IPB





Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Many recent bans, PB memory scanner / hacks checks
MonkeyFiend
post Mar 26 2008, 11:08 AM
Post #1


Security and Projects
**********

Group: Clan Dogsbody
Posts: 4,687
Thank(s): 1098
Points: 2,440
Joined: 31-August 07
From: A Magical Place, with toys in the million, all under one roof
Member No.: 1




From Evenbalance:

CODE
March 25, 2008

We rarely announce anything regarding commercial cheats and hacks. However, we are aware of the numerous "You Tube" type videos and posts on various sites where hackers who sell cheats make claims that are false but sound believable about PunkBuster and hack detection status. We receive numerous emails daily by concerned honest players regarding advertisements for undetectable hacks, etc. The truth is that via recent enhancements to PunkBuster's detection capabilities, we have cracked down hard on cheaters who pay for hacks in the games we support. Some commercial cheat sites have closed down due to our new methods and others have private forums where punks routinely complain about getting caught with the "undetectable" hacks, demanding refunds, etc. We have always maintained a strict policy of not giving money to punks, but thanks to community volunteer moles who have helped us obtain access to private hacks via donations of their time, etc., PunkBuster has been catching hacks from virtually all commercial cheat sites in recent weeks and months.

One of the recent enhancements involves our memory scanner which aggressively scans for patterns included in known cheats (public and private). A commercial hack site where we have had recent success catching their subscribers has recently staged a few demonstrations of inserting text-based patterns via certain chat-related systems such as IRC, Instant Messaging, etc. directly into the memory of computers. These are specific text patterns that we have deployed in some supported games in the recent past. It is clear that many of the demonstrators are cheat-supporters willingly participating in the demonstration, but there is evidence that some innocent players had PunkBuster violations triggered during the past few days by the hackers who sent specific text patterns into the chat programs that were open during gameplay. We are removing these text based patterns from our system and encourage admins to not ban for PB violations that occurred during the past few days.

Online gamers who play with other programs running should always enable security features in their messaging and chat programs to deny auto-download of files and only accept downloads from people they know and trust. As always, from PunkBuster's standpoint, if a known cheat pattern is in the memory of the computer during gameplay, then a violation will be triggered. We have always suggested closing other programs while you are playing multiplayer games on PunkBuster servers and that remains the safest policy. Leagues that require chat room usage for competitive play should take steps to ensure that only league participants have access and suspicious activity should be reported to us when there are concerns about manipulating the system.

Source [url="http://www.evenbalance.com/"]http://www.evenbalance.com/[/url]


You won't get banned online for having an xfire overlay on. You may get banned if someone on your xfire list sends you a message containing text that matches the pattern of a hack (or if you have a 3rd party program set to auto download files from friends/strangers)

Basically if someone sends you the dodgy code, when the PB mem scanner checks you computers memory it will find a string that matches a known hack in the xfire programs memory and ban you for it.

For example if the code 'while (!=sleep; sheep++)' was part of the code of a hack and someone messaged that to you in IRC, MSN, Xfire etc., - when PB scanned your memory and found the code it would ban you for it.

The PB memory scanner is an excellent (if not slightly buggy tongue.gif) tool against the major hacks - the sad script kiddies trying to break it by forcing dodgy code on innocent people to get them busted is quite pathetic.

If anyone is banned for this it will show up as a ban for violations 50096 or 50100 or a 79000 series multihack

I have removed the ability for non-registed users to post text to the TS server (registered users still can) as this can also trigger this - of special significance to the various friendly clans that use public TS. I also advise people not to have IRC sesions open when playing bf2 - there have been known issues of peeople spamming the hacks codes into IRC rooms.

I'm also planning to reactivate the swear word filter so that people can't spam the codes in in-game chat - I've had unconfirmed reports that spamming certain code in-game results in everyone on the server being banned :s

I've also had unconfirmed reports that people who have browsers open that contain the codes while playing also get banned. (I have a list of various codes that trigger this, but will obviously not post them to the public, if you want them then PM me but please be aware of the risks)

I'm currently working on this (expect me to be busy for a while)

Best thing I can suggest is when playing bf2 - do not have MSN/IRC open, make sure if you're on TS that public can't post txt messages and don't have any browsers open with iffy code on them. Then you'll be free of problems.

cheers,

MonkeyFiend


--------------------

Go to the top of the page
 
+Quote Post
Lawpf2001
post Mar 26 2008, 11:30 AM
Post #2


Knight Errant
*******

Group: Clan Members
Posts: 645
Thank(s): 0
Points: 79
Joined: 18-November 07
From: Swindon
Member No.: 43




i think this happened on the BBUk server a couple of days ago. my brother's a BBUK admin (might have seen on the monkeys sevrer BBUK Alex98uk) was telling me that everyone playing at a certain time were all banned on the server admins included and are now all on PB list.


--------------------
Go to the top of the page
 
+Quote Post
MonkeyFiend
post Mar 26 2008, 11:38 AM
Post #3


Security and Projects
**********

Group: Clan Dogsbody
Posts: 4,687
Thank(s): 1098
Points: 2,440
Joined: 31-August 07
From: A Magical Place, with toys in the million, all under one roof
Member No.: 1




ahh yes, I believe I had a brief convo with him about GUID spoofing in the in-game chat biggrin.gif

I'll see what I can do about the bans being removed sooner rather than later (as they are going to be removed anyway)


--------------------

Go to the top of the page
 
+Quote Post
Lawpf2001
post Mar 26 2008, 12:16 PM
Post #4


Knight Errant
*******

Group: Clan Members
Posts: 645
Thank(s): 0
Points: 79
Joined: 18-November 07
From: Swindon
Member No.: 43




yeah you did!

what was there people on the server banned this way? As from the people ive seen on the server who've been banned they all seem pretty dodgy. however i remember seeing in the log thing it banning someone whose name i didnt recognise so i presume had just tried to enter the server.


--------------------
Go to the top of the page
 
+Quote Post
MonkeyFiend
post Mar 26 2008, 01:04 PM
Post #5


Security and Projects
**********

Group: Clan Dogsbody
Posts: 4,687
Thank(s): 1098
Points: 2,440
Joined: 31-August 07
From: A Magical Place, with toys in the million, all under one roof
Member No.: 1




nope - no-one on our server banned in this way (yet)

the GUID discussion was about spoofing; this does happen on some games such as ET (et pro guids (see patched guids for more)) but not in BF2, as I said in game I've never seen a bf2 pb guid spoofed and if it were possible people would not evade bans by generating new guids (by buying/acquiring new keys) they would just change their guids.

The big cheat sites also do not list any tech for spoofing guids and often sell cheap keys for new guid generation. (although all admins should be aware of the pb_sv guid relax function in your pbsv.cfg and set it to 0)

If guids were spoofable would also mean the psb/pbbans banlist would be instantly worthless.

I've had people trying to 'take me down' etc., by name/pid spoofing me - thankfully though they have always tried via their own guids. My 2 guids (from mine & tesses computers) have always been clean, so such spoofing won't affect me since pb/pbbabs/psb only use guids.


--------------------

Go to the top of the page
 
+Quote Post
MonkeyFiend
post Apr 4 2008, 09:59 AM
Post #6


Security and Projects
**********

Group: Clan Dogsbody
Posts: 4,687
Thank(s): 1098
Points: 2,440
Joined: 31-August 07
From: A Magical Place, with toys in the million, all under one roof
Member No.: 1




This should now be fixed and the false positives removed.


--------------------

Go to the top of the page
 
+Quote Post
RogueGoose
post Apr 5 2008, 03:23 PM
Post #7


Banned Member


Group: Banned
Posts: 8
Thank(s): 0
Points: 0
Joined: 2-January 08
From: South Yorkshire
Member No.: 55




have a look at this server ip addy 64.34.176.223:16570 full of cheating fecks

and this is their server name

EA Ranked Server HIGH POINTS KNIFE and pistol ukm eff modded wiw DD =[DD]= Germany Wake Only/Friday INF only ...Nice Ping...GameTracker


--------------------
Go to the top of the page
 
+Quote Post
RogueGoose
post Apr 5 2008, 03:50 PM
Post #8


Banned Member


Group: Banned
Posts: 8
Thank(s): 0
Points: 0
Joined: 2-January 08
From: South Yorkshire
Member No.: 55




BTW - I wouldn't suggest playing on it


--------------------
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic

 



RSS Lo-Fi Version Time is now: 28th November 2024 - 12:17 PM
Sneaky Monkeys Clan :: MonkeyFiend.com