Norse_Harold

Okay, you're right. mainlog.html started as 283 MB, compressed to 38.9 MB, and attaching the compressed version was allowed in a PM. I thought that the attachment file size limit was set much lower on this forum. Even the 102 MB oos_dump.txt and 283 MB mainlog.html files appear to be allowed as attachments in a PM. In the case of mainlog.html it takes long enough to upload that the progress meter doesn't show any progress for many seconds. Perhaps that is why mr.michael thought it wasn't loading?

Yes, when I compress only OOS_dump.dat, OOS_dump.txt, commands.txt, and metadata.json then the result is 4.4 MB, and that's allowed as an attachment. But, I think that including mainlog.html exceeds the maximum file size of attachments. Is mainlog.html actually necessary for troubleshooting this OOS problem, or no?

Here is an update based on game lobby messages. <Norse_Harold> but please PM a download of your log files to Silier, who is a 0ad developer <Norse_Harold> then post a reply in the thread saying that you PM'd your OOS dump files <mr.michael> Norse_Harold is loading (ed. I think he meant: Norse_Harold, it is loading) <Norse_Harold> okay, cool <mr.michael> i already sent yhe file <Norse_Harold> you sent it to Silier? ... <Norse_Harold> mr.michael, you there? <mr.michael> i dont want to load Norse_Harold (ed. I think he meant: it doesn't want to load, Norse_Narold) <Norse_Harold> I don't know what you mean <Norse_Harold> did you PM your OOS_dump.dat and OOS_dump.txt files to Silier? <mr.michael> yes <Norse_Harold> okay, thanks ... <mr.michael> pm no <mr.michael> am <mr.michael> but it doesn't load <Norse_Harold> hey mr.michael <mr.michael> Norse_Harold hey <Norse_Harold> I replied to the forum thread <Norse_Harold> "PM" means "private message" <Norse_Harold> mr.michael, what is your primary language? Maybe someone can translate for us <mr.michael> Norse_Harold firned the porblem is that the file does not load == mr.michael has left I can only guess that "it doesn't load" means that he can't upload the files to the forum. The forum has a limit to the maximum file size that can be uploaded, so this is not surprising. That's why I said "PM a link to the files". This means "upload the files to cloud storage account such as dropbox.com or sync.com, then make a link and private message it to Silier and user1." If someone could please translate this to mr.michael's language then this would be great. Also, Silier PM'd me that mr.michael has not sent the OOS log files to him yet.

@MR.MICHAEL Please send a private message to Silier and user1 with a link to the following files: oos_dump.txt oos_dump.dat commands.txt and metadata.json (the replay files of the game that got the OOS. They are likely in a directory named like 0ad/replays/0.0.25/2021-11-08_0004) mainlog.html

If a person changes a setting on the router, such as the WAN MAC address, and then resets the settings to defaults, the new MAC address isn't being used...

Okay, I have PM'd you a link to my logs and OOS dump. I want to consider it confidential to 0ad devs in case there is private information in the game state dump. mr.michael, I recommend that you do the same. Thanks.

I think that you meant to say "you need to change your WAN MAC address and hardware power cycle the router" here.

Today I was hosting an 8-player team game with no AI. At about 45 minutes we saw an out-of-sync error message, "ERROR: Out-Of-Sync on turn 13420. Players: mr.michael (1446)". This is the second time I have seen this error in the past few weeks. An interesting trait of the game: there was a lot of "lag", but no player was indicated as having a high network latency. There was a lot of combat, and several spectators, and as a host I was getting sometimes 1 to 4 FPS, at the most 14 FPS. Normally I get a solid 60 FPS during early game. We asked some of the players which mods they had enabled. Norse_Harold: no mods. mr.michael: autociv and balanced mainland farabundo: autociv SSwordLurkk: no mods. Palaiologos: autociv, boongui, shiny UI We have several guesses for what could cause this. mr.michael, can you PM a link to a 0ad dev with the oos_dump.dat and oos_dump.txt files in your 0ad logs folder?

Great, thanks, Dizaka!

Thanks a lot for posting this Dizaka. You rule! You're right that it's very simple. Are you distributing it under a free software license? Perhaps public domain, or GPLv2? For anyone who hasn't found the script yet, here are some instructions. First, download the most recent file at the link that Dizaka provided. The file is named "2021.03.21 (H 73.29.147.140) DDOSER HERE.zip" Within that archive you will find "0adextract.py". In order to use it you will need to have a Python interpreter installed. Most Linux computers have Python3 installed already or else available as a distro-supported package. If you're on Windows or Mac then you can download Python and install it. Then place "0adextract.py" in your 0 A.D. logs folder. This page explains where to find the logs folder. After each game of 0 A.D. that you host, shut down 0 A.D., double-click 0adextract.py, and then rename "mainlog_ips.txt" to "mainlog_ips_[date_and_time].txt". "[date_and_time]" means the date and time in international format. Examples: October 13, 2021 at 6:24 pm (18:24) UTC would be written as 2021-10-13_1824+0000 February 29, 2024 at 4:20 am (04:20) CEST would be written as 2024-02-29_0420+0200 Dizaka, if you apply a free software license to your script then guerringuerrin and I can make improvements, for example automatic renaming of the output file with the current date and time.

We know this. We don't claim to be able to find direct attackers this way, but accomplices can be found this way. Accomplices are the ones who are collecting IP addresses of potential targets. Please explain how you know that there is only one "attacker". Do you know his name? Do you have the ability to communicate with him? Can you ask him for ideas on protecting against ddos attacks? Can you ask him to stop doing the attacks?

"Funny" in a good way or "funny" in a bad way? Also, why only send one sentence in response to numerous paragraphs of text? Do you have specific constructive criticism? For example, what would be the consequence of all players applying rules to their games? Then the problematic players wouldn't have anywhere to go? *sniff* Think of the problematic players! Oh, the humanity! Thanks for bumping the thread, at least. That helps advertise the ideas.

I'm so glad you posted here! Yes, we need a DDOS detective. Every player can be a DDOS detective. Do you want to help? @bad player, you seem to know something about DDOS technique. And, somehow you know that there is only one person doing the DDOSing. How do you know this? There are other ways to help. One example is to ask all of your friends to ask all of their friends to stop asking DDOSers to launch attacks.

Yes, I saw this. It had some characteristics that differed and some characteristics that were similar to the ddoses that I have observed. What differed in this case is that the duration was much shorter, maybe 1 minute. Also, at least with the episodes that I saw, you were not disconnected from the lobby, and you were able to talk in the lobby after about 1 minute. However, you have stated that in at least one of the episodes you were unable to access websites. This is a trait in common with ddoses that I have observed in the past. Currently, there are at least three likely explanations for what was happening. It could have been caused by an unstable Internet connection or modem (it would be a good idea to check whether your modem has the Intel Puma chipset). It could have been caused by an attacker sending spoofed enet disconnection packets to you and/or the clients. It could have been caused by an actual ddos attack, much shorter than the 5 minute attacks I have experienced. In fact, each episode may have had a different cause. And, there can be other explanations that I haven't thought of. I also appreciate the thoughts that you have about a potential suspect, and a potential motive that he might have had for the attacks. It seems like you know what needs to be done in order to narrow down the possible causes: use the modem's admin interface to check traffic rates at the Internet connection, by packets and by bytes, before, during and after a suspected ddos attack. Capturing traffic at your computer would detect explanation #2, but it usually would not detect a ddos attack. Also, applying aixo's and Dizaka's technique of changing your IP before hosting each game, as well as using software to assist in narrowing down suspects of ddosing, are great ideas.

I was hit by another suspected ddos attack on Sunday, October 10th at about 23:20 UTC. The symptoms were very similar to the ddos attacks that I experienced on September 19th and 21st, except that the game hitched for a while, indicating that all players were losing connection, then the players disconnected and the game continued. I paused the game in order to wait for them to reconnect. Unfortunately, the ddos lasted for about 5 minutes, and my game was no longer listed in the lobby when I regained connection. Here are the circumstances at the time: in the 4v4 team game, there were back-and-forth attacks, but at the 35 minute mark, which is when the ddos attack hit, my side was likely losing the battle. One teammate had his economy shut down, rams were hitting the extremities of another teammate base, and I was busy defending a barracks and tower. Also, opponents had control of the metal deposits at the center of the map. My guess as to the motive of the attacker: he wanted the game to end sooner so he could get players in a different game. I advise that we not reward him for this behavior. Instead, players can refuse to join another game for 10 minutes when a player uses a ddos for this apparent purpose. Also, we're still waiting for information from one of the players who was present in a different game and had a potential motive for hitting me with the ddos that I experienced on September 21. When I asked for his observations about the situation, he said in the game lobby on September 22 at 14:46 UTC, "i noticed only strong games get ddosed". I asked him to post observations like that on the forum. Note that I have seen games that included only players of average skill level get ddosed. We're also still waiting for information from another player about a supposed ddos attack that he experienced recently. He mentioned it in the game lobby on October 10th at 02:24 UTC. Let's assign a pseudonym of "harry" to the accuser, and a pseudonym of "carl" to the accused. I'm not publicly naming names because I support the principle of "innocent until proven guilty". The statements were: [02:24] <harry> im waiting for ur second ddos carl [02:24] <harry> for this night ... [03:59] <harry> i got ddosed by carl today I would like to ask "harry" to please share how you know for sure that it was a ddos attack, and how you know with certainty the name of the person who did it. At 04:00 on that same day, "harry" agreed to post in this forum thread about it. Still waiting... Most ddos attacks aren't directly traceable to a definite individual without detective work since the source IP address is not the IP address of the person initiating the attack. So IF "harry" was actually hit by a ddos attack, and actually knows the name of the person who did it, then he must have done some detective work, so please share the detailed proof with trusted investigator admins. Otherwise, I am calling out the claim as not based on fact. Speaking of which, I have additional evidence which I can share with trusted investigator admins in order to demonstrate how I know that I was likely hit by a ddos each of the times that I have described.

Huffman3829, if you mass enough troops, especially champion and hero types, then you can surround the tower and capture it relatively quickly. In my opinion, the most likely root cause of the problems that newer players have with towers isn't the towers, it's their economy. Watch replays and read guides on how to have an efficient and highly productive economy in the game. Then you will be able to produce a large army, which can walk right past towers or else capture them quickly. Experiment with different strategies. Also, did you know that you can garrison up to 10 infantry units in a battering ram or siege tower, and this protects them from 99% of piercing damage, such as from tower-fired arrows? It's unrealistic, I know, but it can be useful when your opponent has garrisoned swordsmen ready to defend against your rams. Select a battering ram, right-click on the largest picture of the ram at the bottom of the screen, and you will see the statistics for how much armor it has against different types of damage. Garrisoned troops benefit from that armor. If the battering ram is attacked, you can ungarrison troops in it by selecting the ram and pressing "U" or the ungarrison button at the bottom of the screen. Then the troops can defend in the vicinity of the ram.

Okay, we played a couple of 4v4 team games with these rules on Friday. Things went smoothly, other than 2 warnings issued, and we were able to focus on the games. There were several suggestions, so I have updated the rules according to those suggestions. If anyone can translate the rules to other languages then it would be much appreciated. ChangeLog 2021-10-09 Thanks for the suggestion from PrincipalityOfZeon that some of these rules might be perceived as attempting to override the terms of Wildfiregames' agreements. Rules 8 and 9 were revised as a result. Thanks for the suggestion from KnightWhoSayNi and SPACECOMMANDER that languages other than English might be necessary under certain circumstances. Rule 3 was revised as a result. Thanks for the suggestion from Yekaterina that spectators must not disrupt gameplay with chat spam, but off-topic conversations may be allowed under certain circumstances. Rule 3 was revised as a result. Thanks for the suggestion from KnightWhoSayNi that there should be a limit to how long the game is kept paused if a person leaves the game without saying anything. Rule 5 was revised as a result. Thanks for the suggestion from AUTISTICUS that players should try to transfer resources if they must leave, and there should be a limit to how many times a person leaves on an emergency basis over the long term. Rule 6 was revised as a result. Rules 3 and 4 were revised for consistency of grammar, and in order to use simpler sentence structure. Most of the edits are in the full text of the agreement, not in the summary.

Spectators are required to speak English when they speak in global chat so that I can verify that they are following the other rules, especially rules preventing ghosting (telling people information about players that is cheating) and verbal abuse of other players. It's explained in the full text of the agreement. What I've posted here on the forum is only a summary. Yes, I know that. I am explaining what is expected of players before they play in a game that I'm hosting instead of afterward. It's the courteous thing to do, and it's required in order to establish an agreement like Terms of Use. Also, I prefer that people voluntarily support these rules instead of being forced into it through banning. Also, remember how disruptive players act when they're punished. They tend to act like it's an injustice to be punished, that the rules weren't stated, that they have a right to play in a game that someone hosts. They may try to convince the unbiased player base that they were unfairly banned. This list of rules is an effort to establish the ground rules ahead of time instead of allowing an appearance that rules are being made up arbitrarily in order to unfairly ban players.

There have been some problems with certain players being disruptive, so I have decided to implement rules for my hosted games in the lobby. In order to ensure that everyone has fun, here are the rules for games that I host. These rules apply to players and spectators. Additional players who have chosen to apply these rules to games that they host: Yekaterina. Summary of Norse_Harold's rules for hosted games 1. Get along with the other players. 2. Play the game fairly. 3. If you are a spectator, avoid disrupting the game. Also, request permission if you need to speak a language other than English in global in-game chat. 4. Do not blame other players for a setback or failure in the game. 5. Don't resign or leave early in order to grief your team. 6. If you must leave, send a global message in the game stating the reason. Don't leave too many times. 7. In team games you are expected to act like a teammate. 8. Be honest about your level of skill during team assignment. 9. Follow the Terms of Service, Terms of Use and Privacy Policy that Wildfiregames has established for lobby games. WFG terms take precedence over these terms. 10. By connecting to games that I host you agree to follow these rules. The binding text is listed here, starting at line 20. It has the full text of the agreement with explanations of why the rules are necessary. Thanks for reading and supporting an enjoyable experience for all players! Anyone who also wants to implement these rules for their hosted games, let me know and I'll inform people of that in the full text of the agreement. Alternatively, copy/paste the text to your own website and send people a direct link when you're organizing games.

How do we know that there is just one person conducting ddos attacks on 0ad players? And, how many ddos services are there? Can you show the steps to reaching these conclusions, please? What are the sources of the information?

Nice joke, weirdJokes. ;-) For anyone who is confused, 200 000 attacks would include attacks on a lot more systems than just 0AD and the 0AD playerbase. But yes, some of those attacks (.1% ?) likely targeted the 0AD playerbase. Therefore, some of the prison time helps seek justice for attacks on the 0AD playerbase. So yes, it seems appropriate to me, as well.

This is great news! So it is possible for justice to be served against ddosers. It is not moral, legal or cool to ask for or conduct ddosing. That said, I doubt that there is only one group conducting DDosS attacks. Even if there was only one group, which was punished, remember the quote, "Eternal vigilance is the price of freedom," by Thomas Jefferson and John Philpot Curran. Basically, don't let your guard down, stay vigilant.

I have experienced suspected ddos attacks twice in the past 3 days. I'll describe what happened. While hosting a team game of 0 A.D., all of a sudden, I saw an "Exit" button at the center of the screen and a message that I had lost connection to the server. I consider this odd because I was the host, but maybe the message was referring to the wildfiregames lobby. After a few minutes I clicked Exit, and the lobby was completely empty of players and games. I closed 0ad and tried to visit websites, but could not load any websites. I couldn't even ping the router or access the router's administration interface. The Internet activity light was blinking a lot. I powered off the router for several minutes, then powered it back on. It worked and I could surf the net again. Today the same thing happened. In both cases the problem occurred at a key event. In the first game, enemy players were on the ropes (losing with odds of 40/60 at best), and the suspected ddos occurred as soon as I had battering rams moving toward an enemy base. In the second game, I had been rushing an enemy player frequently in the early game, so he was likely angry at me. When they reached city phase, the two closest enemies attacked me and had just destroyed my base, but were being counter attacked by one of my teammates. Then the second suspected ddos occurred. These were basically the tipping points of the games. Ideas on how to prevent this in the future?