Página na loja
Left 4 Dead 2
Tudo Discussões Capturas de tela Artes Transmissões Vídeos Oficina Notícias Guias Análises

Left 4 Dead 2

Página na loja
Ver estatísticas:
Conquistas globais
Left 4 Dead 2 > Discussões gerais > Detalhes do tópico
Este tópico foi trancado
AstroCat♥ 26/jan./2024 às 18:04
3
9
3
Clearing up misunderstandings about the DDOS attacks
(This post is edited when new information is available)

***FINAL EDIT: I’m leaving the rest of the post intact, but there was a response from Kerry/Valve that they’ve implemented server changes, explaining the lack of mass DDOS lately. Kudos to Kerry and Valve.


https://steamcommunity.com/app/550/discussions/0/4143942360096439305/?ctp=17#c4209245440571429350
***

I see that everyone is very confused so I wanted to make a thread clearing some basic things up, especially since some people are reporting playing games on Official servers without experiencing a DDOS (long story short: those people are just getting lucky, see near the bottom of this post).

There are two SEPARATE issues occurring which is causing the confusion.

1) There were Jimmy's "ban list" attacks, where, once you are put on his list, his script matches your Steam name to the server list and then DDOS's that server. This only happens if you're put on Jimmy's list (or if someone in your server is on Jimmy's list). I'm going to call these attacks "list attacks." These attacks are on a personal level and only affect a server if someone on the list is in that server. Most of you reading this were probably not on Jimmy's list (you would know if you were, most likely). So you're actually concerned about the next thing.

2) There are the blanket Official Dedicated Server DDOS's, which affect all official dedicated servers across the game. I'm going to call these attacks "mass attacks." To be clear, this does not refer to random DDOS's caused by random trolls against single servers. It's a coordinated attack against all Official Dedicated servers that happens near-simultaneously.

It's important to recognize these are separate things. LIST ATTACKS are caused by Jimmy's software and target individuals that he puts on his list. MASS ATTACKS are generalized Official Dedicated server attacks that target all official servers regardless of who's in them.

The LIST attacks might be resolved because Jimmy's website is now down according to people in the forums. If you were on his list, he is supposedly no longer doing this thanks to Valve's likely C&D. (This is the evidence that Jimmy's attacks might be done: https://i.imgur.com/sPghdq4.png)

The MASS attacks are ongoing, so regardless of whether you were on Jimmy's list or not, you will still be experiencing DDOS events in official servers. According to people that have visited Jimmy's site, Jimmy claimed not to be responsible for the mass attacks. So they may very well be caused by different bad actor(s).

As far as we know, Valve has only gone after Jimmy and thus stopped or attempted to stop the list attacks. We do not know whether Valve is working on the mass attacks, though their official post asks us for patience vaguely.

Here is information about the nature of the exploit the DDOS attacks are using:
https://github.com/ValveSoftware/Source-1-Games/issues/5141

Basically, they are very low bandwidth attacks, making it cheap for the attackers to perform: they can do this indefinitely until/unless Valve does anything about it.

Here is further information about the mass attacks and the evidence that the mass attacks are separate from any player name list attack like Jimmy’s:
https://github.com/Tsuey/L4D2-Community-Update/issues/485

The folks at GitHub in the link just above did an experiment where they used a docker to set up a couple of bait servers. For instance, one of them named "Valve Left4Dead 2 EU West Server (srcds401-fra2.271.729)", which is an exact match for a real official server. Another server looks very close to the human eye but has errors, "Valbe Left4Dead 3 SU South Server (srgds400-afro2.271.729)."

The first one with the exact match to a real official server got attacked frequently, the one with the slight name differences never got attacked.

This rules out two things:
1) It rules out that the attacks detected were based on who's in the server because it was a bait server (nobody was in it), which rules out Jimmy-style list attacks

2) It rules out that a human is manually targeting servers because for someone just going down a list to nuke servers, it'd be weird that they'd say "aha this one doesn't look right" for very minor spelling differences.

So we can conclude someone has set up an attack before this bait server was made that just occasionally DDOS's the official servers wholesale. The attacks are sporadic, so there will be some people that will say "I haven't been DDOSed and I played some games on Official servers." That leads to a belief all of the attacks are still on a personal level rather than a mass level, but I suspect those people are just getting lucky and playing between attacks.

The comments are notable for stating, "any ETA on an engine/game code fix should not be expected." It seems they do not expect Valve to give us an ETA on this (but we will see).

——————————

In the meantime, if you want to play online and the official servers are unplayable, see this guide about hosting and playing games with 3rd party servers. It does require some setup to make it easy:

https://steamcommunity.com/app/550/discussions/0/4143942846475463633/
Última edição por AstroCat♥; 2/fev./2024 às 11:29
< >
Exibindo comentários 6175 de 169
FROYO Rando Blueberry King Jesus 28/jan./2024 às 23:13 
Escrito originalmente por Vedris:
So basically, some guy named "Jimmy" was DDOSing servers targetting specific people, and because of that, several others got the idea and blanketed their mass DDOS attacks on ALL major servers under them so they can take the blame?
Who even is "Jimmy"? What's the story behind any of this, and how do you know?
Also, why do you, or anyone here expect Valve to respond to or fix any of the issues? TF2 has been having minor DDOS attacks and bot hackers since August 2017, and practically nothing has been done to mitigate the issue (along with several other problems that have killed the community in most ends).
How can such a major DDOS attack occur for nearly a week on ALL servers and even community servers for this game? It seems less like a DDOS and more like the servers are just super unstable.
Because the lag bots were actually countered
#61
AstroCat♥ 29/jan./2024 às 5:51 
Escrito originalmente por GS:Juicy1s:
I didn't notice any issues at all(people been saying this blanket attack has been going on for a few days?) It only started for me after I got added to JNJ list after a random encounter on a server with him last night, unplayable since that moment and still is.

Even saying in game chat he was going to attack all of l4d2

What profile was Jimmy using if you encountered him last night?

And you say he is still using his list? He seemed to be scared of legal recourse on the message on his site: are you sure it was him?

And lastly, the mass DDOS attacks do have gaps where people are luckily able to play, but they always start up again. You might have been lucky or play during a time the attacks don’t happen or something.
#62
AstroCat♥ 29/jan./2024 às 5:54 
Escrito originalmente por Vedris:
So basically, some guy named "Jimmy" was DDOSing servers targetting specific people, and because of that, several others got the idea and blanketed their mass DDOS attacks on ALL major servers under them so they can take the blame?
Who even is "Jimmy"? What's the story behind any of this, and how do you know?
Also, why do you, or anyone here expect Valve to respond to or fix any of the issues? TF2 has been having minor DDOS attacks and bot hackers since August 2017, and practically nothing has been done to mitigate the issue (along with several other problems that have killed the community in most ends).
How can such a major DDOS attack occur for nearly a week on ALL servers and even community servers for this game? It seems less like a DDOS and more like the servers are just super unstable.

Jimmy’s been known in the community for years. He’s a troll that will join games, spamming racist stuff, obviously hacking (like speedhacking kind of obvious) and just generally trying to ruin the game.

We know he was behind the ban list attacks because he said he was going to do it, started a site, and then did it. People usually knew they were on his list because he’d flat out tell them (and then they’d start getting DDOS’d).

And I don’t know what to expect from Valve. I know their track record is bad. At this point I’m assuming official servers are no longer viable indefinitely but will try to get more information out of Valve when some time has passed.
#63
[{******---Dead4Life---******}] 29/jan./2024 às 8:13 
He/ they still ddosing official dedicated servers, someone get rid of him once and for all. LOL
#64
Vedris 29/jan./2024 às 8:33 
Escrito originalmente por AstroCat♥:

Jimmy’s been known in the community for years. He’s a troll that will join games, spamming racist stuff, obviously hacking (like speedhacking kind of obvious) and just generally trying to ruin the game.

We know he was behind the ban list attacks because he said he was going to do it, started a site, and then did it. People usually knew they were on his list because he’d flat out tell them (and then they’d start getting DDOS’d).

And I don’t know what to expect from Valve. I know their track record is bad. At this point I’m assuming official servers are no longer viable indefinitely but will try to get more information out of Valve when some time has passed.
Well, outside of a few Reddit posts, there hasn't been anything said about them until this thread and the DDOS appeared. I'm still new to the game, but compare that to hackers in TF2 who are well known in ALL communities, I feel like it would be a different case here.
If this is a DDOS then someone must have a lot of time and money on their hands and must be using a loophole because even on P2P, I still have lag spikes.
#65
AstroCat♥ 29/jan./2024 às 8:38 
Escrito originalmente por Vedris:
Escrito originalmente por AstroCat♥:

Jimmy’s been known in the community for years. He’s a troll that will join games, spamming racist stuff, obviously hacking (like speedhacking kind of obvious) and just generally trying to ruin the game.

We know he was behind the ban list attacks because he said he was going to do it, started a site, and then did it. People usually knew they were on his list because he’d flat out tell them (and then they’d start getting DDOS’d).

And I don’t know what to expect from Valve. I know their track record is bad. At this point I’m assuming official servers are no longer viable indefinitely but will try to get more information out of Valve when some time has passed.
Well, outside of a few Reddit posts, there hasn't been anything said about them until this thread and the DDOS appeared. I'm still new to the game, but compare that to hackers in TF2 who are well known in ALL communities, I feel like it would be a different case here.
If this is a DDOS then someone must have a lot of time and money on their hands and must be using a loophole because even on P2P, I still have lag spikes.

There’s a known exploit that allows DDOSers to flood servers with very small bandwidth packets — so that’s the problem is that it doesn’t cost them money really, so they can do it indefinitely until Valve closes the exploit.

I’ve tried submitting a ticket to Valve twice to see if they would acknowledge the problem or say if anything was being done about the exploit.

Both times I got a copy/pasted “how to troubleshoot your local network” even though I made abundantly clear the problem isn’t my local network.

Valve’s customer service department doesn’t know and doesn’t care. That being said their customer service department is not the L4D2 team. I’m trying to have patience.
Última edição por AstroCat♥; 29/jan./2024 às 8:46
#66
GS:Juicy1s 29/jan./2024 às 9:13 
Escrito originalmente por AstroCat♥:

What profile was Jimmy using if you encountered him last night?

And you say he is still using his list? He seemed to be scared of legal recourse on the message on his site: are you sure it was him?

And lastly, the mass DDOS attacks do have gaps where people are luckily able to play, but they always start up again. You might have been lucky or play during a time the attacks don’t happen or something.

Not sure what profile, i just saw his name and hacks/trash talk, i just ignored the troll, eventually he attacked the server i was on, then i just quit and slept for the night.

I don't really check peoples profiles or report anything. I learned quickly it's pointless and gave up on Valve doing anything like 16 years ago.
Última edição por GS:Juicy1s; 29/jan./2024 às 9:14
#67
AstroCat♥ 29/jan./2024 às 9:30 
Escrito originalmente por GS:Juicy1s:
Escrito originalmente por AstroCat♥:

What profile was Jimmy using if you encountered him last night?

And you say he is still using his list? He seemed to be scared of legal recourse on the message on his site: are you sure it was him?

And lastly, the mass DDOS attacks do have gaps where people are luckily able to play, but they always start up again. You might have been lucky or play during a time the attacks don’t happen or something.

Not sure what profile, i just saw his name and hacks/trash talk, i just ignored the troll, eventually he attacked the server i was on, then i just quit and slept for the night.

I don't really check peoples profiles or report anything. I learned quickly it's pointless and gave up on Valve doing anything like 16 years ago.

Gotcha. So this could have just been an individual DDOSing a single server; not whomever is DDOSing all of the official ones.
#68
GS:Juicy1s 29/jan./2024 às 9:43 
Escrito originalmente por AstroCat♥:
Escrito originalmente por GS:Juicy1s:

Not sure what profile, i just saw his name and hacks/trash talk, i just ignored the troll, eventually he attacked the server i was on, then i just quit and slept for the night.

I don't really check peoples profiles or report anything. I learned quickly it's pointless and gave up on Valve doing anything like 16 years ago.

Gotcha. So this could have just been an individual DDOSing a single server; not whomever is DDOSing all of the official ones.

Possible, but i would watch ping of servers before i join for a few minutes for attacks, it would be consistently 40-80ms, i join, within a minute or two everyone's ping jumps to 1500+ms, so i wouldn't say it was just that server, because it's been happening in other servers i join. Pretty sure it's/was him at that time. If he stopped great. but he obviously is part of the group of people that do things like this, so his list was probably shared with his like minded buddies or maybe copycat not connected to him has his said "list" and is/was continuing his work.

Haven't launched l4d2 yet, today, to see if it's still happening.
Última edição por GS:Juicy1s; 29/jan./2024 às 9:47
#69
AstroCat♥ 29/jan./2024 às 9:56 
Escrito originalmente por GS:Juicy1s:
Escrito originalmente por AstroCat♥:

Gotcha. So this could have just been an individual DDOSing a single server; not whomever is DDOSing all of the official ones.

Possible, but i would watch ping of servers before i join for a few minutes for attacks, it would be consistently 40-80ms, i join, within a minute or two everyone's ping jumps to 1500+ms, so i wouldn't say it was just that server, because it's been happening in other servers i join. Pretty sure it's/was him at that time. If he stopped great. but he obviously is part of the group of people that do things like this, so his list was probably shared with his like minded buddies or maybe copycat not connected to him has his said "list" and is/was continuing his work.

Haven't launched l4d2 yet, today, to see if it's still happening.

Ah ok. That sucks if there’s still a list. I had read that you slept after the attack and interpreted that to mean we were just talking about one instance. Makes more sense now. :(
#70
bluefalcon74.ttv 29/jan./2024 às 12:26 
Escrito originalmente por Vedris:
why do you, or anyone here expect Valve to respond to or fix any of the issues?

If you think L4D has gotten even the merest whiff of attention as compared to literally any other mp Valve game you're high. To be clear, we've gotten zero relief from this DDOS problem and you guys are STILL complaining that L4D has it so good. Perhaps if you took these TF or CS complaints to their respective forums you might make some headway?
Última edição por bluefalcon74.ttv; 29/jan./2024 às 12:26
#71
MADDPIRATE75 29/jan./2024 às 12:32 
Escrito originalmente por AstroCat♥:
Escrito originalmente por MADDPIRATE75:
let me get this straight, so you can on local as long as you have VPN activated or you can play single player campaign to not get affected by the attacks?

You can play single player without needing a VPN and not get attacked, it doesn’t use official servers since it plays on your PC alone.

And to be clear, when the servers get attacked, nothing bad happens to you (it’s not like being hacked), it just makes the game unplayable during that session. It’s safe to *try* playing online. With the caveat that if you “host local server” it does broadcast your personal IP to other players in the same match. (But the attacks aren’t coming from people playing in matches. That only matters if you happen to have a bad person in that particular game).

You can play online using Best Available Dedicated Servers (3rd party servers), just have to find some that aren’t modded unless you want the mods).

oh alr, thank you
#72
MADDPIRATE75 29/jan./2024 às 12:37 
Escrito originalmente por AstroCat♥:
Escrito originalmente por GS:Juicy1s:

Possible, but i would watch ping of servers before i join for a few minutes for attacks, it would be consistently 40-80ms, i join, within a minute or two everyone's ping jumps to 1500+ms, so i wouldn't say it was just that server, because it's been happening in other servers i join. Pretty sure it's/was him at that time. If he stopped great. but he obviously is part of the group of people that do things like this, so his list was probably shared with his like minded buddies or maybe copycat not connected to him has his said "list" and is/was continuing his work.

Haven't launched l4d2 yet, today, to see if it's still happening.

Ah ok. That sucks if there’s still a list. I had read that you slept after the attack and interpreted that to mean we were just talking about one instance. Makes more sense now. :(
so if the LTS update was created by the community for valve to implant into the game, do you think the community will create a update that will reduce ddos attacks?
#73
AstroCat♥ 29/jan./2024 às 12:47 
Escrito originalmente por MADDPIRATE75:
so if the LTS update was created by the community for valve to implant into the game, do you think the community will create a update that will reduce ddos attacks?

I’m not sure how to answer this as I don’t want to guess or cause any misinformation by guessing.

Here is a link to where the exploit is already pointed out to Valve though; and if you’ll note, they do use Github (and HackerOne) when patching (just read the notes from the most recent patch, it says they closed exploits pointed out on Github and HackerOne).

https://github.com/ValveSoftware/Source-1-Games/issues/5141

Read the comments here also:
https://github.com/Tsuey/L4D2-Community-Update/issues/485

Significant quote: “ We'll push for it to be fixed, but DoS are out-of-scope for HackerOne and it'd be unprecedented and highly unlikely for Valve to accept iptables etc. as a solution, and any ETA on an engine/game code fix should not be expected.”
Última edição por AstroCat♥; 29/jan./2024 às 12:55
#74
bluefalcon74.ttv 29/jan./2024 às 13:05 
I think this is a case of Valve has already done everything they can (or are willing to) do. Customer support is issuing stock responses like "plug in your ethernet cable" as possible solutions to the attacks. Other than that I think their plan is to just wait it out.
#75
< >
Exibindo comentários 6175 de 169
Por página: 1530 50

Left 4 Dead 2 > Discussões gerais > Detalhes do tópico
Publicado em: 26/jan./2024 às 18:04
Mensagens: 169

Regras e diretrizes para discussões