[CS:S] UNPLAYABLE: Server list filled with spam

[PiMoNFeeD]

The entire server list in CS:S is filled with fake servers that have someone's phone number as map and game name, plus tags and server name is basically some variation of "I will do X slutty thing to you, call me" in Russian. Manually refreshing each server or quick refreshing server list also removes all of these fake servers, but refreshing everything makes them appear again. It appears that all their IPs start with 169.254.x.x

Real servers can still be found in Steam server browser or if you scroll down in-game really deep, but since this happened the number of servers in list went down drastically (from several hundreds/thousands to about ~60), even missing those that are in my history that I found on the server browser and that are still up.

I really hope this won't go ignored as basically every other issue on this repository, because it LITERALLY makes the game unplayable.

[etkaar]

I also reported this to the mailing list: https://list.valvesoftware.com/hlds_linux/msg/23092845/

Issue is also discussed here: https://www.reddit.com/r/GlobalOffensive/comments/11pm1u7/literally_the_entire_community_server_browser_is/

I also sent out abuse reports to the involved networks.

[etkaar]

EDIT: As per 11th August 2023 TF2 is also affected (see here).

Team Fortress 2 – at first sight – not, as the server browser looks normal:

[R4to0]

They could force the usage of a Gameserver account token and limit to only display gameservers with associated token (or add a toggle filter on/off). I'm sure this would clear out a lot of these fake servers while at the same time track whoever owns these servers as only non-limited accounts can generate a token, and since CSS is a paid game this wouldn't be a barrier as the owner has the game usually.

https://steamcommunity.com/dev/managegameservers

[dhalucario]

Counter-Strike: Global Offensive is affected by the same or a similar exploit:

CS:GO and TF2 look fine in those screenshots.The Skial and FACEIT servers are actual servers to my knowledge and they just have that many servers.

[etkaar]

Counter-Strike: Global Offensive is affected by the same or a similar exploit:

CS:GO and TF2 look fine in those screenshots.The Skial and FACEIT servers are actual servers to my knowledge and they just have that many servers.

I see, removed it to prevent any confusion. So right now it seems that only CSS is clearly and highly affected by this issue.

EDIT: As per 11th August 2023 TF2 is also affected (see here).

[Ashetf2]

TF2 is now affected by this exploit

[Gamecube762]

This will affect all Source multiplayer games with a server browser and some non-Source games. This abuses the A2S protocol to mimic a server along with sending heartbeats to the Master Server List. The protocol for this has been available on the ValveWiki for a long time.

All that's needed to appear in a game's server list is just the Steam AppId. All information about the server except for ping can be faked, including VAC status.

[RednotePL]

All that's needed to appear in a game's server list is just the Steam AppId. All information about the server except for ping can be faked, including VAC status.

Ping can also be faked, something I noticed when searching for TF2 server. <20 ping on "US" server in server browser while I'm being located in Europe, and when joining, in-game ping is around ~200ms.

Just tested - for example UGC.TF US servers with 7 ping

After joining ~150ms ping

[Gamecube762]

Ping can also be faked, something I noticed when searching for TF2 server. <20 ping on "US" server in server browser while I'm being located in Europe, and when joining, in-game ping is around ~200ms.

That is related to #4484, it's a different tool that proxies you into a different server. The ping between you and the proxy is real, but the ping between the proxy and the server is hidden until you're in-game.

[etkaar]

Problem is still not resolved.

[dhalucario]

Counter-Strike: Global Offensive is affected by the same or a similar exploit:

CS:GO and TF2 look fine in those screenshots.The Skial and FACEIT servers are actual servers to my knowledge and they just have that many servers.

Addendum to this: I wish FACEIT servers would at least add a tag so I can filter them out. When I am looking for actual community servers that aren't FACEIT servers I can't really filter them out at all.

[Ballganda]

All I have been able to do is add all the fake servers to my blacklist as they appear. I have over 5000 on my blacklist now... causes a bit of extra load time as the file gets read in.

IF you do select them all the click add to blacklist your game locks up for minutes as it writes all the info to the blacklist file. I opened the game windows and selected all the fake servers and clicked add to blacklist and then just minimized the game until it finish several minutes later.

I play CS:S weekly usually and will update this as they servers pop up in my browser.

https://github.com/Ballganda/css-server-blacklist/

[etkaar]

I am working out a solution for that, stay tuned. We will fight back!

Soon, see repository: Malicious Server Blocker

[kusti420]

same in every version of cs. PLS JUST ADD STH TO BE ABLE TO PLAY CS WITHOUT RUSSIANS. that shit has been out of control for far too long

[etkaar]

Hi guys!

I've just released an alpha of Malicious Server Blocker for demonstration purposes.

Currently I encounter the problem that the filtering is way too slow and I am still looking for the reason. It processes only about 50 packets all few seconds for me. I am not sure if it is the WinDivert driver itself.

This makes it unusable yet for production because it leads to some servers not displayed, perhaps due to packet drops, as we need to filter about 10,000 packets within a relatively short period of time.

I am not sure if this problem is only present on my machine, so I would be grateful if you could test it. Currently I tested it only on Counter-Strike: Source by simply openeing the server browser and then clicking "Refresh all".

The compiled alpha can be downloaded here under Releases. I am quite sure it will trigger anti-virus software. You can always use the source code to compile it by yourself. Please note that I am not primarily a Windows developer, so the code is still a bit dirty (and placing the console within the main window is something I might need to change).

Log files by the way are stored here:

C:\Users\[USER]\AppData\Local\MaliciousServerBlocker\logs

[etkaar]

I localized the reason for the performance issue now, but I did encounter another issue. It seems that the spam is so intense that the master servers reach a limit and so many legitimate servers are not even broadcasted to the client. That means, even if the firewall eats all the spam severs, the client still might end up with missing legitimate servers.

We therefore likely need try out something different.

[Ballganda]

I localized the reason for the performance issue now, but I did encounter another issue. It seems that the spam is so intense that the master servers reach a limit and so many legitimate servers are not even broadcasted to the client. That means, even if the firewall eats all the spam severs, the client still might end up with missing legitimate servers.

We therefore likely need try out something different.

If you load up this server browser it has some hits to max requests to the steam master server

https://github.com/PredatH0r/SteamServerBrowser

[etkaar]

The master servers are kind of infected, so they can't be used any more.

[PiMoNFeeD]

It seems that the spam is so intense that the master servers reach a limit and so many legitimate servers are not even broadcasted to the client

yes, that's what I mentioned in my original post:

since this happened the number of servers in list went down drastically (from several hundreds/thousands to about ~60), even missing those that are in my history that I found on the server browser and that are still up

I don't think we can do anything with this client-side, this has to be fixed server-side (on Valve's side)

[etkaar]

I am so angry guys 😣😓

The firewall would definitely work – I was able to filter almost all fake/spam servers out –, but since they fill up the master servers with so much spam, filtering does not really make sense because still many legitimate servers aren't displayed. What is not sent to the client at all due to the limit can't be passed.

Please open support tickets with Counter-Strike 2 and report them that issue again and again: https://help.steampowered.com/en/wizard/HelpWithGame/?appid=730

If they fix it for CS2 maybe it will be also fixed for other games.

[Kaze1027]

Replying to https://github.com/ValveSoftware/Source-1-Games/issues/5101#issuecomment-1852008651

The same thing happens in L4D2, every source engine game 🤬

[improvised-explosive-device]

Please don't let Source multiplayer die like this...

[LuhGeek4044]

server browser on cs source and tf2 as of 13/03/2024 is still filled with spam

[BerntA]

Just use http://browser.reperio-studios.eu/

[etkaar]

Just use http://browser.reperio-studios.eu/

[BerntA]

Just use http://browser.reperio-studios.eu/

don't use https

[etkaar]

Why should someone nowadays not use HTTPS?

[LuhGeek4044]

this is europe only, is there a server browser for asia/oceania servers for css

[etkaar]

Still not fixed unfortunately:

[ethanholt1]

Until this is fixed, I would suggest using this guy's server blacklist, which worked to remove almost all the spam in my case. https://github.com/Ballganda/css-server-blacklist

If you wish to remove these on your own, right click on any of the offending servers, click Show server info, then copy the IP (not the port.) Open the Blacklist tab and paste in the IP, and then add it to the blacklist. After a refresh, all servers hosted by that person should be gone.

[etkaar]

Still not fixed unfortunately.

[nikooo777]

Please, if someone knows someone working at Valve or has a big enough audience that can get their attention, PLEASE ask them to look into this. I bet it's a quick fix as well, and it would help those awesome niche communities immensely.

Save our beloved source games!

[Ballganda]

CSS Servers that used to get 100-150 new players per day now see maybe 25. And it happened overnight when the spam came on.

I have update my methods for making a blacklist. Automated search of all regions. That total the automated method for CS:S was

187,000+ spam servers in the browser.

Help ReduceBS (Reduce Browser Spam) and report spam IPs to my blacklist GitHub as an issue. https://github.com/Ballganda/css-server-blacklist

[etkaar]

I still don't get why Valve doesn't fix this vulnerability.

[Ballganda]

I still don't get why Valve doesn't fix this vulnerability.

Zero care if it does not affect money enough.

This isues affects CS2 as well. They do not care. The issue does not affect the money.

The recent release of the armory pass in CS2. The pass literally said "There's no wrong way to play...". Then players made sudo community lobby's and gained XP faster than normal by playing death match. Turns out that was the wrong way to play and now those people are banned and valves patching. Within days. Why. The money.

Issue has affected CS since approximately 2005 maybe all the way back to CS steam server browser being released.

The only way Valve will fix this is if the spammers start affecting the money flow. Turn off the money VALVE and Valve will act in hours.

[etkaar]

That really makes me sad, since there is still a very active community, it is not that all people left CSS for CS2, many still play both. And also TF2 is a great game which is affected as well.

[Ballganda]

The only thing necessary for the triumph of evil is for good people to do nothing.

I believe Valves silence on this for decades is as good a signal as we will get. My interpretation is that community server problems are community problems. The community is to regulate and fix itself. (As long as it does not affect Valve money)

Mad Max 1 quote "as long as the paperwork's clean you boys can do what you want out there"