzy]

If someone logs onto the server with no name, eg a name hack, to ban them off your server type into cc

 

admin.listPlayers then click the console button

 

In the log a list of all players, including invisible players show up with Guids and PLayer ID numbers.

 

Find the ID of the person you want to ban then type

 

admin.banPlayer 2 [perm] the number 2 being the id of the player, eg could be id 16 if the player is the 16th ID

 

PB bans will not be able to ban these guys because they have no physical evidence of a hack i think, you can only do your best to ban them from your server.

 

Hope this helps

Edited August 8, 2008 by Tazzy

[DaLynX]

That's right there is no evidence for us to base a ban upon.

 

A piece of advice : use PB commands such as pb_sv_plist (and lookup the result in PB logs : /pb/svlogs) and pb_sv_banGUID to ban the punks.

These are more reliable than game commands.

[=BiG=Karkinos]

I know what this guy is talking about and want to clarify for him.

 

There is a new hack from 18***. It is or has been coined the "Ghost Hack". BF2CC does not pick them up and they cannot be seen through, for instance, our control panel in our internet interface. Thankfully, they do register in the pblogs.

 

Anyway, you cannot ban them. You cannot kick them. The hack essentially subverts everything you do, including allowing the player to ban other people (this just happened to our server Friday night). While trying to ban the guy he banned one of our members. The only way I was able to get rid of him was use the rcon command to block his name. Which, 24 hours later, he beat.

 

I am awaiting his return to get a pbss, if I can, but considering it is a hack from 18***, I bet it comes back black. We have banned him on at least four occassions, each time with a different GUID and IP. Worse, according to the pblogs, his MD5tool and "handshake" are fine every time he joins. This is the most sophisticated hack I've ever seen.

 

Has anybody else seen this? Does anyone know of any way of defeating it? dydrey has taken to entering our server virtually nightly to plague us with this hack.

[DetlefDeeSost]

I know what this guy is talking about and want to clarify for him.

 

There is a new hack from 18***. It is or has been coined the "Ghost Hack". BF2CC does not pick them up and they cannot be seen through, for instance, our control panel in our internet interface. Thankfully, they do register in the pblogs.

 

Anyway, you cannot ban them. You cannot kick them. The hack essentially subverts everything you do, including allowing the player to ban other people (this just happened to our server Friday night). While trying to ban the guy he banned one of our members. The only way I was able to get rid of him was use the rcon command to block his name. Which, 24 hours later, he beat.

 

I am awaiting his return to get a pbss, if I can, but considering it is a hack from 18***, I bet it comes back black. We have banned him on at least four occassions, each time with a different GUID and IP. Worse, according to the pblogs, his MD5tool and "handshake" are fine every time he joins. This is the most sophisticated hack I've ever seen.

 

Has anybody else seen this? Does anyone know of any way of defeating it? dydrey has taken to entering our server virtually nightly to plague us with this hack.

This T2x guy is very clever the only way to get rid of those attacks is to get updates for bf2cc and Bf2.

[=BiG=Karkinos]

We are completely up-to-date on all items. This hack is newer than any update available. I fear there isn't much that can be done because it seems to include (I won't rule out that dydrey is running more than one hack) the ability to manipulate GUID and IP. If that's the case, even getting EA and pbbans and pb involved (good luck with everyone working together on that, eh?) wouldn't be useful. The only option would be a hardware option, I guess.

[Benway]

It is or has been coined the "Ghost Hack". BF2CC does not pick them up and they cannot be seen through, for instance, our control panel in our internet interface.

Thankfully, they do register in the pblogs.

Usually i just spam http://www.evenbalance.com/publications/bf...ex.htm#commands in cases like this, as i'm tired to repeat myself - guess tired from answering ~1k posts re so called smart (the opposite baby) hacks for ET spoofing dis and spoofing dat (all kind of game specific nonsense (basicly same problem as described here), no need to run a cheat to "spoof" client-sided items, /console or editor will do ... simply use server-sided /pb_sv_plist and you don't even mention any spoofed unneeded gizmos, leave alone "mirroring (MAC-based-pseudo-guid) bans" etc. etc. clientsided fool-catchers that only will work on noob admins using flawed admin-mods' !ban Name) - maybe about time again for an extended remix ;p

^EB Link^ in a full sentence: You really should start to use PunkBuster Server - instead of flimsy, flawed game specific trash. This goes for all games, nobody running a pb enabled server never ever thought about using game's /BanUser /BanClient /BanID or similar, seems just EA managed to brainwash everybody with "ranked" restrictions (more afraid of admins than cheaters? obviously yes), "hash" "account" BS plus marginal pb integration in a console that was designed to be a pain.

Just note the last sentence of above quote, how come?

And no, it's not a smart hack (basicly tis an exploit of game vulnerabilities), it's BF admins having no clue about PB, partially due to the poor game integration, ok admitted, but still: Ban the GUID (no, no "hash" "name" "Global ID" or whatever BS) via RCon & PunkBuster Server - to have WebTool* setup is your best bet: >click!

[ console: /rcon login 'pass' then " /rcon exec PB_SV_ ... " ] or

[ HLSW: exec PB_SV_Ban "reason" or exec PB_SV_BanGuid "reason" resp. exec PB_SV_BanMask ] >click

HSLW setup is BF-Port-Guesswork, ServerIP:ServerPort:GamespyPort (default=29900 others are used though),

for the proper RCon port search FTP /mods/bf2/settings/modmanager.con e.g. mm_rcon.rconPort 6711 (or 4711, 4712), >click1click2

Note: this is plain rcon w/h daemon, i.e. not the same port as bfcc

 

The safest way was to ban via 1. PB WebTool* or HLSW ( "reason in quotes"

I know its not convenient with no console echo, but: it works. Opposed to the rendered useless convenience.

*From my experience even totally unresponsive (dead rcon, /connect stalls) servers still could be accessed and restarted via PB WebTool.

 

Does anyone know of any way of defeating it?

You could wait for 2 patches (one no doubt: /rcon logout, crash2desktop, "namehack" etcetc = game) ...

or setup PB WebTool*: http://www.pbbans.com/info-center-hubguide.html#webtool http://www.evenbalance.com/publications/bf...dex.htm#webtool , hint to guess a working port: http://forums.theplanet.com/index.php?showtopic=80480 IRC quakenet.org #pbbans

 

 

Subsequently banning (pb) guids is the only reliable solution. IP is no alternative really (banning dynamic IPs = always a temp. ban ... yet space for another */me facepalms* Story/Hoax: player was using ... yes, a Router ;P )

 

 

P.S.: you cannot "manipulate" a GUID (assigned by PunkBuster SERVER), what is possible is to create *.reg files REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Electronic Arts\EA GAMES\Battlefield2\ergc] @="cd-key_here" - just this requires another/more cd-key(s).

[Tazzy]

Its not always that easy to Ban a Player By IP or GUID if the Information does not Show on CC. All you can get is the Players ID slot on the server at the time and Ban them. You dont get what there Ip is, Guid Or CD KEY!

 

Its Very Difficult to Ban these Invisible CHeaters

[Benway]

its easy. if you did your homework, http://www.evenbalance.com/publications/bf2-ad/index.htm

BF2CC does not pick them up ... they do register in the pblogs.