Closed arithxp closed 5 months ago
Hey @arithxp - Yes Battle-Metrics looks at the exe file of the game and scrapes the API-Access data from there. Then they can identify as a "valid" client and scrape the entire API from top to bottom. Thats most accurate assumption, without ever someone seeing there code.
The important thing to understand is, that information right now is changing and varying from week to week.
So first the message was:
"When you once had community mode active, you are listed and therefore battlemetrics has you scraped. The only way to start fresh is do delete everything, start fresh and dont use Community-Mode!"
So people tried that and it sometimes worked. But on the hand of Pocketpair, they didnt sleep either and updated the game too. Now it gets more confusing. Because of people reporting now some instances where this doesnt seem to apply.
Now the message morphs a little bit to:
"I had always my server in non-community mode (even started fresh and new) and i still get listed on battlemetrics or i get hacks or i have have security concerns ... etc."
Maybe Pocketpair did something to have "always" a master server and added filters like "community-mode: false/true" and lists all the server in the "master-server-api"-kind-of-thing. Who knows. i didnt Decode the API. But the assumption is, that this list holds all servers and Battlemetrics just list thoose, without considering the filters, maybe.
Long story short, there is not really anything i can do on all of this. All im doing is giving you the ability to host Palworld Dedicated Server on Linux in Docker. If you want to block access to APIs and stuff, i recommend you doing that in your own network, with your own flavor of tools you like. Me implementing that would explosively change the scope of this repo, also no matter how i would do, others would do i like X and mine would be less secure and maybe they would be right about that. (And they could be right, im not a Security-Researcher) Also keep in mind, all thats out here are "assumptions" or "opinions" and while many people say that their assumption or opinion is more true then XYZ's and therefore should be considered as FACTS. Thoose arent facts. The fact is, we still dont know yet until a dev confirms or denies it.
And the follwing table makes it even more clear:
Source: https://www.hmhco.com/blog/teaching-fact-versus-opinion
All we can do is wait. If you want to block access to the data and change ports to start fresh again maybe do that. Its up to you 👍
Hope that answers the question in a detailed way.
yes. understand. It is not a bug, and even if it is a bug, it is a problem that the game developer must fix. Thank you for answer.
Have you read the Important information text above
Current behavior
Even if COMMUNITY_SERVER to false , the server will always appear in the Community Server.
Desired behavior
It should not appear in the community server list.
Links to screenshots
To Reproduce
Set COMMUNITY_SERVER=false in the default.env file.
Software setup
ubuntu 22.04
Hardware setup
4 vCPU 24RAM 30GB
Additional context
No response