Jump to content

Streaming Security


MaydaX

Recommended Posts

pbbans.png

 

After the recent fake ban events at GGC-Stream this week it's no secret that streaming is not completely secure. It has never been completely secure and the events of 2008 brought that to light. At which time we informed our streaming admins about the situation and possible solutions. The solution was to either close down for good or continue and tighten our security. Streaming admins wanted to continue so that was our decision.

 

The known fake bans exploit involves using an application to hook into a server and edit its memory to falsify PB logs streamed to a 3rd party. In order for that to happen the person must have full access to the server. In the case of Battlefield 3 the leaked server files could be used to achieve that goal.

 

The mass fake ban attack in 2008 was a wakeup call for us and we took it very seriously. That is the reason we have the high streaming requirements of requiring teams to have a working website, roster, forums showing activity to name a few. The rest of those requirements can be found here.

 

It's why we:

- manually approve all newly added servers to stream

- manually approve all newly added users to existing streaming accounts

- don't allow free online email accounts for streaming applicants.

- don't allow home servers to stream

- don't allow teams with cheaters to stream

- don't allow any server whose IP is found in the MPi (used by a player) to stream

- don't allow cracked servers to stream

- don't show the full 32 character GUID for clean players.

 

We also provide many details for all our bans to aid players in the appeal process should they wish to do so. That includes the server log entry of the violation raised, the server ip and group it belongs to, the guid, alias and IP address of the player.

 

Should any player end up on our banlist they always have the option to appeal. We treat ban appeals very seriously at PBBans. For example if a ban was the result of a PB raised violation from Even Balance (Violation #50000+) then we have the user submit a ticket to Even Balance. If they say it's a false positive or there is no record of a person with that violation (can be caused by network errors) then we lift the ban. For MD5 tool bans if we do not have the exact cheat file (using MD5 checksum) in our database we lift the ban. Better to let a cheater go free than to keep an innocent player banned.

 

Streaming was never a 100% secure system and technically any system where logs are sent to a remote location could also suffer the same problem. We knew the problem existed in 2008 and took the above steps (plus others) to help protect server admins and players from being exploited.

  • Upvote 12
Link to comment
Share on other sites

Also want to point out that the mass number of PnkBstrB.exe restriction kicks recently in Battlefield 3 is completely unrelated to the events listed above. It seems a growing number of players are confusing the fake ban events with the mass restriction kicks for PnkBstrB.exe which is not the case.

 

PunkBuster was updated a few days ago and is likely the cause of those RESTRICTION kicks.

 

Monday 01.23.2012

 

Version 2.287 of the PB Client for BF3 has been released to our PB Master Servers for auto-update and to our website download page. This is a maintenance release.

 

There is a server command that will stop players from being kicked for that restriction (pb_sv_restrictions 0) but a server admin has to enter it.

 

I've sent that command to all the streaming servers at PBBans so players won't be kicked for now. A list of some BF3 servers with bookmark links can be found at.

http://www.pbbans.com/files/msi/bf3_server_list.html

  • Upvote 2
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.