Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[WTF] backwards responsible for recent DoS attacks
(Feb 07 2015, 11:35 PM)KuYa Wrote:
(Feb 07 2015, 11:03 PM)Riser Wrote: hahaha.. one of his alts got VAC'd.

like youre one to talk  Dodgy

pfft at least i dont go around ddosing people and fuq u boi
Those assclowns killed CSS for me. Now I play on russian servers with just as angry ruplayers.
(Feb 08 2015, 12:17 AM)Riser Wrote:
(Feb 07 2015, 11:35 PM)KuYa Wrote:
(Feb 07 2015, 11:03 PM)Riser Wrote: hahaha.. one of his alts got VAC'd.

like youre one to talk  Dodgy

pfft at least i dont go around ddosing people and fuq u boi

LMFAO you mad riser?

and no, i fuq'd yo sista
Actually to clear things up I payed backwards to create this bot and IOn Savage they have nothing to do with any of the attacks, as I recall of y'all sm plugins to look at what plugins they use on there server and to copy there server to use on you're server is pathetic, I can actually give y'all something You're nothing but skids just like hoecommunity. Just change plugins around lol... The server that the attacks came from was my server I let him use my server to do his plugins on because I don't need anything to do with the server but use it to take down servers with. but see the good thing is backwards is a amazing coder too bad y'all can't sm plugins and get the real plugins that he made lol. I am held responsible for the attacks of you're servers so stop trying to give credit to the person that didn't do shit thanks.

For proof heres a youtube video i made https://www.youtube.com/watch?v=iUnF_2KPabc
Not sure if trolling or not. Our Pop Maps server is much older than WT-F's, so I'm not sure how you're getting that we stole WT-F's plugins.
Backwards didn't have anything to do with the attacks, and I'm King Richard III. Simply googling around for "Backwards Dev" gets you info about cheats and possible attacks on servers. Not to mention all those alternate accounts I spotted of him, several of which are VAC'd. And I'd like to point out that a lot of those accounts had Vane on the friendslist, owner of WTF. People can draw their own conclusions. Anyone who isn't completely ass backwards (wait what) can see by now they're full of shit.

But I'm sure WTF people will have a bunch of explanations for those things. Enjoy your dying server.

Btw: stop making accounts on wL backwards. You're gonna flood the server. Dodgy
(Feb 09 2015, 04:55 AM)YoungTriggerBot Wrote: I recall of y'all sm plugins to look at what plugins they use on there server and to copy there server to use on you're server is pathetic
That's a silly accusation. A good deal of the plugins running on my server were written from scratch. The rest were heavily modified. The server even predates WT-F a great deal, so I don't know what gave you that idea.

(Feb 09 2015, 04:55 AM)YoungTriggerBot Wrote: backwards is a amazing coder too bad y'all can't sm plugins and get the real plugins that he made lol.
First off, I really doubt backwards or his plugins are all that "amazing". Any programmer worth a damn can code up pretty much anything. Secondly, I would be surprised if backwards has more experience in SourcePawn. I have released and/or contributed to many public and very popular sm plugins over the years. I'm fairly well known on my other aliases. There is no doubt in my mind that WT-F, along with thousands of other communities, are benefiting from my work. If I ever find an interesting idea that's not already available, I'm more than capable of writing an extension or plugin to implement it. The only constraint for me is time and interest.
Steam Wrote: 4:02 PM - George, of the jungle: was out
4:02 PM - George, of the jungle: bison, dude
4:02 PM - Brawl Bashin’ Bison: ???
4:02 PM - George, of the jungle: you're very rude towards alina
4:02 PM - George, of the jungle: how about unbanning her friend?
4:02 PM - George, of the jungle: I mean
4:02 PM - George, of the jungle: it's only gamebanana skins
4:02 PM - Brawl Bashin’ Bison: LOL
4:02 PM - George, of the jungle: ^^
4:02 PM - Brawl Bashin’ Bison: LOLOL
4:02 PM - George, of the jungle: lol
(Jan 28 2015, 09:18 PM)M. Bison Wrote: Some members of the WT-F community are targeting our servers. A few attacks were directly linked to them.

One of the attackers, [WTF] backwards [DEV], made no effort to hide the source of the attack nor his involvement. He sent unspoofed attack traffic from his test server, 199.116.118.27 [IMG], and did so immediately after connecting in-game.


Here is part of a TCPDump showing the attack traffic in question:

19:21:56.397878 IP (tos 0x28, ttl 117, id 23619, offset 0, flags [DF], proto UDP (17), length 38)
   199.116.118.27.59718 > 74.91.113.123.27015: [udp sum ok] UDP, length 10
       0x0000:  4528 0026 5c43 4000 7511 aff5 c774 761b  E(.&\[email protected].
       0x0010:  4a5b 717b e946 6987 0012 92e5 fdff ffff  J[q{.Fi.........
       0x0020:  4c5a 5353 8302                           LZSS..
19:21:56.397881 IP (tos 0x28, ttl 117, id 23620, offset 0, flags [DF], proto UDP (17), length 34)
   199.116.118.27.59718 > 74.91.113.123.27015: [udp sum ok] UDP, length 6
       0x0000:  4528 0022 5c44 4000 7511 aff8 c774 761b  E(."\[email protected].
       0x0010:  4a5b 717b e946 6987 000e 4888 ffff ffff  J[q{.Fi...H.....
       0x0020:  6b15                                     k.
19:21:56.397883 IP (tos 0x28, ttl 117, id 23621, offset 0, flags [DF], proto UDP (17), length 34)
   199.116.118.27.59718 > 74.91.113.123.27015: [udp sum ok] UDP, length 6
       0x0000:  4528 0022 5c45 4000 7511 aff7 c774 761b  E(."\[email protected].
       0x0010:  4a5b 717b e946 6987 000e 4888 ffff ffff  J[q{.Fi...H.....
       0x0020:  6b15                                     k.

Accounts:
STEAM_0:0:16583896 [main acc]
STEAM_0:0:16229287 [vac'd]
STEAM_0:0:17462301 [offering DOS services]

more proof:


  1. detailed series of events
  2. suspicious pattern
  3. busted!!
  4. third alt acct found, check aliases
  5. history on his main account

This thread is very misinforming and I'm disappointed that I have to come to this forum and post a reply to straighten things out. There's thousands of people in this community that hate me and target me because of this thread. The server you claimed I launched an attack on you from (199.116.118.27) is not my server. I did not purchase the server and I do not have access to it. However I do know who owns it, it's a customer of mine. I do not own a server of any kind of have access to one other then WTFs. The reason the server has my name in it is because I gave the guy my test srcds server i run on my computer since he liked my mods. This included the CFG folders with server.cfg and my default hostname. I have not worked on my custom mods for it since 2012. I only host the local server to develop the WTF AntiCheat software and test inside a controlled environment (my srcds on my computer, not the one the one posted in this topic). After I got out of the hospital I heard the story about the kill4 community coming to our server and posting the ip address to kill4. When i was in teamspeak with my customer and told him the story as I saw it on my friends list, I joined it. I explained to him the situation and wanted to see what the pub was like since it had our regulars in it. 30 seconds after joining the server started to lag and I told him in teamspeak and he said he knew because he launched an attack. He said he only did it for 30 minutes tho and couldn't stop it when i told him to stop because i wanted to play in the server. I did not upload any dos mods to his server, he already has his own stuff on his server. As far as i know that was the only event and ever since then I was blamed for it since i joined the server and he did it without even asking me about it. I told him to stop and he did after it timed out. shortly after the WTF server started getting ddos'd from a spoofed attack that sends randomized legit client data to the source engine server and is able to bypass the firewall with a very low bandwidth attacks. It's almost impossible to block without restricting access to legit users the majority of the time. I understand that the WL servers were getting attacked at the same time from this same attack (I saw in the shoutbox players could connect using the IP and not see it from the source query). Since both of our servers are getting attacked in the same way I don't understand why i'd be blamed for this. Why would I attack my own community server? I'm 100% positive the same person is attacking the WL community and the WTF community. I do not know if the WL community is still being attacked or if it's just us, but if its just us then that's the reason I came here mainly. Someone from this community is targeting our servers based off of this thread and also myself. Someone doing the same attack linked it to public profiles i was borrowing and would take down every server I joined every 3 minutes with the same attack. Including servers like GFL or KSF. If i was really the person behind these attacks I would of just used the steamapi and claimed i was in the WL servers so they would attack WL. But I didn't do this, because I'm not the attacker; nor do I have interest in harming he WL community. I saw this thread a week ago but ignored it and thought it was funny to be blamed for something like this. However when people setup bots on accounts I don't even own to try to mess with and target me, then it has gone too far. You supply a lot of circumstantial evidence but its not as clear as you think it is.

The 2 extra accounts and SDOS bot:
The SDOS bot and Vac banned account are not mine, i was on the vac banned account before it was banned tho. As George points out in a picture, I did in fact make the "SDOS BOT", 4 years ago. I only programmed it as a project to mess with the steamapi. It has lots of features on it not all relating to DDOSing people, that was added later on a request from people i used to sell legit services too from the bot. The bot was originally setup to just reply using cleverbot which i released the source code to and public a few years ago. I sold this bot to a guy named YoungTriggerBot (the guy i was in TeamSpeak with and the guy that attacked the server for 30 minutes). I was on that account to setup the bot permissions for him, he decided to sell services for it and market it as a DDOS bot. It's an account he cheats on so that's why it got vac banned. I also logged into that account to monitor inside our server for a few minutes and that's why George spotted it and decided to post info about it here. I do own many accounts tho, and some are vac banned from me making projects in the past, not all cheat related but a lot are. I'm not worried about trying to hide that the account was mine because it was vacced or something, no i don't care about that. I have many accounts and a lot are vacced like i said before. I setup the bot and that was it, I don't have access to it anymore. Young owns his own server he attacks from and its not a spoofable server, and the attack type was an old exploit I found and tested on my own server only (years ago). This can't be the source of the attacks because I've monitored the packets from the attack on our server and they are in no way related to my exploit.

History of my account:
The three posts you linked to are all wrong. The first one was a joke in the titanclan server, I play there all the time and the server was getting ddos'd so i just typed that in chat.

The second post isn't true, he just said possible attacker without any evidence. The thing after that said multi-hack, I've never cheated on this account before. I have other accounts I can cheat on.

Third post on esea. Yes I did mass player connect messages to all ESEA servers with players in the server. This didn't lag the server at all tho, it was controlled at 5 packets per second. This was another exploit i found and used on the esea servers to get someone that was being offensive and rude in-game banned from esea. I would use the esea username of the person and mass connect to all sessions, everyone in-game would "-Karma Player name", because they thought it was that person spamming. The target would be banned from all pugs and have extremely low karma. They can't join pugs where 2 people blocked them, and only can join pugs where 1 person blocked them if it was the last slot 9/10, at the time. That person's account never was used again.


Just because you have the resources to do things doesn't mean you are responsible. I have the resources to make any kind of hack i'd like and cheat in-games 24/7, but I don't. I have the resources to destroy servers in many many ways thru various exploits I've found. but i don't. I do it for research purposes.

"I would be surprised if backwards has more experience in SourcePawn."

I don't know sourcepawn very well bison, I program all my mods in c/c++ and reverse the game's asm to find everything I need without depending on a slow scripting language that limits you in many ways. I did not write the sourcemod plugins on the WTF server. Only the anti-cheat and a few other mini feature plugins.

to the attackers:
Attacking the WTF server won't effect me in any way if you are targeting me or believe i am responsible for the attacks on WL.(I don't even play in the servers)

to Bison:
I would like to work with you to stop the attacks on both of our communitys, I have written a plugin that should stop the burst attacks of any type without impacting the current players in the server. There are some setbacks but i'll discuss them with you later if you choose to work with me and WTF. I'm doing this to show that I have no interest in harming your servers and would be happy if all the attacks stopped for both of our communitys.
Dem blackmailing has come to the point where the innocent gets hardly blamed.
Just Go With IT. √

 Why are you even looking here? scroll down if you can.
So, what did I miss?
[Image: 191457_101.png]

Users browsing this thread: 4 Guest(s)