Jump to content

DDOS is back

chrstgtr

By chrstgtr,
in General Discussion

 Share

Recommended Posts

Norse_Harold Primus Pilus

Norse_Harold

Posted
Posted
8 minutes ago, bad player said:

We need a DDOS detective for this!

I'm so glad you posted here! Yes, we need a DDOS detective. Every player can be a DDOS detective. Do you want to help?

@bad player, you seem to know something about DDOS technique. And, somehow you know that there is only one person doing the DDOSing. How do you know this?

There are other ways to help. One example is to ask all of your friends to ask all of their friends to stop asking DDOSers to launch attacks.

Link to comment
Share on other sites
  • Replies 87
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

chrstgtr
chrstgtr

I haven't seen it posted on the forums, and I thought the devs should know. 

Dizaka
Dizaka

@chrstgtr@BreakfastBurrito_007@Player of 0AD@Gurken Khan@sarcoma@Ceres@bb_@Yekaterina   Guys, 0ad already has a DDOS countermeasure and it works well.  Use password-protected games.  DO

aixo
aixo

I agree with everything what Dizaka wrote, very well summarized, and as Dizaka described we spent significant time on some effort to track the username which was harvesting IPs at that time, Dizaka de

Posted Images

Dizaka Centurio

Dizaka

Posted
Posted (edited)

@guerringuerrin see link below.  Script is inside one of the dloads.  It's a really basic one that can be improved substantially (e.g., can be double clicked through a shortcut and will automatically create (1) copy of mainlog with current date, time in filename and (2) a separate file that includes data of current script.  Not a programmer so what I did is rudimentary that got the job done.

https://drive.google.com/drive/folders/1swv1FsHzsW3xMnUuloiz6gDnbI9V-zOa?usp=sharing

BTW, excessive data received on the 0ad port it looks like.  I'd guess ddos/dos attack.

47 minutes ago, bad player said:

We need a DDOS detective for this!

When you find the troll house ping me.

Edited by Dizaka
  • Like 2
Link to comment
Share on other sites
bad player Discens

bad player

Posted
Posted
11 minutes ago, Dizaka said:

@guerringuerrin see link below.  Script is inside one of the dloads.  It's a really basic one that can be improved substantially (e.g., can be double clicked through a shortcut and will automatically create (1) copy of mainlog with current date, time in filename and (2) a separate file that includes data of current script.  Not a programmer so what I did is rudimentary that got the job done.

https://drive.google.com/drive/folders/1swv1FsHzsW3xMnUuloiz6gDnbI9V-zOa?usp=sharing

BTW, excessive data received on the 0ad port it looks like.  I'd guess ddos/dos attack.

When you find the troll house ping me.

you know that you will never find the culprit even if you spend years looking at and deciphering these logs?

DDOS attacks come from virused devices, not from attacker's machine

Link to comment
Share on other sites
Dizaka Centurio

Dizaka

Posted
Posted
22 minutes ago, bad player said:

you know that you will never find the culprit even if you spend years looking at and deciphering these logs?

DDOS attacks come from virused devices, not from attacker's machine

I mean most people here know that.  They're not looking to find the player based on the wireshark logs, etc. 

Clearly you're missing a D in the DDOS or something?  I would hope your reading comprehension is strong enough to understand that?

  • Like 1
  • Confused 1
Link to comment
Share on other sites
sarcoma Duplicarius

sarcoma

Posted
Posted (edited)
On 11/10/2021 at 1:11 PM, Norse_Harold said:

Let's assign a pseudonym of "harry" to the accuser, and a pseudonym of "carl" to the accused.

Why don't you assign hamdich to the "accuser" and carid to the "accused", "detective".

Edited by sarcoma
air quotes
Link to comment
Share on other sites
Norse_Harold Primus Pilus

Norse_Harold

Posted
Posted
7 hours ago, bad player said:

you know that you will never find the culprit even if you spend years looking at and deciphering these logs?

DDOS attacks come from virused devices, not from attacker's machine

We know this. We don't claim to be able to find direct attackers this way, but accomplices can be found this way. Accomplices are the ones who are collecting IP addresses of potential targets.

Please explain how you know that there is only one "attacker". Do you know his name? Do you have the ability to communicate with him? Can you ask him for ideas on protecting against ddos attacks? Can you ask him to stop doing the attacks?

Link to comment
Share on other sites
Stan` Consul

Stan`

Posted
Posted
48 minutes ago, Ceres said:

Why do you not send your IP address to trusted friends/ forum users and connect directly?

I never play online because of all these unpleasantries, so please don't ask me. ;)

Because for most people it's too complicated :) Also you can't use Stun without the lobby IIRC.

Link to comment
Share on other sites
bad player Discens

bad player

Posted
Posted (edited)
9 hours ago, Norse_Harold said:

We know this. We don't claim to be able to find direct attackers this way, but accomplices can be found this way. Accomplices are the ones who are collecting IP addresses of potential targets.

Please explain how you know that there is only one "attacker". Do you know his name? Do you have the ability to communicate with him? Can you ask him for ideas on protecting against ddos attacks? Can you ask him to stop doing the attacks?

Why do you keep asking why I think theres just one attacker when its obvious? Maybe you're the one attacking and you like the attention secretly, lol :D

0AD has very small playerbase that fact alone makes it unlikely that theres more attackers. At most it can be one small group of related people.

Why other player-hosted games dont have these DDOS issues, eg Rust or Dont Starve Together? Is 0ad obfuscating/hiding the IP addresses correctly or is it displaying them welcomely for anyone curious? I know theres a way to get IP regardless but not displaying it would be a start.

Edited by bad player
Link to comment
Share on other sites
Stan` Consul

Stan`

Posted
Posted
2 hours ago, bad player said:

Why other player-hosted games dont have these DDOS issues, eg Rust or Dont Starve Together? Is 0ad obfuscating/hiding the IP addresses correctly or is it displaying them welcomely for anyone curious? I know theres a way to get IP regardless but not displaying it would be a start

Pretty sure they have servers and are not relying on P2P. We're only giving ips when you start a match.

Link to comment
Share on other sites
guerringuerrin Duplicarius

guerringuerrin

Posted
Posted
10 hours ago, Ceres said:

Why do you not send your IP address to trusted friends/ forum users and connect directly?

I never play online because of all these unpleasantries, so please don't ask me. ;)

If u want to grow up the community u want some easy system for creating games. It could be a lobby like, auto matchmaking-like. But i think there's no way to keep growing community if the only way to play in peace is with a LAN-like system like that. Ofc, its still a solution in the meantime.

@Dizaka TY, man. I appreciate. i'll check it out.

Agree with @go2die, some private message would be helpfull to start massivly games with password. Ofc some "friends" entering your game, can share that password with someone else with bad intentions, join the game, gather your IP and do a ddos. So its still a very restricted mechanisms. In any case, private message in lobby would be a great implementation.

@sarcoma I think its because there's no any solid proof so its better to keep some discretion even if someone could recognize the conversation and identify the pseudonimous. If we don't behave like this anyone could acuse someone, like hamdich did, undermine someone's reputation, without giving any proof.

Ppl in general, I understand the frustration but i think its better to ignore this "bad player" unless he wants to share some possible solution for this with good intentions without irony. It's pretty obvious that a recently created account with so few posts and the way he talks is involved in this ddos crap or at least he is enjoying it for some reason. so we don't get anything. We're just filling up his ego.

BUT, its true. we need at least IP's to be hidding. There's information that can be gathered very easy for many ppl and they don't have to be a dev pro to do it.

  • Like 1
  • Thanks 1
Link to comment
Share on other sites
Norse_Harold Primus Pilus

Norse_Harold

Posted
Posted (edited)
21 hours ago, Dizaka said:

Script is inside one of the dloads. 

Thanks a lot for posting this Dizaka. You rule! You're right that it's very simple. Are you distributing it under a free software license? Perhaps public domain, or GPLv2?

For anyone who hasn't found the script yet, here are some instructions. First, download the most recent file at the link that Dizaka provided. The file is named "2021.03.21 (H 73.29.147.140) DDOSER HERE.zip" Within that archive you will find "0adextract.py". In order to use it you will need to have a Python interpreter installed. Most Linux computers have Python3 installed already or else available as a distro-supported package. If you're on Windows or Mac then you can download Python and install it.

Then place "0adextract.py" in your 0 A.D. logs folder. This page explains where to find the logs folder. After each game of 0 A.D. that you host, shut down 0 A.D., double-click 0adextract.py, and then rename "mainlog_ips.txt" to "mainlog_ips_[date_and_time].txt".

"[date_and_time]" means the date and time in international format. Examples:

October 13, 2021 at 6:24 pm (18:24) UTC would be written as 2021-10-13_1824+0000

February 29, 2024 at 4:20 am (04:20) CEST would be written as 2024-02-29_0420+0200

Dizaka, if you apply a free software license to your script then guerringuerrin and I can make improvements, for example automatic renaming of the output file with the current date and time.

Edited by Norse_Harold
  • Like 3
Link to comment
Share on other sites
chrstgtr Primus Pilus

chrstgtr

Posted
  • Author
Posted (edited)

Just got done playing a game. Muted2021 (999) joined and then my connectivity immediately became bad. I lost connection like 7 times in a row where I also lost internet on the computer. He frequently spoke to me like he knew me (I have zero replays with him). He also spoke frequently to Aslan. Just general troll behavior. He then spoke in lobby like a troll responsible for attack. Before game could end it was all Ddosed (Aslan host). 
 

when I accused him of being the DDOSer he said he wasn’t using anything 3rd party software and then talked about my ISP

 

he also trolled weird jokes in a different game and then joined reza’s host

Edited by chrstgtr
Link to comment
Share on other sites
alre Primus Pilus

alre

Posted
Posted
2 hours ago, chrstgtr said:

Just got done playing a game. Muted2021 (999) joined and then my connectivity immediately became bad. I lost connection like 7 times in a row where I also lost internet on the computer. He frequently spoke to me like he knew me (I have zero replays with him). He also spoke frequently to Aslan. Just general troll behavior. He then spoke in lobby like a troll responsible for attack. Before game could end it was all Ddosed (Aslan host). 
 

when I accused him of being the DDOSer he said he wasn’t using anything 3rd party software and then talked about my ISP

 

he also trolled weird jokes in a different game and then joined reza’s host

Isn't he the christian troll? 

Link to comment
Share on other sites
chrstgtr Primus Pilus

chrstgtr

Posted
  • Author
Posted (edited)
4 hours ago, alre said:

Isn't he the christian troll? 

That is Pesem. He comes around with a variation of names every few years. He didn’t say anything like that or his usually complaints about how the game is getting worse and worse. I doubt it is him 

Edited by chrstgtr
Link to comment
Share on other sites
leitoso Discens

leitoso

Posted
Posted
On 19/10/2021 at 6:52 PM, chrstgtr said:

Just got done playing a game. Muted2021 (999) joined and then my connectivity immediately became bad. I lost connection like 7 times in a row where I also lost internet on the computer. He frequently spoke to me like he knew me (I have zero replays with him). He also spoke frequently to Aslan. Just general troll behavior. He then spoke in lobby like a troll responsible for attack. Before game could end it was all Ddosed (Aslan host). 
 

I see what you are saying, I happen to spec some games with Muted2021 and his account variations (Muted2020, Muted...).

He seems to be sending huge messages to all the players, thats cause players to drop and himself in the process.

I unmask him to the players in game and he stopped, seems like he did not want any trouble, but you said he continued doing it, so, idk...

This is not the same as the DDOS guy, but still worth looking at.

I forgot to record him and my suggestion is to limit message size, if that is possible.

Link to comment
Share on other sites
Stan` Consul

Stan`

Posted
Posted
3 hours ago, leitoso said:

I see what you are saying, I happen to spec some games with Muted2021 and his account variations (Muted2020, Muted...).

He seems to be sending huge messages to all the players, thats cause players to drop and himself in the process.

I unmask him to the players in game and he stopped, seems like he did not want any trouble, but you said he continued doing it, so, idk...

This is not the same as the DDOS guy, but still worth looking at.

I forgot to record him and my suggestion is to limit message size, if that is possible.

I was never able to reproduce his hack. But he is using something to spam the chat. If he uses that to kill games he should be banned from the lobby @user1

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...