It was brought to my attention that these logs have been posted on ZSZ forum under "Hall Of Shame" section for cheaters. It shows two members of my clan & states that they have cheated. I would have thought that these logs would have been

1) Posted here 1st to see if indeed they were cheats before it was posted publically on ZSZ forums

2)Sent to me so I would be informed about this since it did directly deal with members of my team

3)Fully make sure these logs are indeed correct & cheats before posting this with my teammates names in a "Hall Of Shame"

If this does come back showing that these are indeed cheats, we will deal with it..

However if this comes back that these are false positives, I suggest ZSZ & Evil Dragon that from now on, before you Publically post info on known clans that you KNOW for a fact that these are Indeedcheats before adding these posts in your forum. Also, I would make sure & post what you believe to be cheats to bring them to the attention of others who might know & also to the Leaders of the clans in question. If this is not a cheat & I have 2 members listed in the "Hall Of Shame" on ZSZ then this was done with really poor judgement..Thank you all..

Here Are The logs

ScriptLog: ### ANTHCHECKER - PLAYER KICK
ScriptLog: ### -------------------------------------------------------------
ScriptLog: ### - Player name : *************
ScriptLog: ### - Player IP : **************
ScriptLog: ### - Player OS : Windows
ScriptLog: ### - EngineVer : 432
ScriptLog: ### - RenderDev : Software Rendering SoftDrv.dll
ScriptLog: ### - RenderVer : Unknown Renderer
ScriptLog: ### - RenderChksm : 0BA2DF6DB18F90F0DEF53735E07136BC
ScriptLog: ### - RenderSize : 389120 bytes
ScriptLog: ### - TimeStamp : 16-11-2006 05:21:37
ScriptLog: ### ----------------- Additional information -----------------
ScriptLog: ### - GUID : tsfk~QTOX~PULPPLQOOU~OSYTVYSW~PW9996_-1571788447
ScriptLog: ### - GUID Valid : True
ScriptLog: ### - KickType : 4
ScriptLog: ### - AnthChecker : v1.37 (Build 1)
ScriptLog: ### - Reason : Possible hack in renderdevice
ScriptLog: ### -------------------------------------------------------------
NetComeGo: Close TcpipConnection839 Thu Nov 16 05:21:37 2006
ScriptLog: [ChatLog][2006-11-16 05:21][System]: *********** left the game.
NBSP: [NBSP]- Player has left: ************* | PC/SFT | ID: 18


ScriptLog: ### ANTHCHECKER - PLAYER KICK
ScriptLog: ### -------------------------------------------------------------
ScriptLog: ### - Player name : *************
ScriptLog: ### - Player IP : ****************
ScriptLog: ### - Player OS : Windows
ScriptLog: ### - EngineVer : 436
ScriptLog: ### - RenderDev : OpenGL OpenGLDrv.dll
ScriptLog: ### - RenderVer : UTGLR v3.2 OpenGL Renderer
ScriptLog: ### - RenderChksm : 9A5929F6CA3539E8665B539CE6713DEB
ScriptLog: ### - RenderSize : 122880 bytes
ScriptLog: ### - TimeStamp : 16-11-2006 11:29:25
ScriptLog: ### ----------------- Additional information -----------------
ScriptLog: ### - GUID : qpch{NQLU{MRIMMINLLR{MMVNLVON{MO9216_-244416444
ScriptLog: ### - GUID Valid : True
ScriptLog: ### - KickType : 8
ScriptLog: ### - AnthChecker : v1.37 (Build 1)
ScriptLog: ### - Reason : Client loaded an illegal library! (possibly hacked)
ScriptLog: ### - File : SoftDrv.dll
ScriptLog: ### - Checksum : dcfa5939b7bf80c3f2d395cc06dda65a
ScriptLog: ### -------------------------------------------------------------
NetComeGo: Close TcpipConnection1199 Thu Nov 16 11:29:25 2006
ScriptLog: [ChatLog][2006-11-16 11:29][System]: ************ left the game.
NBSP: [NBSP]- Player has left: *********** (***********) | PC/OGL | ID: 13

hi
i am pretty sure both of those logs are false positive
and if i remember correctly in previous posts those types of logs were dismissed as false positives also

here is the link to the other subject on this

http://www.unrealadmin.org/forums/showthread.php?t=13388&page=6

The second log I know is false positive (I just asked a few days ago about the same thing)... and Baiter said:

"When the Driver used in "### - RenderDev :" differs from the one in "### - File : " and is a VIDEO Driver DLL, then its gonna be a false positive."

As for the first one, I'm not sure. It doesn't know what rendering device he's using so, its assuming it might be hacked (I think). Over at our server, we have it set to kick those guys and if they post at our forums, we ask them to send their rendering device to us so we can see what is being logged. Better safe than sorry.

Unless the md5 of the corrupt file matches one of a known hacked one there is no way to tell if it is really a cheat or not.

Best to assume that it is a false hit.

on further checking also it cold be an out of date driver
and another problem with that is if they have changed from soft rendering to open gl
without restarting the game u can have an issue too

but tread easy oofki, i would hate for old wounds to open

So, this can be caused by dozens of different things, a cheat does not necessarily have to be one of them..?Also seems that this could have be done when he changed from software rendering to open GL due to his card showing the game too dark...

Thank you all for your help & responses. I wil get in touch with ZSZ from here. Your help in this matter & input was greatly appreciated..

However if this comes back that these are false positives, I suggest ZSZ & Evil Dragon that from now on, before you Publically post info on known clans that you KNOW for a fact that these are Indeedcheats before adding these posts in your forum. Also, I would make sure & post what you believe to be cheats to bring them to the attention of others who might know & also to the Leaders of the clans in question. If this is not a cheat & I have 2 members listed in the "Hall Of Shame" on ZSZ then this was done with really poor judgement..Thank you all..

And I would suggest, Thane, that next time before you rant publically, that if your members get caught again anywhere that they contact the admin of that clan to clear up the issue.
At least that's what I do when I feel I triggered a false positive.

Besides, as for the first log:
yes, I do know that this is a false one
### - Checksum : 5617e9dd363c94ba1e31fee07b32bf36
and you do not see those in our cheaters list.
But I don't see that checksum in the log of your member, nor do I see in the first log "### - RenderDev :" differing from the one in "### - File : "

Other than that in none of all the replies I see really a proof that those are not cheats, all I see are assumptions, that you can't know for sure unless the MD5 matches and that others would also consider this or the other as cheat. So maybe we just wait for Anthrax to clear this up definitely.

Also usually in our forum there's a sticky saying if anyone feels they are in there by mistake to please send a letter to Admin - I just noticed that sticky is gone what might have to do with our recent move of the forum. So that's what I apologize for, but not for posting those logs there.

And last, as for contacting DMF before posting: if your member goes by an incognito - should my christal ball have told me he's a disguised DMF-member?

Also:

I would have thought that these logs would have been
1) Posted here 1st to see if indeed they were cheats before it was posted publically on ZSZ forums
..
3)Fully make sure these logs are indeed correct & cheats before posting this with my teammates names in a "Hall Of Shame"

I have an Anticheat to detect cheats - now if I question each and every log and post it here to make sure if it's a true or false positive then why would I have that Anticheat if I obviously don't trust it anyway???

Found 2 more saying not sure and suggesting to have the renderer checked by Anthrax - so maybe you do that?

1.
Question:
http://www.unrealadmin.org/forums/showpost.php?p=79393&postcount=9
Reply:
http://www.unrealadmin.org/forums/showpost.php?p=79398&postcount=11

I know this was with AC1.36 but if it was a bug there I'd assume it was fixed in 1.37.

Here is the 2.
http://www.unrealadmin.org/forums/showthread.php?p=89351

This one done with AC1.37

Evil_Dragon;106146']I have an Anticheat to detect cheats - now if I question each and every log and post it here to make sure if it's a true or false positive then why would I have that Anticheat if I obviously don't trust it anyway???

every anticheat I know of has false positives and banning them all then letting them prove their innocence is the wrong way to go about it.

the first looks like a SoftDrv.dll that Anthchecker doesn't recognise (hence the Unknown Renderer) and the second one looks like a known bug thats been posted here a few times.

every anticheat I know of has false positives and banning them all then letting them prove their innocence is the wrong way to go about it.

I never banned any of those and this is not about banning it's about me refusing to question EVERY log the Anticheat throws out.

1. Question: why is that renderer unknown - or can't be recognized in at least 1 of the 8 times he tried to login?

3. Question: just because the renderer is unknown I am to assume all is fine and it's not a cheat?
Sorry, but I really think the guy that wants to play on our server with that unknown renderer should take care about proving it's all legal.

well they are posted in the hall of shame and that in itself can be
enough to put anybody's back against the wall especially if if a clan knows the other enough to contact their leader and give a heads up so they can
investigate the member involved.
posting first before checking it out is wrong especially when the cheat protects are known to have issues when drivers and updates are always being updated

and i reiterate it is up to the admins to get it right and check to make sure its a true cheat especially when there are known issues with a cheat protect

false positives are damaging if handled inproprly

Well I don't thin dragon did anything too bad. I didn't see that log that you are talking about but it isn't really a big deal. Lots of logs are posted on ZSZ forum. I doubt anyone really uses the software renderer anyways so I do not think some one would use something so laggy just see through walls because thats the most they would get out of a hacked file like that.

He also didn't go around to every forum he could find posting that a DMF member was a cheater even if DMF does do that to other people. ZSZ does have the right to put what ever they want on their own forum as well. It is theirs after all.

1st off Oofki, I have nothing to talk to you about, many in the ut communitity know what you & yours are about. To have you sit here & say that DMF posted on every forum we can find to show the world what you & the rest of XIS was about was unnecessary. A group, a rather large one I might add banded together against you & yours & proof was plentiful to say the least. A PSA was put out out that DMF agreed to add to their forum, we did not blast other forums with it ourselves, that was done by others. Take it up with them. Another thing, Evil Dragon is a woman, not a man, so all the implying of he this & he that shows your ignorance even more.

For you to sit here & tell me what they did was not wrong means nothing to me or anyone else for that matter. When you come from a clan that conducted itself like you & yours have, what you think about how things are handled is moot & not the general feeling of RESPECTED ut clans so your opinion is pointless to me.

Evil Dragon, it seems that most of who have responded here do not feel the same as you. I will leave this thread alone & take it where it needs to be addressed, on the ZSZ forum. Thank you all for your input once again.

1 : unknown renderer. Anthchecker can identify nearly every legit renderer that was ever released to the public. Unknown renderers might be a cheat but they might also be homemade renderers. Either way, the player should not be able to play before the renderer has been checked and added to the whitelist

2 : not really an anthchecker bug. This can happen when you switch to windowed mode and back to full screen mode. If you use a different renderdevice in windowed mode (eg: softdrv in windowed mode, opengl in full screen mode) then you'll get a log like this. Once again, the player should not be able to play as this "feature" of the UT engine can be abused to load malicious dll files.

... and if you guys want to keep on about this topic, do so elsewhere please ;)
(it's a sore on my eyes)

Let's keep adminning here and arguing elsewhere.

2 : not really an anthchecker bug. This can happen when you switch to windowed mode and back to full screen mode. If you use a different renderdevice in windowed mode (eg: softdrv in windowed mode, opengl in full screen mode) then you'll get a log like this. Once again, the player should not be able to play as this "feature" of the UT engine can be abused to load malicious dll files.


ahh cool! never knew that....good information! :thumbup:

Im am not commenting here anymore, like I said in my post, I am taking it where it belongs, on ZSZ forum..Thanx again

that first log can also be created by onboard video with ut in soft rendering and version 432 from a public download of ut for your info anthrax

how i know this is, i have come across this 2 times in last month and have informed both newbie players to update to the 436 patch and the problem was fixed

Sorry about the argueing but thanks to everyone for their patience and comments.

And BIG thanks to Anthrax for clearing this up.

I didn't know you could have a seprate driver for windowed mode.

And Thane I only said they did nothing wrong they didnt go posting it every where or calling names. ZSZ is a respected clan and they would never do anything like that