Fake servers in Counter-Strike

[ghost]

This is not a bug, but rather a feature request to fix an annoying thing in Counter-Strike. The server list is plagued with redirect and fake servers. It's really hard to find a regular server, most of the servers redirect to a specific one.

In order to spot a fake server I have to right click it and check "show server info". On fake servers everyone has played the exactly same amount of time.

It's really annoying, I guess it shouldn't be too hard to do something to them. Most of these servers also rebind your z, x, c keys to spam a specific spam message. Some of these servers also change my Gamemenu.res so I can join their servers from the main menu. They also bind some keys to join their servers. Ridiculous!

Most of these servers are also still Protocol 47 (with some kind of a compatability patch for 48 clients).

I hope you could do something about this. I want to play CS the way it's supposed to be played. This affects all OSes.

[MrSchism]

This effects all versions?

[ghost]

Yes, it affects all mods, regular Half-Life as well. All GoldSrc based games are affected by this, on all OSes. It's really a game breaker. I thought I report this "bug" here since it affects all OSes.

At the moment, 75% of servers are like this. It tries to connect to them (3 bars), then it joins an another server, which will hack my game.

The best solution would be getting rid of the fake servers on the main server list.

[MrSchism]

Sadly, this is not the place to report it; this is for bugs regarding the linux version, not the service (which is causing the issue).

[ghost]

But it affects the Linux version too, and it should be fixed. I don't get why Valve allows players to host fake servers and hack other players' computers. It's impossible to play the game via server list.

As I said, it's not a bug, but it's a game breaker. It's a feature request just like https://github.com/ValveSoftware/steam-for-linux/issues/1006 is and it should have been in first place already. The game is completely unplayable to me because of this.

I hope Valve could AT LEAST take a look at this.

[unrealz0r]

How is this NOT a bug? If this is the way you treat your customers I'm pretty so I won't be buying anything from you again. I'm in the same situation as nullcollision is. I can't find any proper games, just a list full of fakes.

This seems to also affect the Steam server browser.

[MrSchism]

@unrealz0r. I'm not a Valve employee, first and foremost. Second, this isn't a bug regarding the linux client; there are other places for this report to go.

Being the linux client is still in beta and so many people are having a problem even connecting, you'll probably see a change in what servers are available. The issue is a well-documented one with a LONG history. Lets not forget that the game is from '99~'00. Many of the servers available were created ages ago and were hijacked sometime in the recent past (I'm reading some of the hijack articles going back 5 years).

The solution will be twofold. First, as more legit players come to play, there will be more clean servers. Second, there will be an increase in awareness of the issue due to an increased amount of players. More complaints about a given server, the more that will be taken down. Because of how these servers function, you have to take them down as they are detected; a fell-swoop won't do much.

The community has to be as proactive as the developers.

Valve can and will see this; closed issues don't go away.

On an aside, There are dozens of walkthroughs on how to easily hijack a CS1.6 server. CS:S and CS:GO are both safer until a patch can be made.

[ghost]

We can only hope Valve fixes this, as with Linux support I can bet there will be more angry customers. Valve should make some kind of a authentication system for the master server as well, as I can see there are many unauthorized servers there (everyone has VALVE_ID_LAN).

I can only hope for the best.

[MrSchism]

Like I said, part of it is finding servers you know are good. Most communities that hosted CS1.6 servers dropped them for CSS. Those that remained (many being home-based servers) got hacked and hijacked because of a very big security gap.

13 years ago, game 'sploits were everywhere.

The only way that these servers will become less of an issue is people actively moderating their own servers... which requires more people playing. There will be the same amount (potentially a few more), but the percentage of them in the server list will drop.

[ghost]

The problem is that the server admins are doing this themselves, they want more players on their servers. In my opinion doing this is wrong.

I still know many communities which play 1.6, it's a very popular game in my country as well.

It shouldn't be too hard for Valve to filter out these servers. The redirect ones, I mean. It's not fair against other server owners. Pirates also have their own, redirect filtered masterserver, why can't we have one?

I respect Valve as a company, but it just seems kinda random to me to not filter them. I hope you get my point. :)

[MrSchism]

That's just it though; the server admins largely -aren't- doing it themselves; the person who hijacked the server set up the hijacked system to forward it to one of theirs which modifies the client into adware..

True, a master server would help. Here's hoping they take suitable action.

[AnAkkk]

That's wrong. A lot of these servers are put especially by some server admins, mostly from eastern europe if you check the IPs. Some IPs have hundred of fake servers, they just have different ports. It's quite easy to do, there are tools available that let you do it.

Checking the server list, it looks like 95% of servers are fake ones for me. There are more thousands of fake servers coming from 2-3 different IPs. I get a few real servers, which seem to be mostly empty.

And I have noticed a few times that the servers were able to replace the client files with different ones, I had my game menu modified as well, and other menus too. That's not limited to fake servers. Some real servers do it as well.

[MrSchism]

This was discussed all over the place. http://forums.steampowered.com/forums/archive/index.php/t-1667666.html has a great article from two years ago which gives a few work-arounds.

This is a nice early one: http://www.shoot-em.com/forum/how-i-removing-the-ads-t590.html which offers a way to prevent the config re-write.

Utilizing both is a good way to keep yourself safe until a fix comes.

[alfred-valve]

I do plan to address the issue of fake servers, perhaps not with the initial release but certainly shortly there after.

[ghost]

I'm glad to hear about that. :)

[Neeeeeeeeeel]

Just a comment about this screen: https://f.cloud.github.com/assets/3123539/106262/c207014a-69ed-11e2-849e-34156af9e610.jpg

What you showed can be done using a non-steam client (protocol 47), if you use Steam CS Client (protocol 48) nobody can do that to your game client

[ghost]

@Neeeeeeeeeel: This has happened me to with Protocol 48 client on Steam, too, so I doubt that.

[xPaw]

@Neeeeeeeeeel: That is still possible to do on latest public version. However, Alfred said that he fixed that in beta version, I didn't test that yet, so I can't confirm.

[Neeeeeeeeeel]

Mmm I remember I tested (some time ago) and I can't But he fixed it so i won't care about xd

[MrSchism]

If anyone's still having issues (and didn't bother reading the articles I mentioned), the best way is to chmod your config file so it's readable, but not writable. 544 or something of the sort should suffice as a stop-gap.

[alfred-valve]

The update today has changed the serverbrowser to not include bots in the player count for a server, so this should help filter out these fake servers. Just tick "has users playing" in the filter options.

[ghost]

Is this just for 1.6 or for Steam as well?

[alfred-valve]

Just for Goldsrc games (so cs and hl1 for now, and the rest soon).

[AnAkkk]

The filter helps with fake servers, though there are still quite a lot of No Steam/Cracked servers which are full of people that are using non-steam cracked versions of the game. It can be seen with their SteamIDs which are invalid. Most of these servers are full of cheaters. Unfortunately, there is no way to find out if a server is cracked before joining it. Any chance these servers can be delisted?

[Yulike]

@AnAkIn1 under filters set Anti-Cheat to secure, is that what you're looking for?

[AnAkkk]

No. These servers are all showing as secured, while they are not. I guess they are either faking the status, or it's just that their crack allow clients that are not running VAC to connect anyway.

[ghost]

Alfred, Too much fake game server displayed in the list of masterserver.

The following fake servers IP's:

88.255.155.2:27015 88.255.155.5:27015 88.255.155.20:27015 88.255.155.110:27015 88.255.155.3:27015 88.255.155.51:27015 88.255.155.80:27015 88.255.155.54:27015 88.255.155.59:27015 88.255.155.73:27015 88.255.155.60:27015 88.255.155.29:27015 88.255.155.9:27015 88.255.155.6:27015 88.255.155.31:27015 88.255.155.101:27015 88.255.155.75:27015 88.255.155.99:27015 88.255.155.50:27015 88.255.155.4:27015 88.255.155.49:27015 88.255.155.83:27015 88.255.155.202:27015 88.255.155.8:27015 88.255.155.57:27015 88.255.155.56:27015 88.255.155.61:27015 88.255.155.84:27015 88.255.155.41:27015 88.255.155.47:27015 88.255.155.77:27015 88.255.155.43:27015 88.255.155.33:27015 88.255.155.58:27015 88.255.155.32:27015 88.255.155.13:27015 88.255.155.95:27015 88.255.155.91:27015 88.255.155.7:27015 88.255.155.78:27015 88.255.155.115:27015 88.255.155.11:27015 88.255.155.17:27015 88.255.155.39:27015 88.255.155.85:27015 88.255.155.81:27015 88.255.155.18:27015 88.255.155.200:27015 88.255.155.22:27015 88.255.155.40:27015 88.255.155.30:27015 88.255.155.34:27015 88.255.155.107:27015 88.255.155.86:27015 88.255.155.114:27015 88.255.155.48:27015 88.255.155.16:27015 88.255.155.113:27015 88.255.155.76:27015 88.255.155.106:27015 88.255.155.94:27015 88.255.155.90:27015 88.255.155.42:27015 88.255.155.19:27015 88.255.155.112:27015 88.255.155.53:27015 88.255.155.92:27015 88.255.155.71:27015 88.255.155.82:27015 88.255.155.102:27015 88.255.155.111:27015 88.255.155.89:27015 88.255.155.62:27015 88.255.155.96:27015 88.255.155.201:27015 88.255.155.88:27015 88.255.155.23:27015 88.255.155.74:27015 88.255.155.97:27015 88.255.155.37:27015 88.255.155.38:27015 88.255.155.44:27015 88.255.155.103:27015 88.255.155.28:27015 88.255.155.98:27015 88.255.155.87:27015 88.255.155.79:27015 88.255.155.109:27015 88.255.155.105:27015 88.255.155.45:27015 88.255.155.55:27015 88.255.155.14:27015 88.255.155.100:27015

[erm3nda]

You should publish that fake list to some "hack me if you can list" :D

[ghost]

These servers should definitely be blacklisted. There's far too many of them.

---

Lähettäjä: M3ndamailto:notifications@github.com Lähetetty: ‎4.‎7.‎2015 18:53 Vastaanottaja: ValveSoftware/steam-for-linuxmailto:steam-for-linux@noreply.github.com Kopio: nullcollisionmailto:villesalminen@outlook.com Aihe: Re: [steam-for-linux] Fake servers in Counter-Strike (#1014)

You should publish that fake list to some "hack me if you can list" :D

---

Reply to this email directly or view it on GitHub: https://github.com/ValveSoftware/steam-for-linux/issues/1014#issuecomment-118525485

[erm3nda]

What i learn on my life, is... if the weird things are NOT SOLVED, you must guess that the owner of service is benefiting from this. You MUST CLAIM for remove that ASAP.

[Mistrick]

We still have a big problems with official monitoring. Players can't find normal server in thousands of fake servers which only want to redirect client to another server. Server owners can't get online because normal server disappear in thousands of fake servers. Any info about fixing this problems?

I add to favorits some fake serves by game title and ping. total servers 1300+, 700+ fake servers. 50% of crap. how should we play in such a swamp? how server owners can get online? 700 garbage servers for 10k players.

[fant1kua]

Bump. Any news about it? Finding servers is worst for now. There are a lot of fake servers which are on top of the results.

[SamVanheer]

Servers redirecting you should be prevented if you have cl_filterstuffcmd turned on, once the beta is pushed to release it should solve that problem. Slowhacking should also be prevented entirely at the same time.

Servers attempting to spoof the player count by changing the game name is being dealt with, leaving only the fake player count by way of bots issue.

As i noted here servers can spoof this information with no way to detect it by using a modified engine.

Steam provides support for bots by letting you create unauthenticated connections for them: https://github.com/ValveSoftware/source-sdk-2013/blob/0d8dceea4310fde5706b3ce1c70609d72a38efdf/mp/src/public/steam/isteamgameserver.h#L149-L153

So it should be able to use this information to report if there are bots on the server, but only if the engine actually uses this function. Custom engines may be modified to not create a connection for bots to counter this, which along with my previous notes about reporting 0 bots leaves Steam in the dark about this.

From what i can tell this would result in the server browser not reporting the bots, so it should show up as empty if there are no bots. That might be an acceptable solution here i guess?

Beyond that, is there any else that needs dealing with regarding fake servers?

[afwn90cj93201nixr2e1re]

@mikela-valve as you can see there, https://github.com/ValveSoftware/halflife/issues/2064#issuecomment-509161085 this is general steam master server issue and not realted to GoldSRC at all, we can't fix it by filtering,( i mean we can, but it's crappy way, like checking is last symbol in description is number and etc ), i mean you can provide info to Valve, than they can create separate Moderator for Masterserver for example. Coz in automode we can't detect this server's, there can be related attack's and etc, i dont wanna describe this, i think you can get it.

Servers redirecting you should be prevented if you have cl_filterstuffcmd turned on, once the beta is pushed to release it should solve that problem. Slowhacking should also be prevented entirely at the same time.

If you think like there no another RCE... Lol, there ton's of this shit in engine.

It's can be fixed in but still, there many way's to spoof it, so, this is the reason why we should block any command's from server.

Once I described the problem, but you still didn’t get it, so try to join to my test server (94.250.249.75:27015), it sends the jump forward voicerecord command, and then try to stop it, without console, you can't do it without writing -jump, -forward -voicerecord in the console.

Of course, you can fix this by writing some kind of pseudo-fix (crappy), for example, execute - for all the commands registered on disconnect, but how it will help?

There can be custom -/+ command's which you can't detect.

This is another reason why they should be added to the blacklist, there is no reason to leave them unlocked, at least in Counter-Strike.

Connecting to 80.211.195.16:27015...
Connection accepted by 80.211.195.16:27015
[Extra Mirror] blocked: "motdfile "!MD5/../../cstrike/hw/opengl.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "joystick.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "joystick.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "banned.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "default.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "dcstrike16.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "menucs16.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "listenserver.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "csconfig.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "userconfig.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "joystick.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "language.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "violence.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "!MD5/../../valve/hw/opengl.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "!MD5/../../valve/hw/geforce.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "!MD5/../../cstrike/hw/geforce.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "!MD5/../../valve/banned.CFG""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015motdfile "!MD5/../../valve/valve.rc""
[Extra Mirror] blocked: "motd_write Connect bst.csglobal.ro:27015clear"
[Extra Mirror] blocked: "echo "[AMXX] Simple Redirection -  Redirecting to best.csglobal.ro:27015""
Could not execute privileged command "Connect" best.csglobal.ro:27015

BUILD 7882 SERVER (0 CRC)
Server # 1
Your map [maps/de_dust2.bsp] differs from the server's.
Host_Error: Disconnected

this is log from connecting to one of fake server's

One more about it. Just informative.

As you can see just a map.

Only one resolution here, is using steam api key's for adding server to official master server,

like create some cvar or smthng like this, or file, where we can put our steam api web key or something like this, for adding server to ms. So, then we can block fake server's owner's steam account's, but, there also should be Moderator.

I also mean it's just workaround, we can't fix fake server's, i can create fake server for any of source game and etc.

[fant1kua]

@SamVanheer first of all i think it MS problem and must be fixed on it. And as for me this servers must be remove because legitimate servers can't get traffic. Thousands fake servers are on top of results as I said before. And I agree with @afwn90cj93201nixr2e1re. Token system can prevent this. But it can't guaranteed that they will not registry a lot of accounts to take a token.

[SamVanheer]

I'm assuming you mean MicroSoft? Because they don't have anything to do with this.

Also because servers can be hosted using anonymous login there's no way to make any kind of token or key system that will prevent any of this.

Forcing server operators to register new Steam accounts just to host servers will create more problems (hosting multiple servers on the same physical server for one) and will probably also cause problems for other games since the master server is shared with all games.

The second problem can be avoided by making the master server apply anonymous account restrictions on an app-by-app basis but there is a reason why anonymous login exists.

Edit: I found that newer Valve games use a system to solve this problem: https://steamcommunity.com/dev/managegameservers

I assume this is what you were referring to before? It sounds like it should solve this problem in some fashion, if one server is found to be fake all other servers tied to the account that the token was created with can be investigated/removed/banned/etc. I don't know how this works though, i'll look into it a bit more.

Edit 2: From what i can tell this feature relies on the existing API for logging in using an account: https://github.com/ValveSoftware/source-sdk-2013/blob/0d8dceea4310fde5706b3ce1c70609d72a38efdf/mp/src/public/steam/isteamgameserver.h#L53-L59

So the engine could be updated to require this without needing a SteamWorks SDK update.

The account requirements should curb fake servers once the first batch of fake servers get banned, since the associated accounts will likely be community banned as a result.

The only question would be how fake servers should be reported, since if that's not possible then all of this would be a waste of time.

[Mistrick]

The only question would be how fake servers should be reported, since if that's not possible then all of this would be a waste of time.

Current fake servers only want to redirect client to another server. They mostly send connect ip, motdfile, motd_write when client connecting to the server. https://gist.github.com/Mistrick/fd3bc8071f2fcf103c17663681883fd5

[fant1kua]

I'm assuming you mean MicroSoft? Because they don't have anything to do with this. No. I mean the official Valve master server

Also because servers can be hosted using anonymous login there's no way to make any kind of token or key system that will prevent any of this.

I know. And one of suggestions is to disallow anonymous login.

I found that newer Valve games use a system to solve this problem: https://steamcommunity.com/dev/managegameservers This is was we talked about. Make the same principle

[SamVanheer]

The only question would be how fake servers should be reported, since if that's not possible then all of this would be a waste of time.

Current fake servers only want to redirect client to another server. They mostly send connect ip, motdfile, motd_write when client connecting to the server. https://gist.github.com/Mistrick/fd3bc8071f2fcf103c17663681883fd5

Slowhacking through the director message command is fixed in beta, but only for official games. Mods are still susceptible to them since they're out of date.

Hopefully that should put a stop to fake servers in official games like CS, but if it still happens once the beta is pushed to public then definitely report that.

@mikela-valve This is something that should be enabled if possible. I read through the SteamWorks documentation and found no references to enabling GSLT specifically, but it does mention being able to configure dedicated server apps as anonymous or requiring specific accounts, so i assume GSLT is generally available to all apps and not just the Source engine games that use it.

I also found web API calls for banning/unbanning GSLT servers but those require a publisher API key so i assume GSLT server bans are intended to be managed by the developer and developer sanctioned moderators.

[Mistrick]

Hopefully that should put a stop to fake servers in official games like CS,

Fixed in april but 50+% servers in master server are still fake.

[SamVanheer]

Hopefully that should put a stop to fake servers in official games like CS,

Fixed in april but 50+% servers in master server are still fake.

Because it's still in beta.

[Mistrick]

Because it's still in beta.

It is fixed in public

] connect 109.105.70.158:29004
Connecting to 109.105.70.158:29004...
Connection accepted by 109.105.70.158:29004
Could not execute privileged command "connect"asus.gamepower.ro:27015

BUILD 5758 SERVER (0 CRC)
Server # 1
Your map [maps/de_inferno.bsp] differs from the server's.
Host_Error: Disconnected
] version 
Protocol version 48
Exe version 1.1.2.7/Stdio (cstrike)
Exe build: 15:58:59 Apr  3 2019 (8196)

[SamVanheer]

Correct, i was wrong about that.

Are servers able to force a redirect still? Or are they solely reliant on the fixed director message?

[Mistrick]

They can't redirect client but I as a player can't find normal server in current master server swamp.

[SamVanheer]

They can't redirect client but I as a player can't find normal server in current master server swamp.

Then all that can be done is to enable GSLT for all GoldSource games (mods will automatically be covered by Half-Life's settings) and have moderation to catch and ban fake servers. Hopefully once these server operators get banned a few times they'll learn to stop doing this.

[Mistrick]

We need answers from Valve.

[afwn90cj93201nixr2e1re]

That's not Microsoft problem at all. We start report fake servers since 2010. And nothing.

P.s MS in this case == MasterServer.

[mikela-valve]

@SamVanheer @Mistrick I'm sure this will take more work to identify and ban or at least better filter the server list by default, but I did update the current beta with a change you can test.

We do already receive Steam account information from the game server if it exists, so I've added a filter option to the server browser that only displays servers that have a valid Steam account associated with them. It seemed to properly filter out all of the obviously fake servers, so give it a try and let me know how well that works, if it misses any fake servers or improperly filters out servers that should be there, etc.

[metita]

@mikela-valve Seems to be working but list is just too small, what does Has associated Steam account mean? We would like a bit of explanation on that one and how to opt-in to that.

I am thinking login through a real steam account when using SteamCMD and not using anonymous login but that make no sense at all.

[SamVanheer]

From what i can tell this basically filters out all dedicated servers hosted with anonymous login which for CS is the majority.

This does filter out the servers that are trying to fake the player count using the game name with trailing number trick.

[mikela-valve]

Thanks @SamVanheer I was just typing that up. That's why I didn't set that filter as the default, I figured there are many valid servers using anonymous login. Is the downside to logging in to Steam that it doesn't make it possible to host with older client/server versions or are there other issues as well?