Upvote Upvoted 150 Downvote Downvoted
1 2 3
PSA: Hacker collecting TF2 player IPs
1
#1
serveme.tf
0 Frags +

-----
tl;dr if you're playing in a casted match make sure you use a fresh IP and keep it hidden as best as you can, because someone has been collecting IPs for as many TF2 players as he could
-----

First of all, the word "hacker" from the title could mean a person using technology in some clever way (with no evil in mind), or it could be the media's definition of the word, meaning a computer criminal.
I don't know for sure the intent of this person, so I'll leave open what kind of hacker we're dealing with here.

Late last night I found out that someone has been downloading the zipfiles for all serveme.tf and na.serveme.tf reservations for the past 5 weeks. These zip files contain two things, the STV demos and the server logs files. Server log files contain the connect info of a player (IP).
Normally these zip files are only accessible for people playing in the reservation, the link to download them is not given out to other people. There is no login-restriction on the download though, so you could share the link to the zip file with a friend for example.

Now the hacker wrote a bot to scrape the serveme.tf's new reservation form (to get a list of servers) and the recent reservations page. By combining the information the bot could construct the zip file URLs of the recent reservations and schedule a download at the expected end time of a reservation.
All of this became apparent by looking at my serveme.tf webserver logs. Automated visits to the reservation page every 10m, the subsequent downloads of all the zips. But I also noticed a few HTTP referrers in the download of some zip files. This is the origin site of an incoming link to your site, meaning the hacker had a site where he sometimes would click on a zip URL hosted on serveme.tf.

Using this HTTP referrer, I was able to find one of the control pages for the bot and made this screenshot:

http://i.imgur.com/T1KGNQf.png

As you can see, it's quite a fancy tool, and this is just one PHP page, there might be more. Now I can certainly commend someone for building something like this, however that screenshot has 2 scary parts that make me think that STV demos might not be the reason for this tool to exist.
There's a "x connection sequences processed" message, underneath a table that has a column "IP address" and "MySQL". This means that this tool would search through the logfiles of downloaded zips and enter all found players, their names, steam ID and IP in a database so it can be easily queried.

In my search for this person I found some interesting things about the hacker:
- A couple of older alt accounts, ending their activity when a new account would start getting used
- Ton of played games on TF2Center, with a lot of ban requests filed for hacking. No hard proof, just some really good logs.tf stats
- UGC team
- A number of home IP addresses
- Recently donated to na.serveme.tf, with a fake name and address

I've contacted this person and he insists he's just downloading these files for the STVs, but interestingly the VPS hosting the site and bot has been taken offline.

Now this is all could be coincidental, but recently we've also seen an uptick in DDoSes directed at the TF2 community. Most recently the DDoSing of TF2Center (server got DDoSed), and the froyo vs street hoops match (players getting DDoSed). Especially in the last case a database of players and their IPs would be very useful.

Which leads me to the following actions and recommendations:

- If you're in a casted match, make sure your IP is secret
- serveme.tf will start removing IPs from logs (like logs.tf does)
- serveme.tf will add a random component to the ZIP URLs so someone can't just start guessing them all

I've asked the person responsible to reply in this thread.

-----
tl;dr if you're playing in a casted match make sure you use a fresh IP and keep it hidden as best as you can, because someone has been collecting IPs for as many TF2 players as he could
-----


First of all, the word "hacker" from the title could mean a person using technology in some clever way (with no evil in mind), or it could be the media's definition of the word, meaning a computer criminal.
I don't know for sure the intent of this person, so I'll leave open what kind of hacker we're dealing with here.

Late last night I found out that someone has been downloading the zipfiles for all serveme.tf and na.serveme.tf reservations for the past 5 weeks. These zip files contain two things, the STV demos and the server logs files. Server log files contain the connect info of a player (IP).
Normally these zip files are only accessible for people playing in the reservation, the link to download them is not given out to other people. There is no login-restriction on the download though, so you could share the link to the zip file with a friend for example.

Now the hacker wrote a bot to scrape the serveme.tf's new reservation form (to get a list of servers) and the recent reservations page. By combining the information the bot could construct the zip file URLs of the recent reservations and schedule a download at the expected end time of a reservation.
All of this became apparent by looking at my serveme.tf webserver logs. Automated visits to the reservation page every 10m, the subsequent downloads of all the zips. But I also noticed a few HTTP referrers in the download of some zip files. This is the origin site of an incoming link to your site, meaning the hacker had a site where he sometimes would click on a zip URL hosted on serveme.tf.

Using this HTTP referrer, I was able to find one of the control pages for the bot and made this screenshot:
[img]http://i.imgur.com/T1KGNQf.png[/img]

As you can see, it's quite a fancy tool, and this is just one PHP page, there might be more. Now I can certainly commend someone for building something like this, however that screenshot has 2 scary parts that make me think that STV demos might not be the reason for this tool to exist.
There's a "x connection sequences processed" message, underneath a table that has a column "IP address" and "MySQL". This means that this tool would search through the logfiles of downloaded zips and enter all found players, their names, steam ID and IP in a database so it can be easily queried.

In my search for this person I found some interesting things about the hacker:
- A couple of older alt accounts, ending their activity when a new account would start getting used
- Ton of played games on TF2Center, with a lot of ban requests filed for hacking. No hard proof, just some really good logs.tf stats
- UGC team
- A number of home IP addresses
- Recently donated to na.serveme.tf, with a fake name and address

I've contacted this person and he insists he's just downloading these files for the STVs, but interestingly the VPS hosting the site and bot has been taken offline.

Now this is all could be coincidental, but recently we've also seen an uptick in DDoSes directed at the TF2 community. Most recently the DDoSing of TF2Center (server got DDoSed), and the froyo vs street hoops match (players getting DDoSed). Especially in the last case a database of players and their IPs would be very useful.

Which leads me to the following actions and recommendations:

- If you're in a casted match, make sure your IP is secret
- serveme.tf will start removing IPs from logs (like logs.tf does)
- serveme.tf will add a random component to the ZIP URLs so someone can't just start guessing them all

I've asked the person responsible to reply in this thread.
2
#2
9 Frags +

wtf is wrong with people

Anyways, TorGuard is a fairly cheap VPN service. Tom's Hardware did a comparison and they looked to be the best to me so I went for it and am fairly happy, you seriously just run the program and click connect and it takes about 5 seconds.

There's a promo code that seems to never expire, I paid $30 for the year
TGLifetime50

Occasional lag but I usually just disconnect-reconnect again and no issues, though honestly with you guys updating the way your site handles this information it might not even be an issue for people if they can simply get their IP changed which is free and not very difficult.

Nobody cares about any of that, let's speculate who it is!

wtf is wrong with people

Anyways, TorGuard is a fairly cheap VPN service. Tom's Hardware did a comparison and they looked to be the best to me so I went for it and am fairly happy, you seriously just run the program and click connect and it takes about 5 seconds.

There's a promo code that seems to never expire, I paid $30 for the year
TGLifetime50

Occasional lag but I usually just disconnect-reconnect again and no issues, though honestly with you guys updating the way your site handles this information it might not even be an issue for people if they can simply get their IP changed which is free and not very difficult.


Nobody cares about any of that, let's speculate who it is!
3
#3
21 Frags +

This makes me so angry that there's someone out there willing to put all this time and effort into ruining the efforts of many people.
Just when we're starting to pick up speed with viewer counts, matchmaking and streamlists, these next few months are absolutely crucial in the success of comp tf2. It's disgusting that someone would sabotage all that either for small monetary gain or a cheap laugh.

Wrote this on my mobile so sorry for any spelling mistakes but yeah just had to get that off my chest.

This makes me so angry that there's someone out there willing to put all this time and effort into ruining the efforts of many people.
Just when we're starting to pick up speed with viewer counts, matchmaking and streamlists, these next few months are absolutely crucial in the success of comp tf2. It's disgusting that someone would sabotage all that either for small monetary gain or a cheap laugh.

Wrote this on my mobile so sorry for any spelling mistakes but yeah just had to get that off my chest.
4
#4
35 Frags +

Sad to hear that one person wants to ruin it for everyone else but I'm glad that we still have people like Arie to depend on. Thanks for your hard work we appreciate it a lot.

Sad to hear that one person wants to ruin it for everyone else but I'm glad that we still have people like Arie to depend on. Thanks for your hard work we appreciate it a lot.
5
#5
1 Frags +

Just as a start, can you randomize the demo/log URLs being generated per match?

Just as a start, can you randomize the demo/log URLs being generated per match?
6
#6
27 Frags +
kKaltUuJust as a start, can you randomize the demo/log URLs being generated per match?Arie- serveme.tf will add a random component to the ZIP URLs so someone can't just start guessing them all
[quote=kKaltUu]Just as a start, can you randomize the demo/log URLs being generated per match?[/quote]

[quote=Arie]
- serveme.tf will add a random component to the ZIP URLs so someone can't just start guessing them all[/quote]
7
#7
2 Frags +

ah I missed that part, thanks.

ah I missed that part, thanks.
8
#8
6 Frags +

You are an angel Arie.

I am also pretty curious about what this person has to say now so please don't cheese us with the reply mister!

You are an angel Arie.

I am also pretty curious about what this person has to say now so please don't cheese us with the reply mister!
9
#9
6 Frags +

Good work Arie. I know you had a long night(morning?) dealing with this all. Thanks for keeping the community safe.

Good work Arie. I know you had a long night(morning?) dealing with this all. Thanks for keeping the community safe.
10
#10
5 Frags +
DangerKidwtf is wrong with people

Anyways, TorGuard is a fairly cheap VPN service. Tom's Hardware did a comparison and they looked to be the best to me so I went for it and am fairly happy, you seriously just run the program and click connect and it takes about 5 seconds.

There's a promo code that seems to never expire, I paid $30 for the year
TGLifetime50

Occasional lag but I usually just disconnect-reconnect again and no issues, though honestly with you guys updating the way your site handles this information it might not even be an issue for people if they can simply get their IP changed which is free and not very difficult.

Nobody cares about any of that, let's speculate who it is!

Agreed Tor guard is very good for what you are paying.. I have torguard aswell as https://dissemble.me/ . Dissemble has two ddos protected servers which are in Canada/France. The rest are just normal vpns. Currently paying $1 month. Got it yesterday seems to work great.

[quote=DangerKid]wtf is wrong with people

Anyways, TorGuard is a fairly cheap VPN service. Tom's Hardware did a comparison and they looked to be the best to me so I went for it and am fairly happy, you seriously just run the program and click connect and it takes about 5 seconds.

There's a promo code that seems to never expire, I paid $30 for the year
TGLifetime50

Occasional lag but I usually just disconnect-reconnect again and no issues, though honestly with you guys updating the way your site handles this information it might not even be an issue for people if they can simply get their IP changed which is free and not very difficult.


Nobody cares about any of that, let's speculate who it is![/quote]

Agreed Tor guard is very good for what you are paying.. I have torguard aswell as https://dissemble.me/ . Dissemble has two ddos protected servers which are in Canada/France. The rest are just normal vpns. Currently paying $1 month. Got it yesterday seems to work great.
11
#11
5 Frags +

x

x
12
#12
5 Frags +

How can I change my ip address? and wouldn't playing through a vpn make you lag? or at least increase your ping? Basically how can I as a player prevent myself from getting ddos'd.

Also what is preventing people from ddosing the servers that we're playing on? If I remember right only one of the server providers under serveme has ddos protection.

Excellent work keeping on top of this Arie, it's a shame that every time we have a good game/tournament someone feels the need to ddos it.

How can I change my ip address? and wouldn't playing through a vpn make you lag? or at least increase your ping? Basically how can I as a player prevent myself from getting ddos'd.

Also what is preventing people from ddosing the servers that we're playing on? If I remember right only one of the server providers under serveme has ddos protection.

Excellent work keeping on top of this Arie, it's a shame that every time we have a good game/tournament someone feels the need to ddos it.
13
#13
serveme.tf
8 Frags +
kosHow can I change my ip address? and wouldn't playing through a vpn make you lag? or at least increase your ping? Basically how can I as a player prevent myself from getting ddos'd.

Also what is preventing people from ddosing the servers that we're playing on? If I remember right only one of the server providers under serveme has ddos protection.

Depends on your ISP. For mine, I can power off the modem, change my router's MAC address and power on the modem again to get a new IP.
For some just power cycling the modem can be enough, or leaving the modem off for 30 minutes before turning it on again might work.

A VPN can increase your ping yes, it can also lower your ping if your VPN has better routing to the gameserver interestingly. If you pick a VPN on the route to the gameserver, or very close by the gameserfver, it can be very competitive ping-wise.

The French servers on serveme.tf offer some DDoS protection. BeretBrigade and FromageBrigade have protection that can take a minute or two to kick in (during which you'd already be disconnected from the gameserver due to a timeout). BisouBrigade is the only one with DDoS protection that's always active and that actually seems to work.

[quote=kos]How can I change my ip address? and wouldn't playing through a vpn make you lag? or at least increase your ping? Basically how can I as a player prevent myself from getting ddos'd.

Also what is preventing people from ddosing the servers that we're playing on? If I remember right only one of the server providers under serveme has ddos protection.[/quote]

Depends on your ISP. For mine, I can power off the modem, change my router's MAC address and power on the modem again to get a new IP.
For some just power cycling the modem can be enough, or leaving the modem off for 30 minutes before turning it on again might work.

A VPN can increase your ping yes, it can also lower your ping if your VPN has better routing to the gameserver interestingly. If you pick a VPN on the route to the gameserver, or very close by the gameserfver, it can be very competitive ping-wise.

The French servers on serveme.tf offer some DDoS protection. BeretBrigade and FromageBrigade have protection that can take a minute or two to kick in (during which you'd already be disconnected from the gameserver due to a timeout). BisouBrigade is the only one with DDoS protection that's always active and that actually seems to work.
14
#14
10 Frags +
ArieMassive Snip

Uh, question, why would you give out raw logs? Logs.tf parses IP info from their log files why doesn't serveme do the same? That is a huge security issue because, even if you get the log files the proper way you still have IP info from the other players. That's a nasty privacy problem IMO.

Many players, including myself, have ISPs who have IP's hardcoded to the MAC address of our modems so changing IP's is not as simple as restarting it. Luckily I only play lobbies on my own servers due to getting ddos'd late last year so this isn't an issue for me much anymore...

Here's an example of how connects are shown in a parsed log file:

L 03/17/2016 - 21:47:53: "A Drunken Sailor<3><[U:1:107520882]><>" connected, address "0.0.0.0:62985"
L 03/17/2016 - 21:47:53: "A Drunken Sailor<3><[U:1:107520882]><>" STEAM USERID validated
L 03/17/2016 - 21:47:56: "reps<4><[U:1:132639949]><>" connected, address "0.0.0.0:27005"
L 03/17/2016 - 21:47:56: "hollandese<5><[U:1:118371009]><>" connected, address "0.0.0.0:27005"
L 03/17/2016 - 21:47:56: "reps<4><[U:1:132639949]><>" STEAM USERID validated
L 03/17/2016 - 21:47:56: "hollandese<5><[U:1:118371009]><>" STEAM USERID validated
L 03/17/2016 - 21:47:56: "DubThink<6><[U:1:171769009]><>" connected, address "0.0.0.0:27005"
[quote=Arie]Massive Snip
[/quote]


Uh, question, why would you give out raw logs? Logs.tf parses IP info from their log files why doesn't serveme do the same? That is a huge security issue because, even if you get the log files the proper way you still have IP info from the other players. That's a nasty privacy problem IMO.

Many players, including myself, have ISPs who have IP's hardcoded to the MAC address of our modems so changing IP's is not as simple as restarting it. Luckily I only play lobbies on my own servers due to getting ddos'd late last year so this isn't an issue for me much anymore...

Here's an example of how connects are shown in a parsed log file:
[code]
L 03/17/2016 - 21:47:53: "A Drunken Sailor<3><[U:1:107520882]><>" connected, address "0.0.0.0:62985"
L 03/17/2016 - 21:47:53: "A Drunken Sailor<3><[U:1:107520882]><>" STEAM USERID validated
L 03/17/2016 - 21:47:56: "reps<4><[U:1:132639949]><>" connected, address "0.0.0.0:27005"
L 03/17/2016 - 21:47:56: "hollandese<5><[U:1:118371009]><>" connected, address "0.0.0.0:27005"
L 03/17/2016 - 21:47:56: "reps<4><[U:1:132639949]><>" STEAM USERID validated
L 03/17/2016 - 21:47:56: "hollandese<5><[U:1:118371009]><>" STEAM USERID validated
L 03/17/2016 - 21:47:56: "DubThink<6><[U:1:171769009]><>" connected, address "0.0.0.0:27005"
[/code]
15
#15
-5 Frags +
AriekosThe French servers on serveme.tf offer some DDoS protection. BeretBrigade and FromageBrigade have protection that can take a minute or two to kick in (during which you'd already be disconnected from the gameserver due to a timeout). BisouBrigade is the only one with DDoS protection that's always active and that actually seems to work.
Naturally this will raise some questions.

Why don't US servers have this option, or anywhere else? What is the difference in technology between Bisou and the rest, and what are the downsides to using this feature?

Not nearly enough wild speculation about who the perp is, I know I have my guess.
[quote=Arie][quote=kos]
The French servers on serveme.tf offer some DDoS protection. BeretBrigade and FromageBrigade have protection that can take a minute or two to kick in (during which you'd already be disconnected from the gameserver due to a timeout). BisouBrigade is the only one with DDoS protection that's always active and that actually seems to work.[/quote]


Naturally this will raise some questions.

Why don't US servers have this option, or anywhere else? What is the difference in technology between Bisou and the rest, and what are the downsides to using this feature?

Not nearly enough wild speculation about who the perp is, I know I have my guess.
16
#16
serveme.tf
6 Frags +
DoctorMiggyUh, question, why would you give out raw logs? Logs.tf parses IP info from their log files why doesn't serveme do the same? That is a huge security issue because, even if you get the log files the proper way you still have IP info from the other players. That's a nasty privacy problem IMO.

Because "rcon status" already gives whoever made the server the power to get the IPs of all connected players, this is true for any server you play on.
Giving everyone playing in the reservation the logs just leveled the playing field.

DangerKidWhy don't US servers have this option, or anywhere else? What is the difference in technology between Bisou and the rest, and what are the downsides to using this feature?

The US servers have protection through NFOservers standard anti-DDoS protection.

All my French servers are hosted by OVH, which is one of the few EU hosters to offer cheap (free) anti-DDoS on all their servers. However, by default, on their budget and standard range servers, the DDoS protection is off until an attack is detected, this can take 2 minutes. BeretBrigade and FromageBrigade are in their budget/standard range.
BisouBrigade is one of their gameserver-optimized dedicated servers. It comes with a different kind of anti-DDoS that's always active and also allows you to configure an upstream firewall, so you can prevent most DDoS traffic from ever even reaching your server. It just gets filtered by OVH's upstream routers which they boast can handle up to tens or hundres of gigabits per second.

This same anti-DDoS type by OVH is also what's keeping TF2Center running atm. Cloudflare protects their website, but OVH's anti-DDoS protects their Mumble, websocket server and log listener ports from 300k packets/sec attacks.

[quote=DoctorMiggy]Uh, question, why would you give out raw logs? Logs.tf parses IP info from their log files why doesn't serveme do the same? That is a huge security issue because, even if you get the log files the proper way you still have IP info from the other players. That's a nasty privacy problem IMO.
[/quote]

Because "rcon status" already gives whoever made the server the power to get the IPs of all connected players, this is true for any server you play on.
Giving everyone playing in the reservation the logs just leveled the playing field.

[quote=DangerKid]Why don't US servers have this option, or anywhere else? What is the difference in technology between Bisou and the rest, and what are the downsides to using this feature?[/quote]

The US servers have protection through NFOservers standard anti-DDoS protection.

All my French servers are hosted by OVH, which is one of the few EU hosters to offer cheap (free) anti-DDoS on all their servers. However, by default, on their budget and standard range servers, the DDoS protection is off until an attack is detected, this can take 2 minutes. BeretBrigade and FromageBrigade are in their budget/standard range.
BisouBrigade is one of their gameserver-optimized dedicated servers. It comes with a different kind of anti-DDoS that's always active and also allows you to configure an upstream firewall, so you can prevent most DDoS traffic from ever even reaching your server. It just gets filtered by OVH's upstream routers which they boast can handle up to tens or hundres of gigabits per second.

This same anti-DDoS type by OVH is also what's keeping TF2Center running atm. Cloudflare protects their website, but OVH's anti-DDoS protects their Mumble, websocket server and log listener ports from 300k packets/sec attacks.
17
#17
10 Frags +
DoctorMiggyLogs.tf parses IP info from their log files why doesn't serveme do the same? That is a huge security issue because, even if you get the log files the proper way you still have IP info from the other players. That's a nasty privacy problem IMO.

It's not like he was intentionally giving out the IPs and knowingly compromising the safety of players. It was an oversight, and it's been fixed (or will be fixed shortly). I'm just glad Arie was retroactive enough to find the security flaw, investigate, and keep the community informed.

[quote=DoctorMiggy]Logs.tf parses IP info from their log files why doesn't serveme do the same? That is a huge security issue because, even if you get the log files the proper way you still have IP info from the other players. That's a nasty privacy problem IMO.[/quote]
It's not like he was intentionally giving out the IPs and knowingly compromising the safety of players. It was an oversight, and it's been fixed (or will be fixed shortly). I'm just glad Arie was retroactive enough to find the security flaw, investigate, and keep the community informed.
18
#18
0 Frags +

Including the bad people that you mention in the original post.
I don't agree with that logic at allllll, but it's your service.

If I see a dude with a shady rep running a lobby I'll just not join that lobby. I have no problems trusting people who I know are not asshats to not collect console outputs on rcon status commands.

Including the bad people that you mention in the original post.
I don't agree with that logic at allllll, but it's your service.

If I see a dude with a shady rep running a lobby I'll just not join that lobby. I have no problems trusting people who I know are not asshats to not collect console outputs on rcon status commands.
19
#19
5 Frags +
yttriumDoctorMiggyLogs.tf parses IP info from their log files why doesn't serveme do the same? That is a huge security issue because, even if you get the log files the proper way you still have IP info from the other players. That's a nasty privacy problem IMO.It's not like he was intentionally giving out the IPs and knowingly compromising the safety of players. It was an oversight, and it's been fixed (or will be fixed shortly). I'm just glad Arie was retroactive enough to find the security flaw, investigate, and keep the community informed.

You're right, and I'm sorry for coming off as rude.
I had a bad experience with players DDoS'ing me last year during match nights that really killed my love for the game. I had stopped playing competitive completely and avoiding community servers so I wouldn't have to deal with people trying to find out my new IP.

[quote=yttrium][quote=DoctorMiggy]Logs.tf parses IP info from their log files why doesn't serveme do the same? That is a huge security issue because, even if you get the log files the proper way you still have IP info from the other players. That's a nasty privacy problem IMO.[/quote]
It's not like he was intentionally giving out the IPs and knowingly compromising the safety of players. It was an oversight, and it's been fixed (or will be fixed shortly). I'm just glad Arie was retroactive enough to find the security flaw, investigate, and keep the community informed.[/quote]


You're right, and I'm sorry for coming off as rude.
I had a bad experience with players DDoS'ing me last year during match nights that really killed my love for the game. I had stopped playing competitive completely and avoiding community servers so I wouldn't have to deal with people trying to find out my new IP.
20
#20
serveme.tf
2 Frags +
DoctorMiggyIncluding the bad people that you mention in the original post.

No, that person guessed/calculated the zip file URLs and downloaded files not intended for him. I agree with you it's much better to filter the IPs from the logs. That way only a person with RCON can get the player IPs.

[quote=DoctorMiggy]Including the bad people that you mention in the original post.[/quote]

No, that person guessed/calculated the zip file URLs and downloaded files not intended for him. I agree with you it's much better to filter the IPs from the logs. That way only a person with RCON can get the player IPs.
21
#21
7 Frags +

To be honest, I'm a bit surprised that this was overlooked for as long as it was.

This was known to be an issue back when I was involved with #tf2.pug.na, so we parsed out the IP addresses when we uploaded the logs to the server.

It's a shame that this is still an issue, and that people are still being affected by others with malicious intent.

To be honest, I'm a bit surprised that this was overlooked for as long as it was.

This was known to be an issue back when I was involved with #tf2.pug.na, so we parsed out the IP addresses when we uploaded the logs to the server.

It's a shame that this is still an issue, and that people are still being affected by others with malicious intent.
22
#22
2 Frags +

Good looking out Arie

Good looking out Arie
23
#23
-85 Frags +

lol thank god this other person got caught, i admit i have something like this too (on a smaller scale, this guy probably have in the thousands) where i try to build a database to catch alts and to prevent me from being caught. i am a hacker (both senses of the word) and i roam the ugc and pug scenes. miggy just stfu, most of your posts just show how stupid you are. I wouldn't be surprised if your little shitty plugin, which you claim to be able to block the lmaobox, isn collecting IPs as well. when i play on a server running your plugin i laugh and triggerbot even harder! i been looking into the lmaobox for a year now and im pretty sure i know how it works and you are no where near to being able to counter it. just give up and leave tf2, go do something useful with life, like become a dog walker. Also Arie kudos, your site is now a bit more secured from the noobies but not impenetrable ;)

lol thank god this other person got caught, i admit i have something like this too (on a smaller scale, this guy probably have in the thousands) where i try to build a database to catch alts and to prevent me from being caught. i am a hacker (both senses of the word) and i roam the ugc and pug scenes. miggy just stfu, most of your posts just show how stupid you are. I wouldn't be surprised if your little shitty plugin, which you claim to be able to block the lmaobox, isn collecting IPs as well. when i play on a server running your plugin i laugh and triggerbot even harder! i been looking into the lmaobox for a year now and im pretty sure i know how it works and you are no where near to being able to counter it. just give up and leave tf2, go do something useful with life, like become a dog walker. Also Arie kudos, your site is now a bit more secured from the noobies but not impenetrable ;)
24
#24
8 Frags +

wtf

wtf
25
#25
3 Frags +
ArieI've asked the person responsible to reply in this thread.

lol we'll see. thanks for being diligent and doing investigative work when you saw something fishy. any idea why someone would build such a fancy gui on an openly-accessible web server for such a tool?

[quote=Arie]I've asked the person responsible to reply in this thread.[/quote]

lol we'll see. thanks for being diligent and doing investigative work when you saw something fishy. any idea why someone would build such a fancy gui on an openly-accessible web server for such a tool?
26
#26
29 Frags +
vmksc miggy just stfu, most of your posts just show how stupid you are. I wouldn't be surprised if your little shitty plugin, which you claim to be able to block the lmaobox, isn collecting IPs as well.

Lolwut
You must be smoking some good shit. I've never claimed to block lmaobox. All I did was say I could block lmaobox walls, something which I've since removed since it caused numerous sound issues. My plugin focuses on in-game exploits, something you would know if you actually read the page.
Yea my plugin does collect IPs, a fact that is publicly known to anyone who visits my UGC thread or github page. The only only ones who have access to the Database are Myself and UGC Head Admins Kumori & SnowblindFrog. None of us are interested in DDoSing and in fact have used my DB to catch and remove plenty of alters in the league.

Glad to see you admit you hack and ddos in a video game for kicks.
Your selfworth must be lower than your -frags

[quote=vmksc] miggy just stfu, most of your posts just show how stupid you are. I wouldn't be surprised if your little shitty plugin, which you claim to be able to block the lmaobox, isn collecting IPs as well.[/quote]

Lolwut
You must be smoking some good shit. I've never claimed to block lmaobox. All I did was say I could block lmaobox walls, something which I've since removed since it caused numerous sound issues. My plugin focuses on in-game exploits, something you would know if you actually read the page.
Yea my plugin does collect IPs, a fact that is publicly known to anyone who visits my UGC thread or github page. The only only ones who have access to the Database are Myself and [url=http://i.imgur.com/D5LbykJ.png]UGC Head Admins Kumori & SnowblindFrog[/url]. None of us are interested in DDoSing and in fact have used my DB to catch and remove plenty of alters in the league.

Glad to see you admit you hack and ddos in a video game for kicks.
Your selfworth must be lower than your -frags
27
#27
2 Frags +
kosHow can I change my ip address? and wouldn't playing through a vpn make you lag? or at least increase your ping? Basically how can I as a player prevent myself from getting ddos'd.

Playing through a VPN will definitely make you lag. You can disable encryption options to make it less noticeable, though.

Changing your IP address from your ISP is a valid option, but keep in that some ISPs use static IP address for each customer they service. However, if your ISP uses DHCP to serve your router with an IP address, you can log into your router and find the IP settings to request a new address from your ISP.

https://puu.sh/oo7fX/2ff696724d.png

On my router, it's located in the status section. Hitting "Renew IP address" will renew the 24 hour lease my router has with my ISP's DHCP server and hitting "Release IP address" will discard my current one and request a new one from my ISP.

[quote=kos]How can I change my ip address? and wouldn't playing through a vpn make you lag? or at least increase your ping? Basically how can I as a player prevent myself from getting ddos'd.
[/quote]

Playing through a VPN will definitely make you lag. You can disable encryption options to make it less noticeable, though.

Changing your IP address from your ISP is a valid option, but keep in that some ISPs use static IP address for each customer they service. However, if your ISP uses DHCP to serve your router with an IP address, you can log into your router and find the IP settings to request a new address from your ISP.

[img]https://puu.sh/oo7fX/2ff696724d.png[/img]

On my router, it's located in the status section. Hitting "Renew IP address" will renew the 24 hour lease my router has with my ISP's DHCP server and hitting "Release IP address" will discard my current one and request a new one from my ISP.
28
#28
4 Frags +
AriekosHow can I change my ip address? and wouldn't playing through a vpn make you lag? or at least increase your ping? Basically how can I as a player prevent myself from getting ddos'd.

Also what is preventing people from ddosing the servers that we're playing on? If I remember right only one of the server providers under serveme has ddos protection.

Depends on your ISP. For mine, I can power off the modem, change my router's MAC address and power on the modem again to get a new IP.
For some just power cycling the modem can be enough, or leaving the modem off for 30 minutes before turning it on again might work.

The 1st one is true and should work basically everytime unless there's someone else using that MAC already (highly unlikely but possible.
The bolded part is pretty rare most DHCP leases at the ISP level can range from 30min to 1 week (most ISP I know of do about 12hrs to 2 days)

Other ways of changing your IP.
If you not so tech savvy and really feel uncomfortable with changing the mac having a 2nd router and changing those routers out every week or so should make you change your IP every time and odds are pretty low you'll get an IP you've had before.
Have 2 routers and switch 1 out specifically for matches. You would guarantee this way that you'll 1 have a new IP every week for matches, and 2 if anyone does pull your info from a pre-match scrim it wouldn't be the same.

Technically they're the same but it comes down to preference of the user on when/how they want to change their IP.

Side note for anyone who does IP bans, you're an idiot. It's really easy to get around and in areas serviced by the same ISP could result in another legitimate player getting said IP but is banned cause someone else was a douche.

[quote=Arie][quote=kos]How can I change my ip address? and wouldn't playing through a vpn make you lag? or at least increase your ping? Basically how can I as a player prevent myself from getting ddos'd.

Also what is preventing people from ddosing the servers that we're playing on? If I remember right only one of the server providers under serveme has ddos protection.[/quote]

Depends on your ISP. For mine, I can power off the modem, change my router's MAC address and power on the modem again to get a new IP.
[b]For some just power cycling the modem can be enough, or leaving the modem off for 30 minutes before turning it on again might work.[/b]
[/quote]

The 1st one is true and should work basically everytime unless there's someone else using that MAC already (highly unlikely but possible.
The bolded part is pretty rare most DHCP leases at the ISP level can range from 30min to 1 week (most ISP I know of do about 12hrs to 2 days)

Other ways of changing your IP.
If you not so tech savvy and really feel uncomfortable with changing the mac having a 2nd router and changing those routers out every week or so should make you change your IP every time and odds are pretty low you'll get an IP you've had before.
Have 2 routers and switch 1 out specifically for matches. You would guarantee this way that you'll 1 have a new IP every week for matches, and 2 if anyone does pull your info from a pre-match scrim it wouldn't be the same.

Technically they're the same but it comes down to preference of the user on when/how they want to change their IP.

Side note for anyone who does IP bans, you're an idiot. It's really easy to get around and in areas serviced by the same ISP could result in another legitimate player getting said IP but is banned cause someone else was a douche.
29
#29
2 Frags +
ComangliaSide note for anyone who does IP bans, you're an idiot. It's really easy to get around and in areas serviced by the same ISP could result in another legitimate player getting said IP but is banned cause someone else was a douche.

some resort to banning blocks of IPs if the person keeps trying to get around it, which i guess is somewhat reasonable only when they're in an area with very few legitimate users

[quote=Comanglia]Side note for anyone who does IP bans, you're an idiot. It's really easy to get around and in areas serviced by the same ISP could result in another legitimate player getting said IP but is banned cause someone else was a douche.[/quote]

some resort to banning blocks of IPs if the person keeps trying to get around it, which i guess is somewhat reasonable only when they're in an area with very few legitimate users
30
#30
serveme.tf
10 Frags +
Gemmellnessany idea why someone would build such a fancy gui on an openly-accessible web server for such a tool?

If I am to believe the person that built this tool, and I'm leaning to believing him, it's to find and catch cheaters/alts on TF2Center.

BattleMagooPlaying through a VPN will definitely make you lag. You can disable encryption options to make it less noticeable, though.

Not really, I ran a VPN experiment when a whole bunch of matches got DDoSed last year. Now I was cheating a little bit by running the VPN service on the game server machine, so routing was identical for the players when comparing VPN and no-VPN. But the encryption didn't add any noticeable delay or ping, at the rates TF2 uses I wouldn't expect a modern processor to have any troubles handling that.

[quote=Gemmellness]any idea why someone would build such a fancy gui on an openly-accessible web server for such a tool?[/quote]
If I am to believe the person that built this tool, and I'm leaning to believing him, it's to find and catch cheaters/alts on TF2Center.

[quote=BattleMagoo]Playing through a VPN will definitely make you lag. You can disable encryption options to make it less noticeable, though.[/quote]

Not really, I ran a VPN experiment when a whole bunch of matches got DDoSed last year. Now I was cheating a little bit by running the VPN service on the game server machine, so routing was identical for the players when comparing VPN and no-VPN. But the encryption didn't add any noticeable delay or ping, at the rates TF2 uses I wouldn't expect a modern processor to have any troubles handling that.
1 2 3
Please sign in through STEAM to post a comment.