Dutchman101

Don't use GH DLL injector while MTA is running

You got banned as a result of running a detected cheat. Therefore, sending us said cheat would be useless, because after all it's already detected. Because we know you're also one of its developers, considering the nature of said cheat and the repeated attempts over months to get it working, the ban is permanent and will not be removed. Also, we already received the source code.

There were no mistakes in determining who was involved with the malicious activity those bans were handed out for. For each individual, we have reason to believe they were involved with at least DDoS and eventually script backdoor ("TK DLE") attacks. More information is at the (final) handling of this related appeal: https://forum.multitheftauto.com/topic/114545-ban-appeal/?do=findComment&comment=943302 We also determined that individuals discussing the preparation of DDoS attacks in the R9 Freeroam discord, were truly the ones earlier suspected of their involvement in the original investigation. As said multiple times before, our decision is final, no one involved will get an (early) unban. Here is a list of serials for all involved, banned players, as you can see there are tempbans, the duration is based on the severity of their individual participation in said malicious activities: The start date of all bans was 2019-02-01 1) 9D4898D737711F0D420745306905A0E2 - Permanent 2) DBF26F16B8B305D8C9B5CD841C8122F3 - Permanent 3) E963921A698AE84C602C199E31EF67A3 - Permanent 4) 6D2B61424A31EC9B04E424FC197D9DA4 - Temporary (until 04-01) 5) 713441ABBBD9A77C3975BC3A86BB7C53 - Temporary (until 04-01) // same person as #4 6) AC71C37DECEDA67AA2346723B61BF3F3 - Temporary (until 04-01) // same person as #4 7) CCB716A666688091C26123C03A379BA3 - Temporary (until 03-01) 8) 2809D1E78F9B6363558F52206A82F7E2 - Temporary (until 02-18) 9) 106B2A1D54D5AE660A4A1B9B11CEE7F2 - Permanent 10) 511D6AFCBCDE740A6339049499014192 - Permanent 11) 4E92D34EC16ACD8D05EAB720E4C59C02 - Permanent (you, 'Samobo') 12) 9DDA10E0DD8E19AD0F3834A656499C54 - Permanent (you, 'Samobo', PC #2) 13) AAABBE02468C3A35652408264E7D3BE3 - Permanent (you, 'Samobo', PC #3) 14) C52FC03185BD191AA8EE48BC581BB043 - Temporary (until 03-01) 15) 8290553B818631CAC0AAB605F6BDF084 - Permanent @Samobo

You probably did something wrong while forwarding, I advise to repeat the process with the help of this guide on forwarding: If you start the server and use https://nightly.multitheftauto.com/ports/, what does it say?

PORT FORWARDING GUIDE In order to host your own MTA Server, you'll need to forward ports for others to be able to see your server, and join it. If ports are not forwarded properly, other players cannot connect, and your server will feel empty. Additionally, the output of "openports" command in server console would be: Testing ports... Port 22126 UDP is closed. Players can not browse! Port 22003 UDP is closed. Players can not join! Port 22005 TCP is closed. Players can not download! Instructions Locate your network's router or modem physically and look on the back to read its model number/type, then search on Google: as there will always be an official manual and tailored guides to forward ports. You'll have to forward (and possibly port-trigger) MTA server ports as they are defined in mtaserver.conf (ex. C:\Program Files (x86)\MTA San Andreas 1.5\server\mods\deathmatch > mtaserver.conf), if said file is unmodified then these are the default ports to forward: 22003 UDP (main server port) 22126 UDP (because the server browser port is value from <serverport> + 123, it can differ based on main server port which is 22003 by default) 22005 TCP (internal HTTP resource download port) If you can't find your router's make and model, you can try a generic method of forwarding (of which details can deviate), follow these instructions: 1) open cmd (commandprompt) from start > type 'cmd' in search or start > run > cmd, make sure to run "as Administrator" Type this in cmd: ipconfig /all It will output a table of addresses; locate and copy "Default gateway" and "DHCP server" addresses into a text file. 2) open your web browser, and paste & navigate to both addresses like you would if that IP address was a website. Examples: http://192.168.2.1, http://192.168.2.254 (also, both are very common) You will most likely end up on the configuration interface (or login screen) of your router. If you need to login, look if they are on back of your router (sticker placed on it) and if they're not, search this on Google: If there's no known login credentials for your router, try (a combination) of these, both as username (account) and password: username: admin password: admin username: blank (don't enter) password: admin username: blank (don't enter) password: blank (don't enter) * press login without entering anything, it may ask you to set a new password immediately username: provider/ISP name (abbrevation) password: provider/ISP name or blank, or your local translation of the word 'wireless' or 'internet' for the places where username 'admin' is mentioned, you should also try the variant 'Administrator' and 'administrator' (with and without capital letter) As those are the most common login credentials, trying them all has a success rate of 80%. If none of them work, call your ISP, or do a more extensive web search, it should definately be documented (or figured out by someone else on the web) how to log in to your router's configuration panel. Also try searching in your own language. 3) If you successfully logged in, you'll see the configuration interface. It has plenty of tabs for various settings, you should focus on finding the ones relevant for port-forwarding. Now we're going to actually forward the ports: - Click each category (for example: Network, advanced, security/firewall, administration) until it folds out and shows something like "Port forwarding" or "Applications". It doesn't hurt to be scrolling the categories, even in places you don't expect the forwarding page to be, until you found it. It should be there. If you found it, then create a new rule/port number entry and link the correct protocol (or if you don't get it, "both" UDP and TCP") as the corresponding type is listed earlier in my post, up here. Reminder/TLDR: by default, they are 22003 UDP, 22126 UDP, and 22005 TCP. If it asks for port ranges, do it like this: 22003-22003, 22126-22126, 22005-22005. If you don't see a list or form that fits this description, but rather have an "Applications" tab, then go there and create a new entry. Name it "MTA Server" and enter in the correct ports, most often as ranges. Fill out everything that it requires to save, and save & apply. Note: Make sure to reboot your router after setting up the forwarding (or after each troubleshooting step later in this tutorial). 4) Major pitfall (cause of problems): If the forwarding entries table has a field that refers to the client (PC you're going to use for hosting MTA server) by MAC address or local IP address (192.168.x.x), then add it so it will link the forward, as the ports will only be forwarded on said PC If it allows you to select and link a device from a list (most often appearing as computer names), then do so. Otherwise, use the MAC address given in the earlier ipconfig /all command output, or if it asks for local IP address only, then take it from the same place, but directly afterwards you should take steps to ensure said local IP will be static to your host PC, because otherwise it will work only once or randomly (when your PC happens to "lease" said IP, getting it assigned). To set the static lease, find a category relevant to "DHCP server" or gateway settings, in your router configuration panel tabs. Enter the current local IP address (which you entered in the forwarded ports table too) and your network card's MAC address from the previously mentioned command output. Apply & save. Now, your forwarded ports should (keep) working on said PC which will be used to host MTA server. Restart your router. Test if MTA Server has its ports forwarded by starting it up and writing "openports" into the server console, or alternatively with https://nightly.multitheftauto.com/ports TROUBLESHOOTING If it doesn't work, go back into your router configuration and try these workarounds: 1) Locate the internal router firewall settings and lower its level (like, set it to Low so it's less aggressive) or disable it. 2) Make sure MTA server isn't being limited or having its traffic blocked by the firewall on your host PC. If you have a third-party firewall (or complete security product with both anti-virus and firewall or 'internet security'), open it and whitelist MTA Server.exe in a new or existing rule, set it to allow all traffic and activities from it. If this doesn't make it work, completely and temporarily disable the security software to try again and see if the issue was related. If MTA server now works, scrutinize your PC firewall's settings again or use another. If you don't use such security software, or you do but the last steps didn't work, then also check Windows Firewall (it can even run together with your security software firewall which means you gotta whitelist on both). Go to start menu > type "Windows Firewall" or "Windows Defender Firewall" or alternatively Control Panel > Windows Firewall ("with Advanced Security") and then go to its advanced settings. Now, whitelist the MTA Server.exe process like previously explained, in Windows Firewall (both inbound and outbound connection categories) If none of the above options work, you will have 3 last resort steps to take, in sequence: - See if something called "port triggering" is in your router's configuration panel. If it is, then it possibly relies on it for forwarding. "Trigger" the same ports that you "forwarded" earlier, but also keep the forwarding entries. - Add the host PC to DMZ zone. Find the relevant setting in the router configuration interface, most often it's under the "Firewall" or security categories. Now add your local IP or MAC address to make it a DMZ host. *Note: enabling DMZ basically opens all ports, exposing your host PC to the internet and therefore presenting a security risk. This step is most suitable to probe where the problem is; if it suddenly works, then you most likely did something wrong in the process of forwarding. It's not advised to settle for it and keep DMZ enabled on your device. If even DMZ doesn't make it work (given that your forwarding & DMZ device is properly pointing to the host PC, as explained in the DHCP lease/static local IP chapter up in this topic), then the problem is more likely to be with your PC and its network configuration, or otherwise the network infrastructure: it's possible that the router you're configuring (forwarding in) isn't the only device between your PC and the network line that goes to your house. If there's a second router, network (edge) switch, or modem-like router that is between the internet signal and the main wireless (WiFi) router, like is sometimes the case, then you may need to forward ports on both of them and eventually trigger ports to the second router after forwarding them on the directly connected modem. For more information on that scenario, open below spoiler: If you don't have a second router/modem, DMZ doesn't make it work, and neither did any of the forwarding & port triggering instructions listed in this topic (so basically you forwarded and also tried all the listed workaround and troubleshooting methods, including reviewing your firewall settings), then there's a good chance you're still doing something wrong. Consult with someone you know is experienced with networks or technical matters (IT) in general, and ask for help or advise. The ultimate last resort, also in the case you're not doing anything wrong, is calling your ISP (internet provider) and describing the problem and steps taken. You could also ask for a new router, the latest model issued to new customers. However, as I indicated, the chance it's on your and not on their end, is higher. I hope this guide helped. I still advise to stick to the router model-specific forwarding instructions that can be found on the web/internet provider's documentation, rather than using my generic methods for the steps from logging in to actually forwarding the ports. I cannot guarantee you'll succeed with the generic guide for the millions of router devices that exist, it's simply a culmination of personal knownledge.

Refer to post at https://forum.multitheftauto.com/topic/114716-something-strange/?do=findComment&amp;comment=944974 for more information

Refer to the post at https://forum.multitheftauto.com/topic/95681-vf-2-error-when-connected-to-server/?do=findComment&amp;comment=856589 Also, the bottom of that post contains a clarification of the exact error code that you get.

You're getting kicked because of using "ArtMoney" memory editor (similar to Cheat Engine) while MTA is running. To solve the problem, just don't run software like that together with MTA. If nothing helps, uninstall that tool completely or reboot your PC if you used it once since startup; detection can be persistent just like with Cheat Engine.

You were banned for using paid hacks. You won't get unbanned until the ban expires in a month.

Although we hear all kinds of excuses, there is simply no valid one for attempting to use hacks, besides running the DLL injector you also tried using a known (but detected) MTA hack, a so-called anti cheat bypass. Too bad you got caught, and now you'll do the time. There'll be no early unban, sorry.

We're working on it, please use older server revision until we get back to you.

The attempt you're describing wasn't the first time you tried to use cheats, you're always looking for new cheats to use and have multiple bans on record. I planned to tell you that we'd consider your unban and you'll hear from us shortly, but then I noticed that you also tried to run a custom version of a known, detected MTA cheat 2 days ago. Therefore, I don't think you learned from your mistakes. Appeal denied

Not really.. it's not neccesarily the fault of server (HTTP server). It's logging the client for a reason, if it doesn't affect everyone then something on the PC of said player is interfering with the download of client resources, for example when harmful applications (such as viruses) that scan and modify all files received on a PC, or those of a specific extension or with certain characteristics. Also there are aggressive "download managers" that hook onto any HTTP data stream and could therefore mess with (modify) all incoming downloaded files on that PC, albeit often not with such intrusive modifications that it would prevent its usability on the client. Another interference type is something nulling, removing or locking files, which may result in the MD5 from error message being 00000000000000000000000000000000 or D41D8CD98F00B204E9800998ECF8427E (which means empty file). Logically, this would also happen when a virus scanner on the client's PC flags and removes a downloaded resource file for some incorrect reason (such as the server's HTTP server or its hoster being listed as a known source of malicious files in the past), or something prevents MTA from properly reading/accessing/writing said file. Another common reason for these messages are that you (or something) modified (script or binary) files in a resource without restarting said resource afterwards. You'll need to do that and await the "has changed, reloading" message in server console. I'm just trying to say, there are tons of ways in which a downloaded client resource file can get damaged, or externally modified. Most of them are due to problems such as the ones I named, (so basically innocent) although some of them could either be clandestine (related to cheating attempts; modifying running scripts beyond the ordinary) or able to cause problems with resource execution. Therefore, if you have a competitive server, we advise you add extra security by enabling SD #22 and eventually #23 in mtaserver.conf <enablesd> (info at https://wiki.multitheftauto.com/wiki/Anti-cheat_guide#.3Cenablesd.3E.3C.2Fenablesd.3E) so that incorrect file downloads will lead to automatic kick of said player. These opt-in detections are described as: Disallow resource download errors/corruption (Lua script files) Disallow resource download errors/corruption (Non-Lua files e.g. png,dff) *Note: if all, or many players on your server are triggering these error messages, it's possible than rather their client PC, something is wrong with the HTTP server of your MTA server. In that case, if you have an external HTTP server, you should verify its configuration and if its content matches what generates in the MTA resource-cache folder. If you cannot resolve it, re-install it with the latest version of a webserver such as Apache. If you're not using external HTTP but the built-in internal HTTP server (default), then verify (with a hash generation tool) the MD5 of files that throw errors for clients, from this location: server\mods\deathmatch\resource-cache and note down the MD5 results. Then go to the actual resource folder at server\mods\deathmatch\resources and do the same thing for the supposedly identical files, and note down the MD5 results. If 1) the results don't match (different MD5), then clear the resource-cache folder (delete all of its contents), update MTA server, launch it and check again. If it's still not resolved after this, or 2) if (now or from the beginning on) the results of those files from \resources\ match with those from \resource-cache\ (but you're still getting a lot of HTTP mismatch errors on most of your players, which is why you're reading this chapter to begin with), and you're sure that you're using the internal HTTP server, then something on the server machine may be using the same port as the configured HTTP server port for MTA (mtaserver.conf) and interfering, or some HTTP-utilizing appliance or service may be running on the same machine that still manages to interfere; you should review the server's environment and configuration. It's also possible for firewall (gateway) to selectively fail specific HTTP transmissions. If you cannot locate the culprit, as a last resort we advise that you restore your server machine environment to a clean installation without additional bloat or services running or being installed.

Thanks for the backtrace, however please provide dump files from server\dumps\private (upload to http://upload.mtasa.com)

Please read and review the updated section guidelines and make the neccesary changes to your topic in order for it to be compliant. Additionally, we will start removing personally sensitive data from this topic, and expect you to make the required changes within 48 hours. EDIT: I made the neccesary changes to application format for you, in order to remain compliant please don't change the formulation of given name (now 'First name' instead of 'Real name') or remove the note in the e-mail column.

Following internal review, these regulations have been updated to include safeguards for user privacy (data collection policy for hosters and a specific policy for free hosters) and safe practise advise/warnings for users. Starting today, all hosting providers will have to comply with the updated regulations.

This implication is incorrect, as the current situations is as follows: - Towtruck can tow empty vehicles (as far I know, there's no MTA version in which vehicles occupied by players could be towed.. probably a technical limitation) - Towtruck can tow an infinite amount of other towtrucks. Contrary to what you think, these additional towtrucks can be chained together in the way you described. If i misunderstand, you could upload a video with reproduction of the latter, to clarify. *Note: i wrote the tone of this post with TS's recent activity in mind

Both of your crashes are related to anims. Do you use custom animations (IFP)? If you do, then they might be corrupt and I'd advise you to stop using it to find out, or have someone experienced with anims take a look at it/attempt to fix them up. Also, @Saml1er is interested to learn more about these particular crashes, so if you are using custom anims, it would be appreciated if you sent all of them (preferably along with your relevant crash dumps) to him in a forum PM.

No, most (if not all) of your posts are asking for some sort of help, and our policy is that such posts won't ever be deleted because they may help others with the same problem in future. Furthermore, even if they weren't in those places, deleting particular posts would break existing discussions and make them look awkward. It's possible to 'delete' your account (anonimize it, so your posts will appear as made by 'Guest') but unfortunately anonimizing particular posts isn't possible. If you want to opt for account removal instead, feel free to read more about the procedure at https://forum.multitheftauto.com/topic/12275-forum-rules/ (Appendix D). So unfortunately it's all or nothing, @Gat

I apologize for the delay in responding (I was on vacation), but the real reason for these bans is an underlying technical issue with hibernation of your PC, or something similar that compresses or saves memory/running processes. You already deleted GH DLL injector but due to this, the detection still triggers. Perform a full reboot (not sleep mode or hibernation) by clicking start > power menu > restart PC Note: unbanned early, just make sure to prevent it from happening again. @mateyo

We discovered that you used backdoor commands on a server you intended to breach, using the so-called TK-DLE resource. Malicious hacking activity will not be tolerated and can result in a global MTA ban. We were already on the track of identifying you as TK member or individual from R9 Freeroam (which has made itself known for illegal acts lately; refer to https://forum.multitheftauto.com/topic/114545-ban-appeal/ for details) and thus it came to no surprise that we actually saw you using these backdoor tools; it seems to be in the nature of you guys. Unfortunately caught, appeal denied.

All of your image links are invalid

Don't run GH DLL injector while MTA is opened, you got a ban for this tool before. Unbanned early because GH still results in a longer ban than other injectors

You're the co-owner of a server (R9 Freeroam) that has been banned from MTA because of its leaders and admins constantly engaging in illegal activity (DDoS'ing their own players and other servers). After this ban, you guys decided to start evading it by switching hosts. This, together with your known involvement in plotting attacks (both in person to your fellow server admins/(co)owners, and on the R9/Morgue Freeroam discord), has resulted in us also banning the server leadership and high admins that we consider taking part in all these illegal acts and evading the actions taken, from MTA. As co-owner of this malicious server, you personally received a permaban, and not everyone involved did. Please refer to the extended explanation given to the owner (ScreaM) of R9 freeroam: The owner had been banned for DDoS a few years ago, and after evading it for a while he found his other PC was still banned from the old incident. He appealed, and got unbanned; it didn't take a week for him to DDoS yet another player. After this, our investigation turned up links between your server and a clan that focusses merely on DDoS activity rather than playing. It was no surprise that more people, similar to the DDoS'ing owner, were coming together to call R9 Freeroam their home. Furthermore, we confirmed the spirit that all of the banned server leadership had (and high admins.. not all admins/staff), which was a drive to discuss and execute DDoS attacks. In the investigation that followed, you weren't compliant and mostly resorted to personal attacks on me, but you gotta realize I got a thick skin and will go far if we need to protect others on MTA against a certain group of individuals. Besides the original investigation, I have also witnessed all co-owners and admins that are currently banned, discuss new attacks to launch. You quickly wiped the channel and banned me from your discord when you found out. All bans given are a result of either identification from openly discussing attacks/malicious actions while on the MTA server itself, or solid links between the Discord server tied to R9/Morgue Freeroam in which said individuals were listed as server admins/owners and discussing attacks, furthermore confirmed in identity and serial by linked activity on the MTA server. Please don't forget that a reality in which a player needs to use a VPN in order to safely join a certain server (and will be at risk when they piss someone off through gameplay), is one that we will not accept. You guys even went as far as to create "databases" full of aggregated player serial/IP for easy lookup to DDoS them if they frustrated you while on another server. *Note: this will be a template reply for anyone that will try to appeal a ban like this, we are unfortunately not open for arguing, as I have spent a few hours doing that fruitlessly during my investigation. Our decisions are final.

Something like https://community.multitheftauto.com/index.php?p=resources&s=details&id=11622?