Fake servers in Counter-Strike #2064
Comments
|
This effects all versions? |
|
Yes, it affects all mods, regular Half-Life as well. All GoldSrc based games are affected by this, on all OSes. It's really a game breaker. I thought I report this "bug" here since it affects all OSes. At the moment, 75% of servers are like this. It tries to connect to them (3 bars), then it joins an another server, which will hack my game. The best solution would be getting rid of the fake servers on the main server list. |
|
Sadly, this is not the place to report it; this is for bugs regarding the linux version, not the service (which is causing the issue). |
|
But it affects the Linux version too, and it should be fixed. I don't get why Valve allows players to host fake servers and hack other players' computers. It's impossible to play the game via server list. As I said, it's not a bug, but it's a game breaker. It's a feature request just like https://github.com/ValveSoftware/steam-for-linux/issues/1006 is and it should have been in first place already. The game is completely unplayable to me because of this. I hope Valve could AT LEAST take a look at this. |
|
How is this NOT a bug? If this is the way you treat your customers I'm pretty so I won't be buying anything from you again. I'm in the same situation as nullcollision is. I can't find any proper games, just a list full of fakes. This seems to also affect the Steam server browser. |
|
@unrealz0r. I'm not a Valve employee, first and foremost. Second, this isn't a bug regarding the linux client; there are other places for this report to go. Being the linux client is still in beta and so many people are having a problem even connecting, you'll probably see a change in what servers are available. The issue is a well-documented one with a LONG history. Lets not forget that the game is from '99~'00. Many of the servers available were created ages ago and were hijacked sometime in the recent past (I'm reading some of the hijack articles going back 5 years). The solution will be twofold. First, as more legit players come to play, there will be more clean servers. Second, there will be an increase in awareness of the issue due to an increased amount of players. More complaints about a given server, the more that will be taken down. Because of how these servers function, you have to take them down as they are detected; a fell-swoop won't do much. The community has to be as proactive as the developers. Valve can and will see this; closed issues don't go away. On an aside, There are dozens of walkthroughs on how to easily hijack a CS1.6 server. CS:S and CS:GO are both safer until a patch can be made. |
|
We can only hope Valve fixes this, as with Linux support I can bet there will be more angry customers. Valve should make some kind of a authentication system for the master server as well, as I can see there are many unauthorized servers there (everyone has VALVE_ID_LAN). I can only hope for the best. |
|
Like I said, part of it is finding servers you know are good. Most communities that hosted CS1.6 servers dropped them for CSS. Those that remained (many being home-based servers) got hacked and hijacked because of a very big security gap. 13 years ago, game 'sploits were everywhere. The only way that these servers will become less of an issue is people actively moderating their own servers... which requires more people playing. There will be the same amount (potentially a few more), but the percentage of them in the server list will drop. |
|
The problem is that the server admins are doing this themselves, they want more players on their servers. In my opinion doing this is wrong. I still know many communities which play 1.6, it's a very popular game in my country as well. It shouldn't be too hard for Valve to filter out these servers. The redirect ones, I mean. It's not fair against other server owners. Pirates also have their own, redirect filtered masterserver, why can't we have one? I respect Valve as a company, but it just seems kinda random to me to not filter them. I hope you get my point. :) |
|
That's just it though; the server admins largely -aren't- doing it themselves; the person who hijacked the server set up the hijacked system to forward it to one of theirs which modifies the client into adware.. True, a master server would help. Here's hoping they take suitable action. |
|
That's wrong. A lot of these servers are put especially by some server admins, mostly from eastern europe if you check the IPs. Some IPs have hundred of fake servers, they just have different ports. It's quite easy to do, there are tools available that let you do it. Checking the server list, it looks like 95% of servers are fake ones for me. There are more thousands of fake servers coming from 2-3 different IPs. I get a few real servers, which seem to be mostly empty. And I have noticed a few times that the servers were able to replace the client files with different ones, I had my game menu modified as well, and other menus too. That's not limited to fake servers. Some real servers do it as well. |
|
This was discussed all over the place. http://forums.steampowered.com/forums/archive/index.php/t-1667666.html has a great article from two years ago which gives a few work-arounds. This is a nice early one: http://www.shoot-em.com/forum/how-i-removing-the-ads-t590.html which offers a way to prevent the config re-write. Utilizing both is a good way to keep yourself safe until a fix comes. |
|
I do plan to address the issue of fake servers, perhaps not with the initial release but certainly shortly there after. |
|
I'm glad to hear about that. :) |
|
Just a comment about this screen: What you showed can be done using a non-steam client (protocol 47), if you use Steam CS Client (protocol 48) nobody can do that to your game client |
|
@Neeeeeeeeeel: This has happened me to with Protocol 48 client on Steam, too, so I doubt that. |
|
@Neeeeeeeeeel: That is still possible to do on latest public version. However, Alfred said that he fixed that in beta version, I didn't test that yet, so I can't confirm. |
|
Mmm I remember I tested (some time ago) and I can't |
|
If anyone's still having issues (and didn't bother reading the articles I mentioned), the best way is to chmod your config file so it's readable, but not writable. 544 or something of the sort should suffice as a stop-gap. |
ghost
assigned
|
The update today has changed the serverbrowser to not include bots in the player count for a server, so this should help filter out these fake servers. Just tick "has users playing" in the filter options. |
|
Is this just for 1.6 or for Steam as well? |
|
Just for Goldsrc games (so cs and hl1 for now, and the rest soon). |
|
The filter helps with fake servers, though there are still quite a lot of No Steam/Cracked servers which are full of people that are using non-steam cracked versions of the game. It can be seen with their SteamIDs which are invalid. Most of these servers are full of cheaters. |
|
@anakin1 under filters set Anti-Cheat to secure, is that what you're looking for? |
|
No. These servers are all showing as secured, while they are not. I guess they are either faking the status, or it's just that their crack allow clients that are not running VAC to connect anyway. |
|
Alfred, Too much fake game server displayed in the list of masterserver. The following fake servers IP's: 88.255.155.2:27015 |
|
You should publish that fake list to some "hack me if you can list" :D |
|
@mikela-valve AFAIK there seems to be some login issues and how You need to use |
|
I don't think it's possible to host multiple dedicated servers at once when using account login, but i've never tried that. I did just try to launch the HLDS downloaded through the Steam client multiple times through Steam, it looks like HLDS itself just defers to the first launched instance. I don't know if the same happens when using SteamCMD. I don't know if logging in to host causes problems with older clients, i've certainly never heard of anything like that. |
|
@SamVanheer No, it is not possible to host more than one server using the same Steam Account. People is not using Steam Tools to download official HLDS that is being advertised on Steam because there is no way to host more than one server plus you don't need Steam at all to open your server. |
|
@mikela-valve Filtering seems to not be catching properly the entire servers that are logged to Steam correctly. I got it listed correctly on my Favorites list and filter seems to be working. Internet tab is not showing that server with the new filter enabled, weird.
You need to refresh filters and moving some things to get the entire list to be released properly. Internet server list being updated correctly after touching some filters back and forth.
|
|
@basuritashka I think the weirdness you're seeing is just that the server's Steam ID isn't necessarily received in the first info response for the game server, it's filled in later and initially marked as anonymous until it gets that information so it's being filtered out. Did the server you were checking eventually show up after you'd refreshed again? |
|
@mikela-valve Yes, it got filtered correctly after many refresh and touching certain filters. Always the first request when launching CS seems to not be catching the entire internet list. This is happening regardless using |
|
Everything is fine now. But write some article bout assigning a steam account to the server. And that's all. It's just udp problems, not related to fake servers. |
|
But... Game hosting which provide some space(resources) for hosting game server, for example hl1/cs1.6 So, by default there no access to root dir(in this case where hlds_run placed). And the main problem in this case steamcmd installing way. Then we got 1000 server's on one hosting which can be banned when one server using for spread malicious files. Simple;
User 2500 spreading some kind of malicious files. Moderator come and ban this CSteamID on masterserver, all 3000 server's get ban. Did you even read our posts? I don't know why you making crappy fixes, where normal fixes exists. We loose some server's? Many of server owner's gonna create topic's (Oh my gush, why my server not on steam master server after august update) and we can write response, where gonna describe that they must add their steam api web token's for adding server's to MS. This can't be fixed in ServerBrowser, alo, garaj. #2064 (comment) Can you call someone from Valve who is currently involved in Master Server development? |
|
@afwn90cj93201nixr2e1re If by "Steam API key" you mean "Steam Web API key", it won't work because the key can be regenerated differently for the same domain.
If Valve (and/or the community) explicitely announce any change like that, then it's up to the servers operators to read that announcement, stay informed and take the necessary precautions if needed. |
|
Thank. This works for me. Most fake servers no longer appear on the list. But I still see a lot of non-original garbage servers (REHLDS and so on) that are not marked in any special way. Can you add filtering to highlight the original genuine servers from VALVE, from third-party servers? Now they are all on the same list. Maybe add a column showing the version of the server? That would be good. I remember that in CS 1.5 there was something similar, it was even displayed on which platform the server is located (Windows \ Linux). Now for this purpose you have to use a third-party program "HLSW", which is not very convenient. It would be nice to add a new column with the server version hidden by default. And \ or another filter that allows you to separate VALVE oniginal servers from fake ones (In the conscience of a third-party developer). |
No, i don't.
So, i don't get why you just replied same thing with diff. word's, im talking about:
OLD server's and server's with non-steam support. |
|
I think someone dont see this is about FAKE SERVERS not about what type of server are you run...lmao... Cheers |
At least read the comments... |
|
You understand what i trying to say? I think you confused... |
|
Is there any progress on this? Adding sv_setsteamaccount cvar, where you can get your login_token from https://steamcommunity.com/dev/managegameservers like CS:GO should be considered. I think that allowing one server per token will potentially stop fake servers. |
|
already discussed before. |
|
In China, servers are flooded with fake servers, approximately 7,000 of them. Some of these fake servers: https://prnt.sc/3UnDtff_7Cqh |
|
After enabling has associated steam account, there are still about 7000+ fake servers. some fake ips: 1.12.53.144 In total, these IPs provide approximately 7,000 fake servers. |
|
fake servers in the internet tab still going, has anything been done since 2013? |
|
Sorry for dead thread posting but are any valve employees finally gonna fix the fake virus servers? especially the ones with keyloggers. |
These are just fake servers to redirect to the target game server. This fake servers do not exploit any vulnerabilities in the game client. Also, all known RCE vulnerabilities were fixed in the engine's anniversary update. |
Either we (or valve) like it or not, the majority of players still play the game thru pirated versions, this fake servers are to target those people more than real steam users, this issue should continue to be a priority to fix if we really care about the longevity of the game. |
|
no its a steam problem. first of all there is a difference in counting legit steam players in internet and favorites tab.
|
On the contrary, new fake servers that appeared last year are aimed at Steam players. Because these servers are able to replace the number of players not only in the connectionless S2A_INFO message, but also in the output from the master server (for example, in the Internet tab in the server browser). Look at the master server output: As you can see, the master server thinks that there are 30 players on the server, because these fake servers use Steam account farms to authorize these accounts on the fake servers (in order to be counted in the master server). The problem is quite fundamental. Currently, registration of a game server in the master server is free (servers are issued a steamid with the account type "AnonGameServer"). I would suggest making GSLT (Game Server Login Token, https://steamcommunity.com/dev/managegameservers) registration mandatory, as well as a server cvar for GSLT |
In the Internet/Spectate server tabs, the browser first obtains information about game servers from the Steam master server (a reliable source), and then queries each server using A2S_INFO messages. So in these tabs the game client displays information about players from a reliable source (Steam master server), but sometimes a bug occurs and information is displayed from an unreliable source (S2A_INFO from game server). I believe this difference in tabs is made so that Favs/Hist/Lan can work offline, that is, without an Internet connection. |
|
@kisak-valve @alfred-valve when will you clean up the Internet tab fake servers? |
and others
This is not a bug, but rather a feature request to fix an annoying thing in Counter-Strike. The server list is plagued with redirect and fake servers. It's really hard to find a regular server, most of the servers redirect to a specific one.
In order to spot a fake server I have to right click it and check "show server info". On fake servers everyone has played the exactly same amount of time.
It's really annoying, I guess it shouldn't be too hard to do something to them. Most of these servers also rebind your z, x, c keys to spam a specific spam message. Some of these servers also change my Gamemenu.res so I can join their servers from the main menu. They also bind some keys to join their servers. Ridiculous!
Most of these servers are also still Protocol 47 (with some kind of a compatability patch for 48 clients).
I hope you could do something about this. I want to play CS the way it's supposed to be played. This affects all OSes.
The text was updated successfully, but these errors were encountered: