Due to a lack of paying customers I will not be renewing three machines (2xFR, 1xDE) in the EU region. For now the EU site has no servers available for free, just for paying customers.

I'm sad there's only one person (afaik) in the comp TF2 community with this kind of relation with Valve. I'm glad it's b4nny.

An update on the changes to serveme.tf:

1. All new logfiles viewable on serveme.tf and in the downloadable zipfile automatically have 0.0.0.0 instead of real IP addresses.
   
2. All older logfiles already stored on serveme.tf have had the IPs in them replaced with 0.0.0.0. These are the logs you see when you click the "logs.tf" button for your reservation.
   
3. All older logfiles stored in the downloadable zipfiles (300GB of zips) are being removed from the zipfile, the demo will not be removed. This is taking a while because there are 30k zipfiles to go through.

If I am to believe the person that built this tool, and I'm leaning to believing him, it's to find and catch cheaters/alts on TF2Center.

Not really, I ran a VPN experiment when a whole bunch of matches got DDoSed last year. Now I was cheating a little bit by running the VPN service on the game server machine, so routing was identical for the players when comparing VPN and no-VPN. But the encryption didn't add any noticeable delay or ping, at the rates TF2 uses I wouldn't expect a modern processor to have any troubles handling that.

No, that person guessed/calculated the zip file URLs and downloaded files not intended for him. I agree with you it's much better to filter the IPs from the logs. That way only a person with RCON can get the player IPs.

Because "rcon status" already gives whoever made the server the power to get the IPs of all connected players, this is true for any server you play on.
Giving everyone playing in the reservation the logs just leveled the playing field.

The US servers have protection through NFOservers standard anti-DDoS protection.

All my French servers are hosted by OVH, which is one of the few EU hosters to offer cheap (free) anti-DDoS on all their servers. However, by default, on their budget and standard range servers, the DDoS protection is off until an attack is detected, this can take 2 minutes. BeretBrigade and FromageBrigade are in their budget/standard range.
BisouBrigade is one of their gameserver-optimized dedicated servers. It comes with a different kind of anti-DDoS that's always active and also allows you to configure an upstream firewall, so you can prevent most DDoS traffic from ever even reaching your server. It just gets filtered by OVH's upstream routers which they boast can handle up to tens or hundres of gigabits per second.

This same anti-DDoS type by OVH is also what's keeping TF2Center running atm. Cloudflare protects their website, but OVH's anti-DDoS protects their Mumble, websocket server and log listener ports from 300k packets/sec attacks.

Depends on your ISP. For mine, I can power off the modem, change my router's MAC address and power on the modem again to get a new IP.
For some just power cycling the modem can be enough, or leaving the modem off for 30 minutes before turning it on again might work.

A VPN can increase your ping yes, it can also lower your ping if your VPN has better routing to the gameserver interestingly. If you pick a VPN on the route to the gameserver, or very close by the gameserfver, it can be very competitive ping-wise.

The French servers on serveme.tf offer some DDoS protection. BeretBrigade and FromageBrigade have protection that can take a minute or two to kick in (during which you'd already be disconnected from the gameserver due to a timeout). BisouBrigade is the only one with DDoS protection that's always active and that actually seems to work.

-----
tl;dr if you're playing in a casted match make sure you use a fresh IP and keep it hidden as best as you can, because someone has been collecting IPs for as many TF2 players as he could
-----

First of all, the word "hacker" from the title could mean a person using technology in some clever way (with no evil in mind), or it could be the media's definition of the word, meaning a computer criminal.
I don't know for sure the intent of this person, so I'll leave open what kind of hacker we're dealing with here.

Late last night I found out that someone has been downloading the zipfiles for all serveme.tf and na.serveme.tf reservations for the past 5 weeks. These zip files contain two things, the STV demos and the server logs files. Server log files contain the connect info of a player (IP).
Normally these zip files are only accessible for people playing in the reservation, the link to download them is not given out to other people. There is no login-restriction on the download though, so you could share the link to the zip file with a friend for example.

Now the hacker wrote a bot to scrape the serveme.tf's new reservation form (to get a list of servers) and the recent reservations page. By combining the information the bot could construct the zip file URLs of the recent reservations and schedule a download at the expected end time of a reservation.
All of this became apparent by looking at my serveme.tf webserver logs. Automated visits to the reservation page every 10m, the subsequent downloads of all the zips. But I also noticed a few HTTP referrers in the download of some zip files. This is the origin site of an incoming link to your site, meaning the hacker had a site where he sometimes would click on a zip URL hosted on serveme.tf.

Using this HTTP referrer, I was able to find one of the control pages for the bot and made this screenshot:

http://i.imgur.com/T1KGNQf.png

As you can see, it's quite a fancy tool, and this is just one PHP page, there might be more. Now I can certainly commend someone for building something like this, however that screenshot has 2 scary parts that make me think that STV demos might not be the reason for this tool to exist.
There's a "x connection sequences processed" message, underneath a table that has a column "IP address" and "MySQL". This means that this tool would search through the logfiles of downloaded zips and enter all found players, their names, steam ID and IP in a database so it can be easily queried.

In my search for this person I found some interesting things about the hacker:
- A couple of older alt accounts, ending their activity when a new account would start getting used
- Ton of played games on TF2Center, with a lot of ban requests filed for hacking. No hard proof, just some really good logs.tf stats
- UGC team
- A number of home IP addresses
- Recently donated to na.serveme.tf, with a fake name and address

I've contacted this person and he insists he's just downloading these files for the STVs, but interestingly the VPS hosting the site and bot has been taken offline.

Now this is all could be coincidental, but recently we've also seen an uptick in DDoSes directed at the TF2 community. Most recently the DDoSing of TF2Center (server got DDoSed), and the froyo vs street hoops match (players getting DDoSed). Especially in the last case a database of players and their IPs would be very useful.

Which leads me to the following actions and recommendations:

- If you're in a casted match, make sure your IP is secret
- serveme.tf will start removing IPs from logs (like logs.tf does)
- serveme.tf will add a random component to the ZIP URLs so someone can't just start guessing them all

I've asked the person responsible to reply in this thread.

Why is texas a horrible location to host?

Being able to switch locations instantly if you or your opponent pings badly to the server. That's coolest thing in my opinion. A lot of people using serveme.tf also say it's easier than renting and configuring a server yourself.

In Europe you can get away with just getting premium, since there are so many servers available, so that would be significantly cheaper at 5 euros per 3 months.

In NA I don't have as many servers (and they're all tragicservers already anyway :) ), so premium might not guarantee you a server, but if you can live with that (just book a server 1h in advance) it would be cheaper than renting a private server. Just like in EU you can always pick the best location for your game.

I've considered making all serveme.tf STV demos public, but haven't for two reasons:
- The zip containing the demo also contains the server log files, these contain all the player IPs as well. So I would have to take out these logs or filter the IPs from them like logs.tf does.
- Teams might not appreciate all their STVs being public.

I like how TF2Stadium's serveme.tf integration is free, instead of TF2Center's which requires a €5/month payment.

Hopefully people will spend those €5 on 3 months of serveme.tf premium, instead of 1 month of TF2Center donator perks, cuz I got bills bills bills xD

jota, asfq, Yuni, HellHound, enjoy matchmaking <3

Possibly just started happening due to a TF2 update, because I don't remember this being a problem all the time.

Any site that puts actual articles on the front page instead of a cup from Jan 31 has my support.