Jump to content

DDOS is back


chrstgtr
 Share

Recommended Posts

2 hours ago, sarcoma said:

maybe some bug like this

https://trac.wildfiregames.com/changeset/23918

has been happening all along and people are jumping to conclusions

People have been losing full network access for long periods of time. Both on their playing computer and other network devices. People have also tracked network activity and seen data consistent with DDOS. It also attack certain groups of people—specifically those that play in the higher level games. it is a bad actor(s)

Edited by chrstgtr
Link to comment
Share on other sites

@leitoso If it happens again u can make a copy of mainlog.html file before restarting 0ad (every time u open 0ad this files is reseted and u lose the info). Ofc, as an editable file, is not a deffinitive proof and it should be neccesary some screenshots to confirm the data. But is still a very good way to analyze data after the ddos/troll event occurs.
If u r under windows u can find mainlog.html in C:\Users\$YOUR_USER\AppData\Local\0ad\logs\

Replace $your_user with your user ofc xD

EDIT: here's a link with a list of usefull paths
https://trac.wildfiregames.com/wiki/GameDataPaths

Edited by guerringuerrin
  • Thanks 1
Link to comment
Share on other sites

2 hours ago, guerringuerrin said:

@leitoso If it happens again u can make a copy of mainlog.html file before restarting 0ad (every time u open 0ad this files is reseted and u lose the info). Ofc, as an editable file, is not a deffinitive proof and it should be neccesary some screenshots to confirm the data. But is still a very good way to analyze data after the ddos/troll event occurs.
If u r under windows u can find mainlog.html in C:\Users\$YOUR_USER\AppData\Local\0ad\logs\

Replace $your_user with your user ofc xD

thanks for the info, I will look it up, I am using mac right now, I also use linux

Link to comment
Share on other sites

  • 3 weeks later...
On 15/09/2021 at 5:12 AM, bb_ said:

Given the lobby changes to hide your IP from the lobby, we might be able to trisect which lobby user is malicious (and then act upon that). For the host who experiences a DDOS, please attach your mainlog.html to this thread (see https://trac.wildfiregames.com/wiki/GameDataPaths for where to find it). Make sure you to save the mainlog before you start 0ad again, since it will be overwritten. In that file all connection attempts are present, see the lines of the form

XmppClient: Recieved request for connection data from {username}

If one can change their IP address before the game, we have even more information (since the malicious user might store the IP to use later).

Hello.  I was DDOS'd while hosting a game this afternoon.  Is it helpful if I just attach the mainlog file right here?  Or should I send to a developer directly?  I opened it up and can see the received request stuff but I don't know how to interpret the all the information there.  I have saved a copy of it in a separate folder so it will not be overwritten.

  • Thanks 1
Link to comment
Share on other sites

37 minutes ago, Philip the Swaggerless said:

How do I do that?  Does using a VPN work?

Depends on your ISP.

For comcast (cable internet) you need to change WAN IP address and hardware reset the router.  This forces DHCP into a new IP address. 

TL;DR:  Basically, you cannot switch an IP address for a lot of cable internet providers.  However, you can switch a MAC address.  Because DHCP protocol assigns an IP address to a MAC address you can switch your IP by changing your MAC.

  • Thanks 2
Link to comment
Share on other sites

5 hours ago, Dizaka said:

For comcast (cable internet) you need to change WAN IP address and hardware reset the router.  This forces DHCP into a new IP address. 

I think that you meant to say "you need to change your WAN MAC address and hardware power cycle the router" here.

Edited by Norse_Harold
  • Haha 1
Link to comment
Share on other sites

11 hours ago, Norse_Harold said:

I think that you meant to say "you need to change your WAN MAC address and hardware power cycle the router" here.

Possibly.  However, I've hardware reset it every time as it works :P.  For me it's just a cable connection device and has no wifi settings, etc.  I'll see if power cycling works though, lol.

 

  

11 hours ago, smiley said:

Yes it does. Probably kills your ping though.

  

17 hours ago, Philip the Swaggerless said:

How do I do that?  Does using a VPN work?

VPN also will require port settings for data forwarding.  So without those settings you may be unable to join games or host games.

Edited by Dizaka
  • Like 1
Link to comment
Share on other sites

2 hours ago, Norse_Harold said:

If a person changes a setting on the router, such as the WAN MAC address, and then resets the settings to defaults, the new MAC address isn't being used...

Yea, in theory.  I have no idea if the data is cached or not.  In my case hardware reset has worked.  However, I agree that a restart/power cycle, as suggested by you, should be sufficient.  I'll actually test it out.

Took me a while to figure out how to change my IP.  I remember blowing up at the Comcast rep b/c he told me something about the mainframe not being configured to assign new ip addresses.  So I asked them:  Why are they talking about a mainframe?  We aren't in the 90's.  Did my Comcast plan change as I'm only paying for dynamic IP address and if so, why are they billing me extra for static IPs since I didn't purchase such a service?  Are they billing me without my knowledge?  They clearly didn't like me turning the conversation I did each time.  Also, can't believe how bad the support was and even being escalated achieved not much.  All outsourced technical support.  Horrible.

Edited by Dizaka
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...