-----
tl;dr if you're playing in a casted match make sure you use a fresh IP and keep it hidden as best as you can, because someone has been collecting IPs for as many TF2 players as he could
-----

First of all, the word "hacker" from the title could mean a person using technology in some clever way (with no evil in mind), or it could be the media's definition of the word, meaning a computer criminal.
I don't know for sure the intent of this person, so I'll leave open what kind of hacker we're dealing with here.

Late last night I found out that someone has been downloading the zipfiles for all serveme.tf and na.serveme.tf reservations for the past 5 weeks. These zip files contain two things, the STV demos and the server logs files. Server log files contain the connect info of a player (IP).
Normally these zip files are only accessible for people playing in the reservation, the link to download them is not given out to other people. There is no login-restriction on the download though, so you could share the link to the zip file with a friend for example.

Now the hacker wrote a bot to scrape the serveme.tf's new reservation form (to get a list of servers) and the recent reservations page. By combining the information the bot could construct the zip file URLs of the recent reservations and schedule a download at the expected end time of a reservation.
All of this became apparent by looking at my serveme.tf webserver logs. Automated visits to the reservation page every 10m, the subsequent downloads of all the zips. But I also noticed a few HTTP referrers in the download of some zip files. This is the origin site of an incoming link to your site, meaning the hacker had a site where he sometimes would click on a zip URL hosted on serveme.tf.

Using this HTTP referrer, I was able to find one of the control pages for the bot and made this screenshot:

http://i.imgur.com/T1KGNQf.png

As you can see, it's quite a fancy tool, and this is just one PHP page, there might be more. Now I can certainly commend someone for building something like this, however that screenshot has 2 scary parts that make me think that STV demos might not be the reason for this tool to exist.
There's a "x connection sequences processed" message, underneath a table that has a column "IP address" and "MySQL". This means that this tool would search through the logfiles of downloaded zips and enter all found players, their names, steam ID and IP in a database so it can be easily queried.

In my search for this person I found some interesting things about the hacker:
- A couple of older alt accounts, ending their activity when a new account would start getting used
- Ton of played games on TF2Center, with a lot of ban requests filed for hacking. No hard proof, just some really good logs.tf stats
- UGC team
- A number of home IP addresses
- Recently donated to na.serveme.tf, with a fake name and address

I've contacted this person and he insists he's just downloading these files for the STVs, but interestingly the VPS hosting the site and bot has been taken offline.

Now this is all could be coincidental, but recently we've also seen an uptick in DDoSes directed at the TF2 community. Most recently the DDoSing of TF2Center (server got DDoSed), and the froyo vs street hoops match (players getting DDoSed). Especially in the last case a database of players and their IPs would be very useful.

Which leads me to the following actions and recommendations:

- If you're in a casted match, make sure your IP is secret
- serveme.tf will start removing IPs from logs (like logs.tf does)
- serveme.tf will add a random component to the ZIP URLs so someone can't just start guessing them all

I've asked the person responsible to reply in this thread.

Why is texas a horrible location to host?

Being able to switch locations instantly if you or your opponent pings badly to the server. That's coolest thing in my opinion. A lot of people using serveme.tf also say it's easier than renting and configuring a server yourself.

In Europe you can get away with just getting premium, since there are so many servers available, so that would be significantly cheaper at 5 euros per 3 months.

In NA I don't have as many servers (and they're all tragicservers already anyway :) ), so premium might not guarantee you a server, but if you can live with that (just book a server 1h in advance) it would be cheaper than renting a private server. Just like in EU you can always pick the best location for your game.

I've considered making all serveme.tf STV demos public, but haven't for two reasons:
- The zip containing the demo also contains the server log files, these contain all the player IPs as well. So I would have to take out these logs or filter the IPs from them like logs.tf does.
- Teams might not appreciate all their STVs being public.

I like how TF2Stadium's serveme.tf integration is free, instead of TF2Center's which requires a €5/month payment.

Hopefully people will spend those €5 on 3 months of serveme.tf premium, instead of 1 month of TF2Center donator perks, cuz I got bills bills bills xD

jota, asfq, Yuni, HellHound, enjoy matchmaking <3

Possibly just started happening due to a TF2 update, because I don't remember this being a problem all the time.

Any site that puts actual articles on the front page instead of a cup from Jan 31 has my support.

Yes

Trying to start slow, because I need to figure out server performance and settings first. So not doing a big public launch yet.

I'm preparing to launch a serveme.tf for CS:GO. Starting in the EU with servers in France, the Netherlands and Germany, followed shortly by NA with servers in Dallas, Chicago and Denver.

Haven't though of a proper domain name yet, so it's csgo.serveme.tf for now ;)

The EU version is up and ready to go, the NA version should be available later in March. So give it a try and let me know what's missing in terms of maps, configs, plugins, or w/e.

Oh wut....I though this was a dead giveaway: https://github.com/SizzlingStats/sizzlingplugins/blob/master/sizzlingstats/LogStats.cpp#L148

Guess I was wrong :)

Sizzling and logs.tf work on log lines. Sizzling works on streaming logs (every log line gets sent to sizzling when it happens), while logs.tf parses log files uploaded to the service.
Some log lines are built-in by default to the TF2 server, others are added by plugins (heals, damage, accuracy, airshots).

If you want accuracy stats and damage per shot, this is what you need:

- A plugin that supports accuracy logs, e.g.: TFTrue with tftrue_logs_accuracy 1.
- A server with this plugin loaded and setting enabled.
- Either you get the logs from the server after your match and process it. Or you build a log listener program that can receive streaming logfiles (through the logaddress_add command) and you could do it live.

I'm seeing an increased amount of crashes, the backtrace of which have me suspicious about TFTrue (libc -> tftrue). Seems especially prevalent on some maps, koth_product_rc8 and cp_process.

I've sent Anakin a core dump, but I'm curious if anyone else running servers sees the same. I see it on a lot of my EU servers, but also on the NA servers provided by tragic.

Update:
Anakin has found the cause and is working on a fix. In the meantime you'll want to set "tftrue_restorestats 0"

logs.tf has per round stats, kills and damage per team and per player. You can enable per-round uploading in TFTrue. I'm not sure how readable it is during the game though.

I have a preference for TFTrue + logs.tf. I think the site is prettier, easier to read and more informative, also airshots.

Click on a round :)