Warning to all SWBF1 server crashers

Started by Phobos, February 12, 2017, 11:00:23 AM

Previous topic - Next topic
The [FC] servers have been crashed several times recently, as a result more IPs have been banned. I have recorded all the evidence and packet captures of who it was and when it happened to share with other SWBFSpy server admins. We find it quite disrespectful that there are still crashers going around causing problems. It's happened too many times recently to call a "coincidence". The batch and other server files are confirmed to be stable and haven't crashed for several months. These are acts of direct hostility towards our server, and we have proof of UDP spam and other forms of attacks being used.

I won't post the IP addresses which have been banned here, but I will list this information:
- January 20th the TWD server was crashed by a player from Austria who is now banned
- January 31st the [FC]Battlefront server was crashed by a player from Denver Colorado who is now banned
- February 11th there was a vigorous attempt to crash the TWD server (although it wasn't successful) by a player from Germany who is now banned
- February 11th the [FC]Battlefront server was crashed by a player from Virginia who is now banned
- February 12th (shortly after midnight) the SWBF1Spy PS2 server was crashed by a player from Alabama who is now banned

The [FC] servers are continually being attacked, and I will continue to issue out permanent bans every time it occurs. Consider this a warning to anyone who thinks they can crash our servers and get away with it: You will get caught, and you will get permanently banned, so don't ruin the fun for everyone and lose the privilege of playing in our servers.

If anyone would like the IP subnets of these troublemakers to ban from their own servers as well, contact me or Anyder for the info. I'll update this thread if any more attacks happen again in the future. Thanks to everyone who is kind enough NOT to crash our servers -- but unfortunately a small fraction of these players could get accidentally banned, due to having similar IP addresses as the server crashers who have had their subnets banned.

[spoiler][/spoiler]

Please, those involved in this issue, cease the hostility. Otherwise we will take further action.
Anyder | Talent, Ops & Culture | SWBF & Player Engagement
Email: communityambassador@swbfgamers.com
SWBFSpy Discord: http://discord.swbfspy.com
SWBFSpy Info: http://info.swbfspy.com

Are we sure they are attacks, as these crashes happened on Tuesdays and Saturdays and those are the 2 days we play. Can it just be a connection problem seen as an attack as Sandman is from Alabama and is sure not crashing the server, as he's the one that revived this game. He said he'll be upgrading is internet connection this week so maybe there were lost packages that made the server crashed.

Other option is that someone is crashing the server using proxys since coming from so many different locations. Swbf community is growing since the past 2 months with the posts made on gametracker and the new fb page so a hacker may have see it and got into crashing servers.

Also, I replied to your mail Phobos, but I can't see it in my sent messages so I don't know if you received it so I'll repost it here.

I went through your rotation and I found 3 more maps that were making the ps2 reload. nab1c = plains clone, rhn2a = citadel gcw, yav1i = temple gcw. All the others were fine. Snake was testing the bug last week hosting a server named ps2reloadingtest and we could join maps that used to make our ps2 reload too.

Finally, last request ;) can you lower the reinforcements to 120 and if not, just put back the ais to 8, otherwise the maps are lasting too long.

Thank you guys for all your efforts, hope one day we can play crash free.

Something weird is going on and I don't understand it.  Some clients are repeatedly asking the game server for a status update.  It may be client related, or it may be server related. 

At this point, based on what I have seen, I do not think it is malicious, but I don't know what is causing it.  I had two computers from Germany do the same thing to my game server.
Quote from: Abraham Lincoln. on November 04, 1971, 12:34:40 PM
Don't believe everything you read on the internet

Is the dns address that we use are Christian's dns from Germany, so it's normal?

February 14, 2017, 08:49:39 PM #5 Last Edit: February 14, 2017, 09:07:09 PM by Drunken_Master
What is clear after some research is that these attacks are not intentional from the sources.  Setting up Wireshark on Alpha server to see if can replicate it. It might be useful to have more info on packet captures.

JackDaniel, do I understand correctly that this is happening on playstation as well?  If so that is a good hint

Yes we play on ps2 and I'm not aware if there is still a community on PC. But we played tonight 7 maps on our server and no crashes.

February 15, 2017, 03:06:55 AM #7 Last Edit: February 19, 2017, 03:04:56 PM by Phobos
Quote from: JackDaniel on February 14, 2017, 07:40:10 PM
Other option is that someone is crashing the server using proxys since coming from so many different locations. Swbf community is growing since the past 2 months with the posts made on gametracker and the new fb page so a hacker may have see it and got into crashing servers.
In this case all the hacker's proxy IPs would get banned.

Quote from: JackDaniel on February 14, 2017, 07:40:10 PMI went through your rotation and I found 3 more maps that were making the ps2 reload. nab1c = plains clone, rhn2a = citadel gcw, yav1i = temple gcw. All the others were fine. Snake was testing the bug last week hosting a server named ps2reloadingtest and we could join maps that used to make our ps2 reload too. Finally, last request ;) can you lower the reinforcements to 120 and if not, just put back the ais to 8, otherwise the maps are lasting too long. Thank you guys for all your efforts, hope one day we can play crash free.
I'll add this soon to the server

Quote from: JackDaniel on February 14, 2017, 07:07:25 PM
the 5 guys in the server at that time are regulars that want to play and have no reasons to be crashing the server. They are all crew members and know each others and been playing this game for years.
The PS2 crash had unusual ports such as 49242-49246 & 56892 being used to spam \basic\\info\ packets which crashed the server. It sounds like Sandman would not intentionally crash the server, so I'm wondering what could be causing this.

Quote from: Led on February 14, 2017, 07:54:40 PM
Something weird is going on and I don't understand it.  Some clients are repeatedly asking the game server for a status update.  It may be client related, or it may be server related. 

At this point, based on what I have seen, I do not think it is malicious, but I don't know what is causing it.  I had two computers from Germany do the same thing to my game server.
status\\0000 UDP spam packet attacks were used against TWD server from a German IP address. This didn't cause the server to crash so it may not be malicious, although it continued for about 3 hours nonstop.

Quote from: Drunken_Master on February 14, 2017, 08:49:39 PM
What is clear after some research is that these attacks are not intentional from the sources.  Setting up Wireshark on Alpha server to see if can replicate it. It might be useful to have more info on packet captures.
The attacks appear to be somewhat different from each source, I'm not yet convinced they are all unintentional. Until more information is known about the cause of this issue, I'm keeping most of the current bans in place. If you can replicate something on the Alpha server with Wireshark we might find out more of what's causing it.



Quote from: Sandman on February 19, 2017, 01:49:06 PM
Hello all..SANDMAN here..just joined the site..I've just had a new WIFI network installed over the weekend and was able to play just fine Friday and Sat night on your server..had a dns crash with server error message 612 late last night..made me toss my controller across the room..I've got a crew of 10 players..been playing this game off and on since '06..plz keep me in the loop and I'll share with my crew via text and our FB page..thx
Quote from: Phobos on February 19, 2017, 02:51:39 PM
We're not sure exactly who caused the server to crash, but it was your (Alabama) IP that was last shown in the packet capture before the PS2 server crashed. This ban is removed for now until further investigation is done on the packet capture. We can likely host the other server you've requested, as the PS2 servers use less CPU/RAM than the PC servers. That's great to hear there are still many active players on the PS2. :cheers:

Quote from: Phobos on February 15, 2017, 03:06:55 AM
In this case all the hacker's proxy IPs would get banned.
I'll add this soon to the server
The PS2 crash had unusual ports such as 49242-49246 & 56892 being used to spam \basic\\info\ packets which crashed the server. It sounds like Sandman would not intentionally crash the server, so I'm wondering what could be causing this.
status\\0000 UDP spam packet attacks were used against TWD server from a German IP address. This didn't cause the server to crash so it may not be malicious, although it continued for about 3 hours nonstop.
The attacks appear to be somewhat different from each source, I'm not yet convinced they are all unintentional. Until more information is known about the cause of this issue, I'm keeping most of the current bans in place. If you can replicate something on the Alpha server with Wireshark we might find out more of what's causing it.

what is the update?

Hello all..SANDMAN here..just joined the site..I've just had a new WIFI network installed over the weekend and was able to play just fine Friday and Sat night on your server..had a dns crash with server error message 612 late last night..made me toss my controller across the room..I've got a crew of 10 players..been playing this game off and on since '06..plz keep me in the loop and I'll share with my crew via text and our FB page..thx

Thx for the server to use, guys..I'd like to mention that my crew and I are not new..been playing this great title since '06..and then found workarounds thru the gamespy, openspy, gamemaster, etc yrs..lol..having said that, my crew and myself equals 12 players..we'd like to see if at all possible a different server if you're able to set up a secondary server at all..would be great if it had reinforcements of 300..friendly fire off/auto aim on/8 AI per team/auto assigned..Cloud City (not platforms)..Mos eisley..Naboo Theed..Rhen Var (both maps)..just tossing that out there..plz lemme know if it requires funding or whatever you need, we just need a place to get after it and our so called ADMIN went AWOL..so we're kinda stuck..thx
P.S....I'm not a hacker, but flattered some might think so..lol

Quote from: Sandman on February 19, 2017, 02:13:59 PM
Thx for the server to use, guys..I'd like to mention that my crew and I are not new..been playing this great title since '06..and then found workarounds thru the gamespy, openspy, gamemaster, etc yrs..lol..having said that, my crew and myself equals 12 players..we'd like to see if at all possible a different server if you're able to set up a secondary server at all..would be great if it had reinforcements of 300..friendly fire off/auto aim on/8 AI per team/auto assigned..Cloud City (not platforms)..Mos eisley..Naboo Theed..Rhen Var (both maps)..just tossing that out there..plz lemme know if it requires funding or whatever you need, we just need a place to get after it and our so called ADMIN went AWOL..so we're kinda stuck..thx
P.S....I'm not a hacker, but flattered some might think so..lol
We're not sure exactly who caused the server to crash, but it was your (Alabama) IP that was last shown in the packet capture before the PS2 server crashed. This ban is removed for now until further investigation is done on the packet capture. We can likely host the other server you've requested, as the PS2 servers use less CPU/RAM than the PC servers. That's great to hear there are still many active players on the PS2. :cheers:

Dude, I have to get my daughter to program my smart TV..lol..a little embarrassing to say I do not know what a "packet capture" is..I can only surmise it or google it...just let me know whatever you need from me