Open XorZed opened 2 months ago
Localia-cn
commented
2 months ago I don't think attackers need players' SteamIDs. The 'status' command requires people to join the server before it can be used. I believe they simply filter through the server list to find servers with players and do DDOS attacks. To my knowledge, there is no way to hide a server from the server list, unless the server is running in '-nomaster' mode.
XorZed
commented
2 months ago I dont care what method it is. Status command. Server list. REMOVE THE UNIQUE STEAM ID FROM ANY LISTING COMMAND OR FILTER PERIOD! Thats the fix. Im not talking about hiding a server, im talking about hiding players. Remove the feature entirely! Its literally causing the problem. You can allow some features that may need to use it, but dont allow players to use it.
lDrDooml
commented
2 months ago Even if they did what you're asking for, that wouldn't solve the problem since there are websites where you can get the STEAM ID from a steam profile. The only solution here is to know what method they use to attack the servers and from there they can fix it.
XorZed
commented
2 months ago Even if they did what you're asking for, that wouldn't solve the problem since there are websites where you can get the STEAM ID from a steam profile. The only solution here is to know what method they use to attack the servers and from there they can fix it.
Websites with steam ids dont show the attacker what game im in. So even if he is able to get my unique steam id he now has to be able to somehow scan all official servers and be able to find the game im playing in.
The only solution? Total nonsense as ive all ready explained above. Remove any ability to scan games and find players in game and you will, at least, get rid of the HIT LIST style dos attacks. Will it get rid of the DOS in general? Of course not. But that will require a fix in and of itself. Perhaps they are initiating a fix right now for the DOS attacks themselves. Fine. I dont really care if they can fix one they can fix the other, but if its easy to do, then why not do it. Remove the status command and the openserverbrowser function in the mean time.
FurtadoPires
commented
2 months ago Are those attacks being made by players inside the server, or external?
I've noticed that it only occurs in the official us servers, and by my perception in versus matches it doesn't seem to affect every player in the room.
XorZed
commented
2 months ago Are those attacks being made by players inside the server, or external?
I've noticed that it only occurs in the official us servers, and by my perception in versus matches it doesn't seem to affect every player in the room.
External Attacks for sure. Any server i connect with on my main thats official will get DDOSd. Nobody internal could know about me connecting in every single match. A coop mode private match (with only me in it) gets ddosd the same. And yes it only happens on officials as ive mentioned above because they allow attackers access to too much information. Stupidly so. Same with the silly amount of modding that valve allows people to use to have bunny hopping scripts, etc etc. Valves always made very dumb decisions when it comes to game design. This is nothing new.
It absolutely effects every single player in the room as ive confirmed this multiple times where the game im in is completely unplayable and leads to every person leaving. If you've experienced a "DOS attack" like lag then it may be you are being personally targeted and your private IP is compromised. But so far the overwhelming experience is that it DOSSES the entire lobby.
FurtadoPires
commented
2 months ago And yes it only happens on officials as ive mentioned above
I think it's only the US servers, so far playing in the official Peru and Chile servers didn't start the DDoS
XorZed
commented
2 months ago And yes it only happens on officials as ive mentioned above
I think it's only the US servers, so far playing in the official Peru and Chile servers didn't start the DDoS
Yeah that may be true. Ive not tested any SA servers. I do know the EU servers are affected though. Certainly US servers are.
Suggestion
Please do remove the ability of people to clearly be able to see a persons unique steam ID and execute attacks based on it. You need to remove/deprecate all STATUS based commands on the servers so players cannot keep tabs on whos playing on them. It makes absolutely NO SENSE to allow attackers to see the information about everybody playing on official servers when nobody needs to know that information (w/ possibly the exception of private servers). Why console commands are even enabled for officials is beyond me. Its like valve wants to help these people.