Account Details
SteamID64 76561197960497430
SteamID3 [U:1:231702]
SteamID32 STEAM_0:0:115851
Country Netherlands
Signed Up October 13, 2012
Last Posted February 24, 2025 at 5:32 PM
Posts 727 (0.2 per day)
Game Settings
In-game Sensitivity
Windows Sensitivity
Raw Input  
Refresh Rate
Hardware Peripherals
1 ⋅⋅ 27 28 29 30 31 32 33 ⋅⋅ 49
#16 PSA: Hacker collecting TF2 player IPs in TF2 General Discussion
DoctorMiggyUh, question, why would you give out raw logs? parses IP info from their log files why doesn't serveme do the same? That is a huge security issue because, even if you get the log files the proper way you still have IP info from the other players. That's a nasty privacy problem IMO.

Because "rcon status" already gives whoever made the server the power to get the IPs of all connected players, this is true for any server you play on.
Giving everyone playing in the reservation the logs just leveled the playing field.

DangerKidWhy don't US servers have this option, or anywhere else? What is the difference in technology between Bisou and the rest, and what are the downsides to using this feature?

The US servers have protection through NFOservers standard anti-DDoS protection.

All my French servers are hosted by OVH, which is one of the few EU hosters to offer cheap (free) anti-DDoS on all their servers. However, by default, on their budget and standard range servers, the DDoS protection is off until an attack is detected, this can take 2 minutes. BeretBrigade and FromageBrigade are in their budget/standard range.
BisouBrigade is one of their gameserver-optimized dedicated servers. It comes with a different kind of anti-DDoS that's always active and also allows you to configure an upstream firewall, so you can prevent most DDoS traffic from ever even reaching your server. It just gets filtered by OVH's upstream routers which they boast can handle up to tens or hundres of gigabits per second.

This same anti-DDoS type by OVH is also what's keeping TF2Center running atm. Cloudflare protects their website, but OVH's anti-DDoS protects their Mumble, websocket server and log listener ports from 300k packets/sec attacks.

posted about 8 years ago
#13 PSA: Hacker collecting TF2 player IPs in TF2 General Discussion
kosHow can I change my ip address? and wouldn't playing through a vpn make you lag? or at least increase your ping? Basically how can I as a player prevent myself from getting ddos'd.

Also what is preventing people from ddosing the servers that we're playing on? If I remember right only one of the server providers under serveme has ddos protection.

Depends on your ISP. For mine, I can power off the modem, change my router's MAC address and power on the modem again to get a new IP.
For some just power cycling the modem can be enough, or leaving the modem off for 30 minutes before turning it on again might work.

A VPN can increase your ping yes, it can also lower your ping if your VPN has better routing to the gameserver interestingly. If you pick a VPN on the route to the gameserver, or very close by the gameserfver, it can be very competitive ping-wise.

The French servers on offer some DDoS protection. BeretBrigade and FromageBrigade have protection that can take a minute or two to kick in (during which you'd already be disconnected from the gameserver due to a timeout). BisouBrigade is the only one with DDoS protection that's always active and that actually seems to work.

posted about 8 years ago
#1 PSA: Hacker collecting TF2 player IPs in TF2 General Discussion

tl;dr if you're playing in a casted match make sure you use a fresh IP and keep it hidden as best as you can, because someone has been collecting IPs for as many TF2 players as he could

First of all, the word "hacker" from the title could mean a person using technology in some clever way (with no evil in mind), or it could be the media's definition of the word, meaning a computer criminal.
I don't know for sure the intent of this person, so I'll leave open what kind of hacker we're dealing with here.

Late last night I found out that someone has been downloading the zipfiles for all and reservations for the past 5 weeks. These zip files contain two things, the STV demos and the server logs files. Server log files contain the connect info of a player (IP).
Normally these zip files are only accessible for people playing in the reservation, the link to download them is not given out to other people. There is no login-restriction on the download though, so you could share the link to the zip file with a friend for example.

Now the hacker wrote a bot to scrape the's new reservation form (to get a list of servers) and the recent reservations page. By combining the information the bot could construct the zip file URLs of the recent reservations and schedule a download at the expected end time of a reservation.
All of this became apparent by looking at my webserver logs. Automated visits to the reservation page every 10m, the subsequent downloads of all the zips. But I also noticed a few HTTP referrers in the download of some zip files. This is the origin site of an incoming link to your site, meaning the hacker had a site where he sometimes would click on a zip URL hosted on

Using this HTTP referrer, I was able to find one of the control pages for the bot and made this screenshot:

As you can see, it's quite a fancy tool, and this is just one PHP page, there might be more. Now I can certainly commend someone for building something like this, however that screenshot has 2 scary parts that make me think that STV demos might not be the reason for this tool to exist.
There's a "x connection sequences processed" message, underneath a table that has a column "IP address" and "MySQL". This means that this tool would search through the logfiles of downloaded zips and enter all found players, their names, steam ID and IP in a database so it can be easily queried.

In my search for this person I found some interesting things about the hacker:
- A couple of older alt accounts, ending their activity when a new account would start getting used
- Ton of played games on TF2Center, with a lot of ban requests filed for hacking. No hard proof, just some really good stats
- UGC team
- A number of home IP addresses
- Recently donated to, with a fake name and address

I've contacted this person and he insists he's just downloading these files for the STVs, but interestingly the VPS hosting the site and bot has been taken offline.

Now this is all could be coincidental, but recently we've also seen an uptick in DDoSes directed at the TF2 community. Most recently the DDoSing of TF2Center (server got DDoSed), and the froyo vs street hoops match (players getting DDoSed). Especially in the last case a database of players and their IPs would be very useful.

Which leads me to the following actions and recommendations:

- If you're in a casted match, make sure your IP is secret
- will start removing IPs from logs (like does)
- will add a random component to the ZIP URLs so someone can't just start guessing them all

I've asked the person responsible to reply in this thread.

posted about 8 years ago
#15 Server Provider Suggestions in Off Topic
-proto... let alone the fact that texas is a terrible location to host a server

Why is texas a horrible location to host?

posted about 8 years ago
#10 Server Provider Suggestions in Off Topic
aieraHow is a private from serveme better than getting a Frankfurt 18 slot + Mumble for under 13.50 euros

Being able to switch locations instantly if you or your opponent pings badly to the server. That's coolest thing in my opinion. A lot of people using also say it's easier than renting and configuring a server yourself.

In Europe you can get away with just getting premium, since there are so many servers available, so that would be significantly cheaper at 5 euros per 3 months.

In NA I don't have as many servers (and they're all tragicservers already anyway :) ), so premium might not guarantee you a server, but if you can live with that (just book a server 1h in advance) it would be cheaper than renting a private server. Just like in EU you can always pick the best location for your game.

posted about 8 years ago
#4 Finding STV Demos in TF2 General Discussion

I've considered making all STV demos public, but haven't for two reasons:
- The zip containing the demo also contains the server log files, these contain all the player IPs as well. So I would have to take out these logs or filter the IPs from them like does.
- Teams might not appreciate all their STVs being public.

posted about 8 years ago
#275 in Projects

I like how TF2Stadium's integration is free, instead of TF2Center's which requires a €5/month payment.

Hopefully people will spend those €5 on 3 months of premium, instead of 1 month of TF2Center donator perks, cuz I got bills bills bills xD

posted about 8 years ago
#254 Giving out matchmaking passes in TF2 General Discussion

jota, asfq, Yuni, HellHound, enjoy matchmaking <3

posted about 8 years ago
#19 pl_badwater_pro_v in Map Discussion

Possibly just started happening due to a TF2 update, because I don't remember this being a problem all the time.

posted about 8 years ago
#13 The Spire - new TF2 news/coverage website in Projects

Any site that puts actual articles on the front page instead of a cup from Jan 31 has my support.

posted about 8 years ago
#5 - free server reservations in CS2 General Discussion
fr3fou128 tick?


posted about 8 years ago
#3 - free server reservations in CS2 General Discussion
ShooshHave you posted this on some sort of CSGO forum too? I'm sure some people would use it here but it'll get a lot more use if the CSGO community knew about it

Trying to start slow, because I need to figure out server performance and settings first. So not doing a big public launch yet.

posted about 8 years ago
#1 - free server reservations in CS2 General Discussion

I'm preparing to launch a for CS:GO. Starting in the EU with servers in France, the Netherlands and Germany, followed shortly by NA with servers in Dallas, Chicago and Denver.

Haven't though of a proper domain name yet, so it's for now ;)

The EU version is up and ready to go, the NA version should be available later in March. So give it a try and let me know what's missing in terms of maps, configs, plugins, or w/e.

posted about 8 years ago
#4 Custom Stats Retrieval? Mods/Plugins that do this? in Customization
SizzlingCalamariSizzlingStats doesn't parse log lines/files, it reads data directly from game memory. For non scoreboard stats, it does custom game event handling and tracks the stats manually. At the end of tournament rounds, the stats are formatted and shipped off to the web server.

Oh wut....I though this was a dead giveaway:

Guess I was wrong :)

posted about 9 years ago
#2 Custom Stats Retrieval? Mods/Plugins that do this? in Customization

Sizzling and work on log lines. Sizzling works on streaming logs (every log line gets sent to sizzling when it happens), while parses log files uploaded to the service.
Some log lines are built-in by default to the TF2 server, others are added by plugins (heals, damage, accuracy, airshots).

If you want accuracy stats and damage per shot, this is what you need:

- A plugin that supports accuracy logs, e.g.: TFTrue with tftrue_logs_accuracy 1.
- A server with this plugin loaded and setting enabled.
- Either you get the logs from the server after your match and process it. Or you build a log listener program that can receive streaming logfiles (through the logaddress_add command) and you could do it live.

posted about 9 years ago
1 ⋅⋅ 27 28 29 30 31 32 33 ⋅⋅ 49