Open KimonoKyoto opened 1 year ago
I did more research on the Compressor program and it is completely optional to have this low ping fake spoof option...
You can report those servers via the Steam Abuse Report (F7). As far as I know, doing this is against Steam's TOS and they can shadowban those servers.
You can report those servers via the Steam Abuse Report (F7). As far as I know, doing this is against Steam's TOS and they can shadowban those servers.
The problem is that this reporting does not work at all, there are so many servers and reporting does absolutly nothing, you can open up the server list and see for yourself how many servers have fake ping
Tons of big communities use these features to bully out smaller communities from their player pools, our admin sent steam abuse reports, emails and everything and nothing happened...
this has been done with tf2 community servers for a very long time, people were doing shady shit like this for years, i'm just surprised it took anyone this long to actually make an issue for this. hopefully, someone will find a way to stop this, along with player count spoofing, and then maybe valve can look at all those reported servers that people have gotten evidence of spoofing ping/playercounts and punish them accordingly.
I believe I found potential solution,
The software they use (https://github.com/Dreae/compressor) spoofs ping and potentially player count by caching A2S Info packets.
This should be resolvable if we make TF2 A2S_Info packets require challenge number just like l4d2 did
https://developer.valvesoftware.com/wiki/Server_queries#A2S_INFO
In other words, make all tf2 servers do a2s info challenge always and make server appear as not responding for client if client detects that challenge number handshake failed, this shouldn't result in any issues with legitimate servers
This should be resolvable if we make TF2 A2S_Info packets require challenge number just like l4d2 did
TF2 servers already requires a challenge packet for A2S_INFO queries. The wiki needs to be updated, all Source multiplayer games received that update.
Challenges are enforced by the server, the client will gladly accept the data even if the server doesn't enforce a challenge.
Hello, I live in Asia, and this is ruining the game for everyone I know at the moment.
A lot of communities spoof their ping to trick players into joining their servers while legitimate servers in their specific regions are left empty. The gameplay experience in my country is pretty grim as the result, as many of my friends don't want to play tf2 anymore as they lag despite TF2 the joined server is low ping. These servers do show their real ping once you fully join them and download content in scoreboard tab aswell as 'ping' command in console, so this is intentional!
List of example ips doing ping spoofing:
Steps to replicate:
You will notice that the ping stays the same due to ping spoofing the community does.
This kind of ping spoofing exploitation is discouraging players from further playing community servers as they have 400+ ping while the ping was advertised as 20 - 40 in internet tab Not to mention, it also kills player counts on legitimate servers with no ping spoofing.
The malicious servers in question have vps setup for 16+ locations and through anycast they make sure that low ip is displayed for a2s info while once u join u get 300 - 400+.. i have found out the program they use: https://github.com/Dreae/compressor which allows for caching a2s info.
As long as this is not fixed, it will likely be one of major contributors to death of tf2, and the small communities, please don't let this be the end of tf2 community!