Hacking and StarCraft

The same player has attempted to DDoS me about 40 mins ago. One of his accomplices seems to be working on a list of players ip addresses as well.
imgurDOTcom/bv7NSmb

1 Like

Yup he DDOSed my game too. He is a rager who does this whenever he gets mad. @GrantDavies

1 Like

The issue has spread to more people who are now thinking he is apart of our community (Sniper Community and Sniper Rpgers) which we have nothing to do with him. old.redditDOTcom/r/broodwar/comments/cdql2q/psa_do_not_play_games_with_redhotmoon_or_the/

My forum post on here about RHM was deleted becuase QuirkyTurtle #192253 reported it. Hopefully that isn’t the extent of Blizzard’s response to this situation. I would investigate QuirkyTurtle as well, given this fact.

Hello Grant Davies,

I too was a victim of this credit card warrior raging then spending money to DDOS me. I have screen shots with him Caps lock saying " IINTERNET " and “DDOSED” as he got me as well. He has been attacking me since and he should be dealt with. I have traces, logs of IPs that attacked me. Did a lookup on them and they seem to be coming from Poland/Netherlands and generally that area.

Again, I have a screen shot of my encounter with him and he really needs to be banned. It shocking to me that he still has his account active after hitting so many people to warrant a reddit thread about him and a post on the forums.

It’s your game and your servers, set yourself up to be a victim and solve it from there. Stop pussyfooting and make things happen!

1 Like

https://us.forums.blizzard.com/en/starcraft/t/maphacker-pls-ban-and-more-actions-against-him/456/2

Some guy was complaining that this was on custom map …
But what is the difference?
Hacking is hacking …
THis map should have been 1.3 python and not Maphacker inviting noobs to frustrate them to hell …
IF Blizzard cares about this game this guy should be banned …
Not only did he hacked, and gave false information hosting this map… He also showed toxic behaviour and stole precious time from his victim…
This kind of behaviour should not get supported, i dont care if on the ladder or in custom games … This is cheating, that easy it is …
And for the people who say i shouldnt complain, pls think before saying stupid things out loud …

THanks for your time

1 Like

Yes, they do
Here is an example
https://us.forums.blizzard.com/en/starcraft/t/maphacker-pls-ban-and-more-actions-against-him/456/2

Your quote points to
https://us.forums.blizzard.com/en/starcraft/t/maphacker-pls-ban-and-more-actions-against-him/456/2
That thread gives me a 404 error.

THey removed it … Apparently
" Your post was flagged as inappropriate : the community thinks it is offensive, abusive, or a violation of our code of conduct."
IT seems reporting Cheaters is bad … Or whatever …
Because it is Custom games or whatever …

anyway here you have the link to the evidence …

I hope you learned not to play on UMS for melee.

3 Likes

XDD, well yes seems bad …

I have also been hacked by a player not trying to hide it and announcing it every time. His handle is “moon-rf-” aka “Redhotmoon”. He is able to log me out and DDOS me without being in the lobby or game. It also resulted in corrupting the map I was playing at the time (Who’s the killer space edition 2.7). I tried deleting all artifacts/maps with the killer name in it, including dozens of maps auto-saved to the replay folder.

Now when I join someone hosting that map, the download dialog appears but there’s no DL counter, then I enter the lobby and I don’t see the preview. If I check my SC download folder, the map is there. If game starts, I’m logged out and receive an error message “Invalid scenario”. I also had a friend email me the map but it makes no difference. What this is telling me is that he’s inserted some malicious script that remains in my SC installation and this is very disturbing.

What it does is completely block my internet access for a while. It seems to mess up my wifi router and things only clear up when the router resets after about 5 minutes.

I hope SC staff starts to take this stuff seriously!

Also, the person goes by “redhotmoon” and has been doing the same thing to many people. My antivirus captured the IP addresses he was using and this: Category: Firewall - Network and Connections Date & Time,Risk,Activity,Status,Recommended Action,Category 8/27/2019 10:53:47 PM,Info,IP address has disappeared from adapter Intel® Wireless-AC 9462 (IP address: fe80::6d0f:311b:891b:abf9%22).,Detected,No Action Required,Firewall - Network and Connections IP address has disappeared from adapter Intel® Wireless-AC 9462 (IP address: fe80::6d0f:311b:891b:abf9%22). Category: Firewall - Network and Connections Date & Time,Risk,Activity,Status,Recommended Action,Category 8/27/2019 10:03:40 PM,Info,IP address has disappeared from adapter Intel® Wireless-AC 9462 (IP address: 192.168.1.129).,Detected,No Action Required,Firewall - Network and Connections IP address has disappeared from adapter Intel® Wireless-AC 9462 (IP address: 192.168.1.129). Category: Firewall - Network and Connections Date & Time,Risk,Activity,Status,Recommended Action,Category 8/27/2019 10:04:49 PM,Info,“Protecting your connection to a newly detected network on adapter “Intel® Wireless-AC 9462” (IP address: 192.168.1.214).”,Detected,No Action Required,Firewall - Network and Connections Protecting your connection to a newly detected network on adapter “Intel® Wireless-AC 9462” (IP address: 192.168.1.214). Category: Firewall - Network and Connections Date & Time,Risk,Activity,Status,Recommended Action,Category 8/27/2019 10:11:18 PM,Info,IP address has disappeared from adapter Intel® Wireless-AC 9462 (IP address: 2600:1700:d480:76f0:e82c:4846:50a:ee84).,Detected,No Action Required,Firewall - Network and Connections IP address has disappeared from adapter Intel® Wireless-AC 9462 (IP address: 2600:1700:d480:76f0:e82c:4846:50a:ee84).

UPDATE: I created a web ticket to address this issue and Blizzard responded. Rather than see me reporting a huge security hole and liability issue as a favor and investigating, they claimed what I reported is not possible and blamed me using 3rd party software (like Skype to chat) - which I was not using. I was not using any 3rd party software and in fact no other programs were open, nor have I ever used any 3rd party software in relation to SC.

I am sorely disappointed in Blizzard’s failure to admit there is a problem and blaming it on the customer. I still have hope they will change their denial attitude and take this seriously. If they do not, then I will possibly file a class-action lawsuit to get their attention (please contact me if you might wish to join this).

@PsYChiC: Thanks, great advice, but I shouldn’t have to pay for a VPN and the free ones slow down the game too much. PS - the map issue has nothing to do with the latest update. I played that map for many days subsequent to the last update with no issues. Apparently, whatever script this hacker is running also corrupts the map you’re in when they execute the script. The same thing happened to timmeh503 who posted above and was also hacked by the same guy. Also, I can’t even play that map anymore - it downloads when I join but is still corrupt, while the other players go on to play the map just fine.

Not exactly hacking, but there is a user just screaming for ban: Eby_Ty3uk . He has offensive name, he is incredibly productive spamming public chats offending everyone, he spams offensively during the game as well. Seems like being toxic is the only thing he is good at. I am sure he was reported, why the hell he is still not banned from the server???

1 Like

I created a web ticket also… talked to an admin about that. The so called admin said it is not possible. First- That comment “that is not possible” is quiet an insult. I want to state that IT IS POSSIBLE to get your IP address since StarCraft Brood War is a P2P game ! Please Blizzard don’t insult us ! We are not stupid. These people that ddos other players use an IP SNIFFER to get the IP addresses. There was a program called WLauncher that had the ability to capture ip addresses of those who came into a game lobby (it showed the ip addresses with the screen names associated with it) – and it gave the host the option of either ip ban players who trolled or team killed - because some players just change their screen name to rejoin the lobby to troll again.

So when an administrator said that it’s not possible- they are flat out lying to our faces. As long as StarCraft 1 is a p2p network – ppl can always can find your ip address.

The question now is : What will Blizzard do? The answer is simple… Nothing. This topic falls on deaf ears. Even with evidences provided to them – these people working at Blizzards just don’t care. The game is free — they don’t make money from fixing the situation. Some of us bought remastered pack as well as the carbot skin because we want to support Blizzard - we want blizzard to be able to keep their server running so we can keep playing the games we always wanted to play. This is an insult to the players and bad business practices ( Blizzard is basically a swindler), for Blizzard to shove us in the corner and ignore us when we are basically telling them “Hey! Take our MONEY!!! Keep the server running and fix issues like hacking , ddosing, and map crashing.”

I like playing with you Amapapo :slight_smile: To quote how I feel about Blizzard — the best way to describe blizzard is from a quote from MacBeth Act 5 Scene 5 – " [ Blizzard is ] a poor player, that struts and frets his hour upon the stage, and then is heard no more [When the game fail because no body plays it anymore] : it is a tale told by an idiot, full of sound and fury [Advertising remastered and carbot skin to improve playing experiences] , signifying nothing [ When Blizzard doesn’t even care about the players that invested their hard earned money into blizzard . Blizzard is a used car salesman, he boast about all the bells and whistles on the game to only to leave you with a bitter aftertaste because you ended up with a lemon instead."

:rage::rage::rage::rage::rage::disappointed::disappointed::disappointed::disappointed::frowning_face::frowning_face::frowning_face::frowning_face:

1 Like

Thank you sir!
FYI, I have started a separate thread specifically for the problem of sniffing IP addresses and DDOS attacks, here:

Hey folks,

Regarding the DOS/DDOS attacks, we have taken action on the perpetrator based on the evidence provided, so thank you for that.

It sounds like the attacks are happening outside of Blizzard’s domain. Ultimately, there is nothing we can do to prevent a DOS (or DDOS) attack which occurs outside of the Blizzard infrastructure.

However, here are some suggestions to try as preventative action:

  • Alert your ISP to the attack, providing as much data as you can. The penalties for DOS attacks are severe these days (even for threatening an attack) and your ISP will likely take this seriously, especially if you have IP addresses and timestamps of the attack. On top of following up with law enforcement, they may be able to provide additional protections on their side.
  • If it’s a DOS attack rather than a DDOS attack, you should be able to configure your router to block all traffic from the IP address. It’s unlikely to be a true DDOS, as these are expensive and non-trivial to coordinate. It’s unlikely to be more than a handful of offending IP addresses that you/your ISP could block.
  • As previously suggested, disable "prefer port 6112" in the SCR options, and ensure your router is not forwarding port 6112. By default, your router should not be permitting random traffic to any port to reach your network. If you have manually forwarded port 6112 or other ports on your router, these are potential vulnerabilities.
  • If you have a dynamic IP address, re-lease your IP address to try to get a different one.
  • As has already been suggested in this thread, using a VPN will allow you to easily cycle through various IP addresses. The VPN provider may also be able to filter out traffic from the offending IP address.
5 Likes

As many have stated above, there is a group of dos attackers in clan -rf-.
Anyone in clan -rf- should just be looked at for the communities sake. The Xu-rf- player in particular has dos attacked me over and over again and I’ve spent maybe 50 hours attempting to connect my internet instead of enjoying my night because of him. He also goes by “Frux”. There needs to be an ip ban mechanism for these people, or starcraft will eventually cease to exist again just like it did in early 2017 before the remaster, hackers and abusers killed it slowly then and it will happen again unless action is taken.

2 Likes