Jump to content

DDOS is back


chrstgtr
 Share

Recommended Posts

3 hours ago, leitoso said:

I see what you are saying, I happen to spec some games with Muted2021 and his account variations (Muted2020, Muted...).

He seems to be sending huge messages to all the players, thats cause players to drop and himself in the process.

I unmask him to the players in game and he stopped, seems like he did not want any trouble, but you said he continued doing it, so, idk...

This is not the same as the DDOS guy, but still worth looking at.

I forgot to record him and my suggestion is to limit message size, if that is possible.

I was never able to reproduce his hack. But he is using something to spam the chat. If he uses that to kill games he should be banned from the lobby @user1

Link to comment
Share on other sites

2 hours ago, sarcoma said:

maybe some bug like this

https://trac.wildfiregames.com/changeset/23918

has been happening all along and people are jumping to conclusions

People have been losing full network access for long periods of time. Both on their playing computer and other network devices. People have also tracked network activity and seen data consistent with DDOS. It also attack certain groups of people—specifically those that play in the higher level games. it is a bad actor(s)

Edited by chrstgtr
Link to comment
Share on other sites

@leitoso If it happens again u can make a copy of mainlog.html file before restarting 0ad (every time u open 0ad this files is reseted and u lose the info). Ofc, as an editable file, is not a deffinitive proof and it should be neccesary some screenshots to confirm the data. But is still a very good way to analyze data after the ddos/troll event occurs.
If u r under windows u can find mainlog.html in C:\Users\$YOUR_USER\AppData\Local\0ad\logs\

Replace $your_user with your user ofc xD

EDIT: here's a link with a list of usefull paths
https://trac.wildfiregames.com/wiki/GameDataPaths

Edited by guerringuerrin
  • Thanks 1
Link to comment
Share on other sites

2 hours ago, guerringuerrin said:

@leitoso If it happens again u can make a copy of mainlog.html file before restarting 0ad (every time u open 0ad this files is reseted and u lose the info). Ofc, as an editable file, is not a deffinitive proof and it should be neccesary some screenshots to confirm the data. But is still a very good way to analyze data after the ddos/troll event occurs.
If u r under windows u can find mainlog.html in C:\Users\$YOUR_USER\AppData\Local\0ad\logs\

Replace $your_user with your user ofc xD

thanks for the info, I will look it up, I am using mac right now, I also use linux

Link to comment
Share on other sites

  • 3 weeks later...
On 15/09/2021 at 5:12 AM, bb_ said:

Given the lobby changes to hide your IP from the lobby, we might be able to trisect which lobby user is malicious (and then act upon that). For the host who experiences a DDOS, please attach your mainlog.html to this thread (see https://trac.wildfiregames.com/wiki/GameDataPaths for where to find it). Make sure you to save the mainlog before you start 0ad again, since it will be overwritten. In that file all connection attempts are present, see the lines of the form

XmppClient: Recieved request for connection data from {username}

If one can change their IP address before the game, we have even more information (since the malicious user might store the IP to use later).

Hello.  I was DDOS'd while hosting a game this afternoon.  Is it helpful if I just attach the mainlog file right here?  Or should I send to a developer directly?  I opened it up and can see the received request stuff but I don't know how to interpret the all the information there.  I have saved a copy of it in a separate folder so it will not be overwritten.

  • Thanks 1
Link to comment
Share on other sites

37 minutes ago, Philip the Swaggerless said:

How do I do that?  Does using a VPN work?

Depends on your ISP.

For comcast (cable internet) you need to change WAN IP address and hardware reset the router.  This forces DHCP into a new IP address. 

TL;DR:  Basically, you cannot switch an IP address for a lot of cable internet providers.  However, you can switch a MAC address.  Because DHCP protocol assigns an IP address to a MAC address you can switch your IP by changing your MAC.

  • Thanks 2
Link to comment
Share on other sites

5 hours ago, Dizaka said:

For comcast (cable internet) you need to change WAN IP address and hardware reset the router.  This forces DHCP into a new IP address. 

I think that you meant to say "you need to change your WAN MAC address and hardware power cycle the router" here.

Edited by Norse_Harold
  • Haha 1
Link to comment
Share on other sites

11 hours ago, Norse_Harold said:

I think that you meant to say "you need to change your WAN MAC address and hardware power cycle the router" here.

Possibly.  However, I've hardware reset it every time as it works :P.  For me it's just a cable connection device and has no wifi settings, etc.  I'll see if power cycling works though, lol.

 

  

11 hours ago, smiley said:

Yes it does. Probably kills your ping though.

  

17 hours ago, Philip the Swaggerless said:

How do I do that?  Does using a VPN work?

VPN also will require port settings for data forwarding.  So without those settings you may be unable to join games or host games.

Edited by Dizaka
  • Like 1
Link to comment
Share on other sites

2 hours ago, Norse_Harold said:

If a person changes a setting on the router, such as the WAN MAC address, and then resets the settings to defaults, the new MAC address isn't being used...

Yea, in theory.  I have no idea if the data is cached or not.  In my case hardware reset has worked.  However, I agree that a restart/power cycle, as suggested by you, should be sufficient.  I'll actually test it out.

Took me a while to figure out how to change my IP.  I remember blowing up at the Comcast rep b/c he told me something about the mainframe not being configured to assign new ip addresses.  So I asked them:  Why are they talking about a mainframe?  We aren't in the 90's.  Did my Comcast plan change as I'm only paying for dynamic IP address and if so, why are they billing me extra for static IPs since I didn't purchase such a service?  Are they billing me without my knowledge?  They clearly didn't like me turning the conversation I did each time.  Also, can't believe how bad the support was and even being escalated achieved not much.  All outsourced technical support.  Horrible.

Edited by Dizaka
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...