search

jammsen / docker-palworld-dedicated-server

Docker container to easily provision and manage Palworld Dedicated Server
https://hub.docker.com/r/jammsen/palworld-dedicated-server
MIT License
898 stars 151 forks source link

[Bug Report] It always appears in the community server list #175

Closed arithxp closed 5 months ago

arithxp commented 5 months ago

Have you read the Important information text above

Current behavior

Even if COMMUNITY_SERVER to false , the server will always appear in the Community Server.

Desired behavior

It should not appear in the community server list.

Links to screenshots

image

To Reproduce

Set COMMUNITY_SERVER=false in the default.env file.

Software setup

ubuntu 22.04

Hardware setup

4 vCPU 24RAM 30GB

Additional context

No response

thejcpalma commented 5 months ago

@jammsen might answer this to you better but look at this and this Reddit posts that are about this. Battlemetrics scrapes the info from Epic Online Services.

jammsen commented 5 months ago

Hey @arithxp - Yes Battle-Metrics looks at the exe file of the game and scrapes the API-Access data from there. Then they can identify as a "valid" client and scrape the entire API from top to bottom. Thats most accurate assumption, without ever someone seeing there code.

The important thing to understand is, that information right now is changing and varying from week to week.

So first the message was:

"When you once had community mode active, you are listed and therefore battlemetrics has you scraped. The only way to start fresh is do delete everything, start fresh and dont use Community-Mode!"

So people tried that and it sometimes worked. But on the hand of Pocketpair, they didnt sleep either and updated the game too. Now it gets more confusing. Because of people reporting now some instances where this doesnt seem to apply.

Now the message morphs a little bit to:

"I had always my server in non-community mode (even started fresh and new) and i still get listed on battlemetrics or i get hacks or i have have security concerns ... etc."

Maybe Pocketpair did something to have "always" a master server and added filters like "community-mode: false/true" and lists all the server in the "master-server-api"-kind-of-thing. Who knows. i didnt Decode the API. But the assumption is, that this list holds all servers and Battlemetrics just list thoose, without considering the filters, maybe.

Long story short, there is not really anything i can do on all of this. All im doing is giving you the ability to host Palworld Dedicated Server on Linux in Docker. If you want to block access to APIs and stuff, i recommend you doing that in your own network, with your own flavor of tools you like. Me implementing that would explosively change the scope of this repo, also no matter how i would do, others would do i like X and mine would be less secure and maybe they would be right about that. (And they could be right, im not a Security-Researcher) Also keep in mind, all thats out here are "assumptions" or "opinions" and while many people say that their assumption or opinion is more true then XYZ's and therefore should be considered as FACTS. Thoose arent facts. The fact is, we still dont know yet until a dev confirms or denies it.

And the follwing table makes it even more clear:

image Source: https://www.hmhco.com/blog/teaching-fact-versus-opinion

All we can do is wait. If you want to block access to the data and change ports to start fresh again maybe do that. Its up to you 👍

Hope that answers the question in a detailed way.

arithxp commented 5 months ago

yes. understand. It is not a bug, and even if it is a bug, it is a problem that the game developer must fix. Thank you for answer.