Duplicate rooms abuse

[oghb]

Hi everyone, in the last couple of days someone has been creating duplicates of existing rooms. None of these rooms seem to be accessible – they either give the "Connection closed" or "Failed to connect to room host" error – yet they appear to have players in them (never 0, always at least 1).

From what I've gathered this is a technique people use to "hide" someone else's room among those duplicates, and it is in fact a turnoff to players trying to join the real room. As you can see from the screens MANY duplicates are hosted, and one of them even showed it had more players within than the maximum allowed (23/12 players in one of the "Volley" duplicates). In the second screen I've uploaded, there is also a list of "3v3" duplicate rooms hosted (not actually hosted, just with the geo override) in the Czech Republic; what I noticed about those is that only one of them is accessible (apart from what seems to be the real one, which is empty), and in that room you'll find a player afk with very low ping (1-4 ms), suggesting he's the one hosting it.

Now, I'm fairly certain about who's behind this, but blaming someone on a github issue would be pointless: I just would like to know how something like this may be achieved (I doubt someone is actually using several vps's to host those rooms, so maybe there is some tool specifically designed to do so) and if there is anything that can be done to stop such a thing from happening – maybe a limit on how many rooms can have the same name?

Thanks to anyone willing to help og

[dixtel]

He use custom haxball server-side so he control all parameters: number of current players, title, max players, flag and your room location (this is important to "hide" rooms). Maybe he use vps but with vpn to creating many rooms and dealing with this problem is pointless with my painful experiences.

[FalekPRO]

This is a haxball bug. I had the same problem today. The error occurs when the room is open for more than a week. Then this error appears in the console

WebSocket connection to 'wss://p2p2.haxball.com/host?token=thr1.AAAAAF-PBQZv1jkKYaPX-g.DPMGGlmemb0' failed: Error during WebSocket handshake: Unexpected response code: 502

and you need to solve it again. Recaptaha rooms start to duplicate, then they disappear on their own within 72 hours. Here is a duplicate of that #680 problem.

[SMALIE]

I had the same error as @FalekPRO.

[oghb]

No, not really, the room has been open for less than a day and the console is fine. If you check the current room list you'll see a whole different bunch of duplicates.

Please stop spreading misinformation.

[FalekPRO]

This is a haxball bug, I had the same problem. My friends too. Here is a duplicate of the problem from last year.

680

You spread disinformation.

[oghb]

Here's how long node (haxroomie) has been running.

[oghb]

You seem to be so knowledgeable about this issue yet you can't provide us with any screens or details, which is on the other hand what I'm doing.

I've been running rooms 24/7 for over a year and I encountered myself a good share of bugs and errors here and there. This is not one of those and I don't understand why you're getting so defensive about it – or maybe I do.

[oghb]

So just to be clear, that bug happened to the guy owning the room with the other Discord server exactly at the same time?

That is certainly not my room, yet it's somehow hosted on the same server (or I should say with same geo) and only stayed online for a hour or so. And – funny enough – it was also a Volleyball room with the same room name except for the fact that it linked to a different Discord server.

Are you implying that guy also happened to have the same issue right after I opened this thread, when before the other day I had never had it, and had never seen anyone having it?

Thank you for replying to the issue, but I'm sorry to say you're far off.

EDIT: Oh, and now the duplicates are gone like magic. I wonder if they'll show up again anytime soon.

No, not really, the room has been open for less than a day and the console is fine. If you check the current room list you'll see a whole different bunch of duplicates.

Please stop spreading misinformation.

[AnddyAnddy]

I am also using haxroomie to host rooms (3vs3 by luck as you guessed) and I never had this issue, but I already encountered people hosting a duplicate room of mine in order to steal passwords and maybe get IPs

[oghb]

I am also using haxroomie to host rooms (3vs3 by luck as you guessed) and I never had this issue, but I already encountered people hosting a duplicate room of mine in order to steal passwords and maybe get IPs

Yes I imagine, I have also had people creating one duplicate of my rooms for that reason, and that alone would be enough – I think – for basro to add a limit on how many rooms can have the same name (although I don't know if that is feasible).

The problem here is that there are many duplicates and none of them seem to be accessibile, which – I believe – suggests something fishy is going on. Sure one can just use multiple proxies/VPNs to open more than 2 rooms, but have you ever seen a room with more players in it than the maximum allowed (first screen, one room has 23/12 players)? And I don't think any of those rooms actually have players within, since everyone I asked couldn't manage to join.

I think @dixtel may be onto something, but I'm no expert so I can't really say for sure.

I hope @basro sees this thread, in the meantime thank you for replying @AnddyAnddy (and congrats on your rooms).

EDIT: When I wrote this message there were no duplicates. This is the situation now (one room even has 30/12 players).

EDIT2: Duplicates had gone to just 1, now they are back online. As you can see from the screens I uploaded here, the room with 30 players comes and goes, so it probably means that it's hosted on the same connection at least two of the other duplicates are hosted on. Hence, those can't be duplicates in the way FalekPro described them (not to mention, I have no errors on my console).

EDIT3: And now we're back to just 1 duplicate. I think provided you all with enough evidence to show this is no bug, rather an exploit people use and have used before (#680, as FalekPRO kindly pointed out).

[SMALIE]

sounds realistic do you know who is doing it or is it just guesswork?

[oghb]

sounds realistic do you know who is doing it or is it just guesswork?

As I stated in my first post, I see no point in blaming anyone on a github issue. I'm just doing my best to show basro and other room admins that this is something to look out for and fix ASAP.

Those screens are no guesswork: that's what really matters.