search

haxball / haxball-issues

116 stars 43 forks source link

Help the last standing serious communities to keep going, start developing haxball again Basro! #2056

Open LuciferGRE opened 1 year ago

LuciferGRE commented 1 year ago

Hello Basro, its me LuciferGRE owner of the biggest european futsal pubs in Europe since 2019 Super League Haxball. No doubt that you don't know me, you never put efford to know your community. You're an absent owner and you better close this game or start developing it to protect the communities existing inside it.

Have you ever noticed that there are hacking websites for haxball? There are tons of them, they offering custom hacks to avoid ban mods. Have you ever heard complains of people receiving bot attacks, or ddos attacks? I'm sure you did and you did not care to help them

Your game has zero protection against the ddosers,hackers,modders. Your game provides zero protection to the official communities of Haxball that stand no matter the difficulties for years alive!

For real you did forbid sites like Haxapp to exist , sites that provided something a really worthy addition into the game itself and you are blaming US the community OWNERS that we did not spend a penny for this game. SHAME ON YOU! I personally spend more than two THOUSAND euros into this game for my own hosts for both pubs and league games without having a serious income from this!

I demand some actions from your side. Or i will make sure that a big part of haxball's european playerbase will never play this game again.

1) Haxball protections from your side to the official Haxball communities like S.L.H 2) IP Ban the confirmed attackers-ddosers-modders 3) Anti-VPN protection from haxball ITSELF 4) Highlight of the rooms-communities (INSIDE Haxball list) confirmed by Haxball 5) Haxball Marketplace creation 6) More features a community can use to earn Donations (since no one would donate for a simple 2d game abandoned by its owner) 7) Hire a general haxball admin team if you can't handle this yourself to help protecting the official haxball communities and punishing the hackers 8) Removal of the flag change (this is a exploitable feature) 9) Ping improvement throught continents 10) Give official communities the ability to make more than 2 rooms under 1 IP 11) Official Haxball media 12) Global chat 13) Official Haxball app 14) Remove objects limit from maps 15) Extrapolation removal 16) Official Haxball discord server 17) Log in-Register system! Remove auth and finally do create an account system!

Get to know your community before its too late for your game

Regards, Owner of S.L.H (SuperLeague Haxball) LuciferGRE

TheCh0sen0ne1 commented 1 year ago

As far as I know, It's not last serious futsal pub, and you're the only one with very old script using PHP and external Database on xampp (mysql). There're bunch of free antivpns and proxies, no need to be very smart to use it. Banning second tabs is like 2 LOC. Your room is having few thousands of members, but seriously maybe 20 is active (with 10 of admins). Marketplace? It's free game, its for your own business to have like donations.. For what u want remove flag change? It's kind of fun to make like nation 4fun cups etc, you can always check on player.conn... I was on your Discord for few weeks and I saw like u closed pubs 3 times this year (4ver) last time one week ago... Ping improvements XDDDD funny

The only problem is that every time I upload to the server, your room crashes, there is no connection to the database, they always restart themselves, the admins are idiots, they ban random people, and you think that if some a person enters your server, is this an attack? You simply can't even enable the reCaptcha option, which basro added a long time ago. Once I was put in as a captain, it added a second person, I didn't even have time to choose anyone, everyone in the room just laughed that it was bugged, the problem has probably been going on for several months, because it's still the same problem... Recently, there have also been penalty kicks after the game, they are also constantly bugged, sometimes we did dozens of them until an admin started the game again, always "fixed, fixed", and nothing is fixed.

Just look on this... https://superleaguehaxball.boards.net

DavidMC49 commented 1 year ago

But why not to implement AntiVPNs and proxies in the game itself, so we don't have to struggle with that? SLH probably wasn't the only league struggling from this kind of problem, and probably won't be the last, but it could be solved short-term with this.

You forget one thing: the league server doesn't have much activity in general compared to the number of members, yes (but not much of the admins are really active). But the thing you forget is that the pub rooms are very much active, and they were closed 3 times mainly due to bot changes brought by an arriving and quitting admin/owner, and financial struggles.

Flag change? I support the idea of removing it as it's really easy to live back with it.

Chin up, lad! You have time to think about things and check what is really going on at the rooms and at the server.

ugurari0 commented 1 year ago

I agree we put lot of time a lot effort in it to hold the game active. We waste a lot of time in it, but not even small improvements.those are not hard things, to make ur game better and help the communities.

AndreaCasaluci commented 1 year ago

As the owner of one of the European Haxball communities, I express my total support for LuciferGRE as I understand first-hand what it feels like to be in the situation he describes. I personally feel that communities are left to themselves, leaving those who run them with the arduous task of having to answer for game problems directly to their users. Every day we struggle with toxic people, hackers, modders and so on. All people who get banned but who take a moment to bypass 'security' and re-enter the room to cause trouble. Often we have to rack our brains to put something new in the room to keep players who are tired of the same old stuff. No serious updates have been made in a long time, neither on the gameplay side nor on the security side. No support for the communities that have been running this game for years. We are not asking for the moon, but at least to listen to us and understand us.

TheCh0sen0ne1 commented 1 year ago

But you know, antiVPN is not really well thing, and there's always problem like someone use mobile connection etc? If you make your own, you'll have to deal with your own whitelist so its much better for your own hosts..

I agree we put lot of time a lot effort in it to hold the game active. We waste a lot of time in it, but not even small improvements.those are not hard things, to make ur game better and help the communities.

Nobody forces you to play or set up rooms, some hosts leave, other hosts come.

There's one good thing for VPN's, it's reCaptcha, you "good developers" should know how to enable it, but we all know u dont give a single F. Your rooms are bugged, so there's no diff if u have antivpn from haxball.

AndreaCasaluci commented 1 year ago

There's one good thing for VPN's, it's reCaptcha, you "good developers" should know how to enable it, but we all know u dont give a single F. Your rooms are bugged, so there's no diff if u have antivpn from haxball.

Could you kindly enlighten me on how reCaptcha is a 'good' thing for VPNs? Because I assure you that while I don't consider myself a 'good developer' I have implemented an automatic system that detects fast-sequence connections to the room and automatically activates the reCaptcha, but I don't see how this is useful against VPNs. Thank you for your attention. @TheCh0sen0ne1

LuciferGRE commented 1 year ago

But you know, antiVPN is not really well thing, and there's always problem like someone use mobile connection etc? If you make your own, you'll have to deal with your own whitelist so its much better for your own hosts..

I agree we put lot of time a lot effort in it to hold the game active. We waste a lot of time in it, but not even small improvements.those are not hard things, to make ur game better and help the communities.

Nobody forces you to play or set up rooms, some hosts leave, other hosts come.

There's one good thing for VPN's, it's reCaptcha, you "good developers" should know how to enable it, but we all know u dont give a single F. Your rooms are bugged, so there's no diff if u have antivpn from haxball.

first of all recaptcha is bugged, we did apply this on our rooms 1-2 years ago and many people were unable to join in our rooms because of that. even that is poorly scripted by Mr.Basro , please proove me wrong

Nellty commented 1 year ago

It is funny how you're complaining about some bots while inciting your audience to upvote your posts. You're also complaining about some modifications, but apparently it is fine to promote the one that highlights your rooms in the game rooms list. Even more funny that its code is highly obfuscated and contains a backdoor 🤡

I demand some actions from your side. Or i will make sure that a big part of haxball's european playerbase will never play this game again

That got me dead, ngl

But anyways, if someone is really wondering, and not just clowning around, what can you do against some bot(?) attacks(??):

What you can do is depends on knowledge, motivation, and capabilities/possibilities of both of you and the attacker. Surely to make things less responsible you can replace "you" with Basro, but the war between games and cheaters/attackers is always based on the bold sentence above. Since the topic problem was never described, I'll assume that the problem means a classic case of a script kiddy with some proxies (so the manual bans of IPs aren't effective) and what he does is some chat spam/flood or maybe a room gameplay stalling... You need to understand:

This is getting stupid long so I'll switch to a QnA style:

Q: Can I simply figure out the IP is Proxy/VPN? A: Simply is paid, $19/month, 10 000 daily queries is one of the first Google search results. Also I believe it is still could have some false positives, and the more cheaper the service, the more is the probability of a false positives

Q: What can I do for free then? A: You can use some more cheap (or even free if your community is small enough) services called ip info api. For example, this links to a data of a typical VPN ip. You can probably use the "country" and the "org" parameters from there and then analyzing the players ips and the attacker ips, maybe you will find out that is, for example "org": "M247 Europe SRL" is always means vpn, or maybe "country": "FR" in your case is always means vpn, or maybe "US"...

Q: What is the simplest solution? A: It depends on what you have and what you can afford to lose. For example: I have a small community, ~90% of players are from the same country. I can afford some playerbase loss but only during the attack time. ~25% are using vpns from time to time, just for their needs, and the vpns they're using were also being used by the attacker. What I did is a !defense switch that is while active is not letting the players in from any country except the main one. The players were kicked with a warning about the room being attacked, they don't get banned to avoid negative experience for them, and a lot of the real players were joining through, seamlessly for them, but the solution is far from ideal, and the described defense can't be running 24/7 because of

Q: What could be a more complex solution? A: You can use a mix of a different solutions that is need to be tuned to your needs. This could be a mix of: whitelisted/blacklisted playerauth/ips/nicknames/chat messages, some of them being applied temporarily or always. Also a tricky ideas that are working until the attacker doesn't know the trick. For example: passing all the chat through the room.sendAnnouncement and blocking all the players chat, so it gives you a possibility to show the attackers chat only to himself, so he won't even notice this for some time. Another example: foreground whitelist based on players playerauth with condition of a 10+ hours of a play time, so if the player has joined with a bad IP, he would still pass through

If your community is reliable enough you can also don't even really try to do any of this stuff and just move to the shadows of hidden rooms. Be honest, or on the contrary, just pretend you've been trying to do something and then slowly start encouraging people to go to a hidden rooms where everyone knows each other

p.s. Don't forget to think sometimes from the attacker perspective, and from the harmless players perspective, and especially what is could be common in between them, so you don't mix them up

LuciferGRE commented 1 year ago

It is funny how you're complaining about some bots while inciting your audience to upvote your posts. You're also complaining about some modifications, but apparently it is fine to promote the one that highlights your rooms in the game rooms list. Even more funny that its code is highly obfuscated and contains a backdoor 🤡

I demand some actions from your side. Or i will make sure that a big part of haxball's european playerbase will never play this game again

That got me dead, ngl

But anyways, if someone is really wondering, and not just clowning around, what can you do against some bot(?) attacks(??):

What you can do is depends on knowledge, motivation, and capabilities/possibilities of both of you and the attacker. Surely to make things less responsible you can replace "you" with Basro, but the war between games and cheaters/attackers is always based on the bold sentence above. Since the topic problem was never described, I'll assume that the problem means a classic case of a script kiddy with some proxies (so the manual bans of IPs aren't effective) and what he does is some chat spam/flood or maybe a room gameplay stalling... You need to understand:

  • if the attacker is decently highly motivated, he would be always looking for a ways to do some crap, and the borders of his possibilities would be really close to borders of your room players comfort. This means that sooner or later you will have to sacrifice some good things to make more complicated the task of the attacker. Example: attacker is flooding chat and you're implementing an always-on slow mode for everyone.
  • the war between you and the attacker could take a years, so you need to concentrate on a decisions that are easy but decently effective, maybe also combining a few. If you're at the point when this is impossible to do, or it's doesn't work, then switch to more radical ones, or ask for help (but not as the @LuciferGRE with demands and hostages) Example: attacker is using a VPNs to bypass a ban. You're making a switch that when enabled is not letting the players in based on some parameters... Then when it's not enough you're making the room access through whitelist only
  • it is always about tricks and ideas how to differ the attacker from the others. There are NONE identificators that are unique to a single player, and also are stable enough, because the attacker can use random playerauths, ips, nicknames, chat messages, or he can use a real players nicknames and chat messages... Their IPs may easily intersect too

This is getting stupid long so I'll switch to a QnA style:

Q: Can I simply figure out the IP is Proxy/VPN? A: Simply is paid, $19/month, 10 000 daily queries is one of the first Google search results. Also I believe it is still could have some false positives, and the more cheaper the service, the more is the probability of a false positives

Q: What can I do for free then? A: You can use some more cheap (or even free if your community is small enough) services called ip info api. For example, this links to a data of a typical VPN ip. You can probably use the "country" and the "org" parameters from there and then analyzing the players ips and the attacker ips, maybe you will find out that is, for example "org": "M247 Europe SRL" is always means vpn, or maybe "country": "FR" in your case is always means vpn, or maybe "US"...

Q: What is the simplest solution? A: It depends on what you have and what you can afford to lose. For example: I have a small community, ~90% of players are from the same country. I can afford some playerbase loss but only during the attack time. ~25% are using vpns from time to time, just for their needs, and the vpns they're using were also being used by the attacker. What I did is a !defense switch that is while active is not letting the players in from any country except the main one. The players were kicked with a warning about the room being attacked, they don't get banned to avoid negative experience for them, and a lot of the real players were joining through, seamlessly for them, but the solution is far from ideal, and the described defense can't be running 24/7 because of

  • unavoidable false positives;
  • country specifics: if the most vpns are from US and FR (for example), maybe you can't filter out much for a room intended for US or FR players;
  • the attacker could still flood a chat with a "reallyBadNickname has joined the room";

Q: What could be a more complex solution? A: You can use a mix of a different solutions that is need to be tuned to your needs. This could be a mix of: whitelisted/blacklisted playerauth/ips/nicknames/chat messages, some of them being applied temporarily or always. Also a tricky ideas that are working until the attacker doesn't know the trick. For example: passing all the chat through the room.sendAnnouncement and blocking all the players chat, so it gives you a possibility to show the attackers chat only to himself, so he won't even notice this for some time. Another example: foreground whitelist based on players playerauth with condition of a 10+ hours of a play time, so if the player has joined with a bad IP, he would still pass through

If your community is reliable enough you can also don't even really try to do any of this stuff and just move to the shadows of hidden rooms. Be honest, or on the contrary, just pretend you've been trying to do something and then slowly start encouraging people to go to a hidden rooms where everyone knows each other

p.s. Don't forget to think sometimes from the attacker perspective, and from the harmless players perspective, and especially what is could be common in between them, so you don't mix them up

Good evening, thanks for this huge feedback,and a big thank you for the time you spent to write this, well the title is kind of missleaded, that's not supposed to be my main subject of the post (it was one day attack and we managed to add the security measures needed to prevent this) this post was mostly to attract Basro's attention about abandoning his game, and also DEMAND some features for the communities to have an easier way throught our journey. my Script already has IP region ban and we can enable it whenever we need it,my country has already Anti-VPN protection, we already have second-tab protection. What you all may mistaken with this post is that i'm not referring only to my community but i'm speaking about every community that we feel abandoned inside this game.

I still would like to see what's basro answer would be about 50% of the things i did suggest. Of course no answer ever came from this guy. And we only pay pay pay.

uzayyli commented 1 year ago

Just a friendly reminder that basro is not your pesronal assistant or something..

The guy is being so nice for providing us with one of the best games ever made, for free.

While I agree that the game needs more features implemented, threats and accusations are not the way to achieve this. Just put yourself in his shoes. How is threats, accusations and spamming his github with hacks any different than a DoS attack?

On a related side note: I did support one guy before, assuming he wanted to improve the game. But turns out he just wanted to grief this community so I stopped helping that project.

I know this game has many devoted players and developers with good intentions, and I hope basro one day supplies us with better modding tools, and that's the best I -and you- can do.

becken7 commented 1 year ago

Hi, friend! I understand your requests and pain. I have been the administrator of HaxBall Argentina since 2018 and I invest more than 10 hours per day (in addition to money) in helping the game grow. And I feel like we'll never see a reward. Whether it is recognition or monetary help. Sadly it is reality, and I still do it because I really love this game and the community; but the energies will one day end. Unfortunately, community administrators work, and will continue to work for free for HaxBall.

LuciferGRE commented 1 year ago

Indeed, @basro would not answer us, he thinks we're a cockroach, that is his level,he does not care for the game guys, i hope you understood that guys :)

LuciferGRE commented 1 year ago

image

@basro is ghosting on purpose, there's no way he did not notice this post. I dont expect from p. scums such as @Anooxy to support something like this, especially when he is the one who likes to send bots and ddos hosts or even openning fake rooms like the screenshoot above messing with the room lists. @basro chooses to who he is going to listen, and when PEOPLE like 5-6 certain developers don't want any change in this OUTDATED game nothing is gonna change. You guys deserve this game.

ugurari0 commented 1 year ago

Z

I was first on this geo, your players still sending messages to me about bugs in room

No need to discuss, I dont know nothing about bots. Just look at your posts, if anyone is making negative words about features, you're insulting, gj.

And who are you? A life less kiddo? A kiddo who can’t take his lose? So still trying to get attention from SLH reputation. And even saying ‘i was first on this geo’ brother SLH has been always there your no name server and all others came all after slh, so what you are talking about? First try to become an official haxball community like SLH is on the Haxball site communities menu. What I see is, is just a jealous lifeless kiddo searching for attention. 😜

LuciferGRE commented 1 year ago

I was first on this geo, your players still sending messages to me about bugs in room

No need to discuss, I dont know nothing about bots. Just look at your posts, if anyone is making negative words about features, you're insulting, gj.

i'm in this geo since 2019 you scumbag!

jakjus commented 1 year ago

I think the OP suggestions are too emotional. While I agree with general statement, I don't think any of proposed changes are on point. I think @Nellty sums it up well :)

I created a plugin for handling kicking automated (bot) players. https://github.com/jakjus/hax-antibot

Let's try to collaborate on features to improve HaxBall ourselves :)

I don't actively develop HaxBall rooms anymore, but please feel free to add me at Discord, id: jakjus

cofimaslisa commented 1 year ago

I was always against haxball apps, because that is a browser game, no need for 3rd party programs. I use Firefox since the very own creation of the game. But what i want to criticise is that haxball.gr and haxrec.com are not functional. Those sites were great and useful. They still exist without any properly working function. Get those back if possible faster, 2 years is alot to wait, doing nothing.

markandre1 commented 12 months ago

@basro YOU ARE NOW LAZY....

LuciferGRE commented 7 months ago

7 Months passed, and @basro chose to ignore whatever i've said , if he chooses to ignore one of his biggest communities he is a fail cause to me, i will try to act professionally and only reason i'm not closing down is because i do still have support from people/ @basro , thank you very much for all the attention you dropped to this

cofimaslisa commented 6 months ago

Not many are for your loooong 17. list. You could ask for less tbh. I think you ask too much. No offense. Should be taken step by step and some of these things are impossible to be done

meobu commented 6 months ago

Just rewrite whole code to remove extrapolation and game will be popular again.

LuciferGRE commented 6 months ago

Not many are for your loooong 17. list. You could ask for less tbh. I think you ask too much. No offense. Should be taken step by step and some of these things are impossible to be done

30% of what asked to be done , will be a success

DavidMC49 commented 6 months ago

Just rewrite whole code to remove extrapolation and game will be popular again.

Well, I don't think the presence of extrapolation is that bad. In fact, in some modes, such as racing, it's quite useful. I think the solution should be this: