-- [ Picked text/plain from multipart/alternative ] > > "There is a logging bug in the game server right now where steam id's for > players very occasionally get mixed up, we are looking into it. However, > this mixup CANNOT cause you to be banned, the game server has nothing to > do with cheat banning. It is also not possible to Steam a SteamID, you > need the Steam account name and password to get access to a Steam ID > (with the exception of the above logging bug, but that does not effect > ANY other steam services). > > - Alfred" >
Dear Alfred, I'm very glad to hear that you guys are aware there is an issue with steamid's getting mixed up. The problem we are having on the servers, however, is different. Someone is exploiting your bug to mask their steamid. They are combining the exploit with a hack that causes a client crash whenever any client connected to the server presses the console key (~). When enough clients crash, the server also crashes due to a memory read error. This has been happening to us nightly. Although the steamid mixup may not get you directly banned by vac, it can result in a ban from the server. For instance, we had a hacker come in using one of our regulars steamid's. Someone else sent an admin page and one of my admins went in there and banned the guy who was hacking. However, since the steamid was spoofed, it was the regular (non-hacker) who actually received the ban. The site that we believe released the hack in the first place ( http://www.icthacks.com ) no longer allows activation of new users. My guess is that they don't want server admins or valve developers finding out about the exploit. But that is just speculation. After searching through my server logs for a while, I found a few examples of what happens when a hacker uses the exploits described above. *********************************************** First, you will see someone connects with STEAM_0:1:5549997 from 68.37.174.181:27005. In this instance, he actually stole the name of two of my clan members. > L 12/08/2005 - 03:34:37: " #LANFusion | n!Que<64><*STEAM_0:1:5549997*><>" > connected, address *"68.37.174.181:27005"* L 12/08/2005 - 03:51:43: " #LANFusion | OpethGuitarist<83><* > STEAM_0:1:5549997*><TERRORIST>" say "-CONSOLE CRASHER- *Activated* -- > Pressing The Console Key Will Crash You!" > L 12/08/2005 - 03:51:44: " #LANFusion > | OpethGuitarist<83><STEAM_0:1:5549997><TERRORIST>" say "-CONSOLE CRASHER- > *Activated* -- Pressing The Console Key Will Crash You!" > L 12/08/2005 - 03:51:58: CONSOLE : Banned (By Admin [ZER0] > [STEAM_0:1:5945859]) [ #LANFusion | OpethGuitarist] [STEAM_0:1:5549997] > banid 0 83 kick > Now from a log on another one of my pubs (notice the same IP address as above, doing the same exploit, but with a different SteamID): > L 12/07/2005 - 15:43:14: "unnamed<149><STEAM_0:0:9671272><>" disconnected > (reason "unnamed timed out") > > L 12/07/2005 - 15:53:03: "r4g3dSkillz<186><STEAM_0:0:9671272><>" > connected, address "*68.37.174.181:27005*" > > L 12/07/2005 - 15:58:17: "r4g3dSkillz<186><STEAM_0:0:9671272><TERRORIST>" > say "timed out = i crashed you" > *********************************************** And below is an example of the whole process (from the guy joining to when he times everyone out). Notice he connects with STEAM_0:1:6482383 but it is instantaneously changed to STEAM_0:1:7215241. It seems that everyone joining the game since the last update experiences the same thing (it says one steam id and then changes to another once its validated) however, looking at the logs before the steam update, it used to say just STEAMID PENDING and then list the actual steamid once validated. I believe this is what you were referring to in your response to my last email. Below you can see him connecting, spamming some combination of  (and spaces), changing his name to Â, and then everyone times out (including him) at the same time. L 12/15/2005 - 01:56:29: "The Boy who Lived<1069><STEAM_0:1:6482383><>" connected, address "70.137.155.158:43620" L 12/15/2005 - 01:56:30: "The Boy who Lived<1069><STEAM_0:1:7215241><>" STEAM USERID validated L 12/15/2005 - 01:56:43: "The Boy who Lived<1069><STEAM_0:1:7215241><CT>" say " " L 12/15/2005 - 01:57:14: "The Boy who Lived<1069><STEAM_0:1:7215241><CT>" say "  " L 12/15/2005 - 01:58:22: "The Boy who Lived<1069><STEAM_0:1:7215241><CT>" say "  " L 12/15/2005 - 01:59:58: "The Boy who Lived<1069><STEAM_0:1:7215241><CT>" say " " L 12/15/2005 - 01:59:59: "The Boy who Lived<1069><STEAM_0:1:7215241><CT>" say " " L 12/15/2005 - 02:02:10: "The Boy who Lived<1069><STEAM_0:1:7215241><CT>" changed name to " " L 12/15/2005 - 02:02:14: " <1069><STEAM_0:1:7215241><CT>" say "  " L 12/15/2005 - 02:04:09: "UM A BEAST<1048><STEAM_0:0:6940564><CT>" disconnected (reason "UM A BEAST timed out") L 12/15/2005 - 02:04:09: "tricky<969><STEAM_0:0:7880609><CT>" disconnected (reason "tricky timed out") L 12/15/2005 - 02:04:09: "[bk]`Imortal cow king<1027><STEAM_0:1:6134381><CT>" disconnected (reason "[bk]`Imortal cow king timed out") L 12/15/2005 - 02:04:09: "Roast Beef Curtains<1064><STEAM_0:1:3823464><CT>" disconnected (reason "Roast Beef Curtains timed out") L 12/15/2005 - 02:04:09: " <1069><STEAM_0:1:7215241><CT>" disconnected (reason " timed out") L 12/15/2005 - 02:04:09: "Half Way Crook<1073><STEAM_0:1:6890111><TERRORIST>" disconnected (reason "Half Way Crook timed out") L 12/15/2005 - 02:04:09: "A T T I C U S<975><STEAM_0:1:6469246><TERRORIST>" disconnected (reason "A T T I C U S timed out") L 12/15/2005 - 02:04:09: "NS3 | kayla >k<<993><STEAM_0:0:4618223><TERRORIST>" disconnected (reason "NS3 | kayla >k< timed out") L 12/15/2005 - 02:04:09: "EasyTarget<864><STEAM_0:0:5270228><CT>" disconnected (reason "EasyTarget timed out") L 12/15/2005 - 02:04:09: "Gandhi<1068><STEAM_0:1:6962500><TERRORIST>" disconnected (reason "Gandhi timed out") *- then he connects again (notice the first STEAMID is different this time) -* L 12/15/2005 - 02:04:43: "               Â<1077><STEAM_0:0:6940564><>" connected, address "70.137.155.158:43620" L 12/15/2005 - 02:04:44: "               Â<1077><STEAM_0:1:7215241><>" STEAM USERID validated *- and again -* L 12/15/2005 - 02:06:52: "Guy              <1080><STEAM_0:1:3823464><>" connected, address "70.137.155.158:43620" L 12/15/2005 - 02:06:53: "Guy              <1080><STEAM_0:1:7215241><>" STEAM USERID validated *********************************************** It appears that when people are originally connecting to the server, the first steamid it links them to is actually the steamid of the last person to disconnect. Once it validates, it changes the steam id. I think the people spoofing steamid's are stopping the validation process, keeping their steamid masked. Below is an example of someone disconnecting, and then showing the next person connecting. Notice the steamid's L 12/09/2005 - 02:16:45: "Me<797><STEAM_0:0:*5184921*><TERRORIST>" disconnected (reason "Disconnect by user.") L 12/09/2005 - 02:56:31: "-=AoC=- 512 to the dome<810><STEAM_0:0:*5184921*><>" connected, address "192.152.243.15:8821" L 12/09/2005 - 02:56:32: "-=AoC=- 512 to the dome<810><STEAM_0:1:5531226><>" disconnected (reason "STEAM UserID STEAM_0:1:5531226 is banned") *********************************************** Now you will see one of the people using the crash exploit connecting to the server. His steamid doesn't validate and therefore doesn't change. And he even says that he has a random generating steamid. Then I've included just some of the people timing out while he's doing the 'console crasher'. L 12/07/2005 - 16:03:33: "r4g3dSkillz<206><STEAM_0:0:3359070><>" connected, address "68.37.174.181:27005" L 12/07/2005 - 16:03:39: "r4g3dSkillz<206><STEAM_0:0:3359070><>" entered the game L 12/07/2005 - 16:04:00: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say " " L 12/07/2005 - 16:04:01: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say " " L 12/07/2005 - 16:04:03: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say "-CONSOLE CRASHER- *Activated* -- Pressing The Console Key Will Crash You!" L 12/07/2005 - 16:04:24: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say " " L 12/07/2005 - 16:04:24: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say " " L 12/07/2005 - 16:04:25: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say " " L 12/07/2005 - 16:04:26: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say " " L 12/07/2005 - 16:04:26: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say " " *L 12/07/2005 - 16:05:01: "Raptor007<191><STEAM_0:1:3754689><CT>" disconnected (reason "Raptor007 timed out")* *L 12/07/2005 - 16:05:29: "TC<182><STEAM_0:0:6233054><CT>" disconnected (reason "TC timed out")* L 12/07/2005 - 16:05:25: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say "open your console and get my steamid please LOL!" L 12/07/2005 - 16:05:53: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say "i cant be banned" *L 12/07/2005 - 16:05:58: "N.W.S. { WRAITH } uk<208><STEAM_0:0:9004301><CT>" disconnected (reason "N.W.S. { WRAITH } uk timed out")* L 12/07/2005 - 16:06:04: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say "i have a random generating steamid" L 12/07/2005 - 16:06:33: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say "press the console key and see my status steamid" L 12/07/2005 - 16:06:36: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say " " *L 12/07/2005 - 16:08:30: "DR. DEATH=DS=<197><STEAM_0:0:7018411><CT>" disconnected (reason "DR. DEATH=DS= timed out")* *L 12/07/2005 - 16:09:46: "√Ip.Frank the Tank<211><STEAM_0:1:1585909><TERRORIST>" disconnected (reason "√Ip.Frankthe Tank timed out") * *L 12/07/2005 - 16:11:06: "[̲̅J̲̅i̲̅m̲̅ٿ̲̅]<205><STEAM_0:1:5877082><CT>" disconnected (reason "[̲̅J̲̅i̲̅m̲̅ٿ̲̅] timed out")* *L 12/07/2005 - 16:11:57: "DriveBy<207><STEAM_0:1:7343850><CT>" disconnected (reason "DriveBy timed out")* *L 12/07/2005 - 16:14:13: "Kankles<225><STEAM_0:0:372690><CT>" disconnected (reason "Kankles timed out")* L 12/07/2005 - 16:15:06: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say " " L 12/07/2005 - 16:15:07: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say "-CONSOLE CRASHER- *Activated* -- Pressing The Console Key Will Crash You!" L 12/07/2005 - 16:15:08: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say "-CONSOLE CRASHER- *Activated* -- Pressing The Console Key Will Crash You!" L 12/07/2005 - 16:15:08: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say "-CONSOLE CRASHER- *Activated* -- Pressing The Console Key Will Crash You!" L 12/07/2005 - 16:15:09: "Fo Rizzle My Nizzle<193><STEAM_0:1:9244162><TERRORIST>" say "i own in ofice" L 12/07/2005 - 16:15:09: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say "-CONSOLE CRASHER- *Activated* -- Pressing The Console Key Will Crash You!" L 12/07/2005 - 16:15:10: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say "-CONSOLE CRASHER- *Activated* -- Pressing The Console Key Will Crash You!" L 12/07/2005 - 16:15:11: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say " " L 12/07/2005 - 16:15:50: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say "-CONSOLE CRASHER- *Activated* -- Pressing The Console Key Will Crash You!" L 12/07/2005 - 16:15:51: "r4g3dSkillz<206><STEAM_0:0:3359070><TERRORIST>" say "-CONSOLE CRASHER- *Activated* -- Pressing The Console Key Will Crash You!" *- and you can see him connecting earlier, without the steamid changing -* L 12/07/2005 - 15:53:03: "r4g3dSkillz<186><STEAM_0:0:9671272><>" connected, address "68.37.174.181:27005" L 12/07/2005 - 15:53:10: "r4g3dSkillz<186><STEAM_0:0:9671272><>" entered the game L 12/07/2005 - 15:53:15: "r4g3dSkillz<186><STEAM_0:0:9671272><Unassigned>" joined team "CT" *********************************************** If you guys would like, for research purposes, I will give you access to all my logs. Maybe with that you could see more closely how these people are doing this. Also, I urge any other server owners experiencing this type of thing on their servers to look through the logs and post similar instances. Regards, Aaron Matthews #LANFusion | Bugs CEO, LANFusion LLC. http://www.lanfusion.com 69.9.36.4 (40 man, 66 tic) 69.9.36.7 (32 man, 66 tic) 69.9.43.180 (24 man, 100 tic) 69.9.43.181 (24 man, 100 tic) 69.9.43.182 (18 man, 100 tic) -- _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
