As much as it seems hypocritical from me, I love StarCraft, and I hate all the hacking that destroys every game for extended periods of time. That is why I've managed to tinker enough to figure out how to prevent getting hacked by all the losers.

You need either Windows Firewall and add some Inbound Rules to it, or a slightly more sophisticated and more verbose solution called Peerblock.
Using PeerBlock, you can specify IP addresses in a list and assign them an alias, and completely block all packets incoming from that specific IP address.

Currently I'm running Peerblock with the following entries:

IPREAP:205.204.82.68-205.204.82.68
GENOCIDER1:174.95.231.153-174.95.231.153
GENOCIDER2:72.89.93.126-72.89.93.126
GAMECRAWLER:158.255.213.147-158.255.213.147


So you could ask, but Genocider doesn't actually join your game (same for IPREAP and GameCrawler - they don't send aStat packets, as in they don't let you know about the fact that they joined your game), so how will you learn these IP addresses?

There is no more bruteforcier method than using Wireshark to determine the IPs that connect to you through StarCraft just before having your game renamed, but that is exactly what I did.
I opened up Wireshark, captured a few packets when I started hosting up to the point where my game name changed, added all of the IPs to the peerblock list, and the ones that periodically punch at you every time you host for 10-15 minutes, those are the automated hack systems and the genociders.
It might be slightly tedious, but it works!

I hope I somewhat helped against all the "FRUX REUNITED" and "CLAN SJ OWNS ALL" and other nonsensical game renames that are there just to troll everyone.

temping to take those ip addresses, make a program to flood them, and install the program on several computers around the university =D

// from wdetector dev's homepage
SC room name < 23byte (by default)
+ Super incredible long room name (180byte packet instead of 8byte ping?)
-> Buffer overflow. "Frux > You" everywhere.
(Everyone who seen the Fruxed room in game lobby/room list( maybe both? ) will have their room Fruxed;)

Solution : block room name containing Frux / Fix SC code yourself.
(He insisted he fixed it in wDetector 3.17.)

Please note that the 205.204 one is a VPN provider.

The one I named "genocider2" is perfectly fine....


Buffer overflow seems likely. However, I don't think it is necessary to look at the game list to be detected, as even the public game-destroyer hack sweeps through all games automatically.
Blocking the malicious packet with Peerblock works for sure, though. Knowing that I should have looked at the packet sizes to determine the hacker will make it much much easier with Wireshark now.

Post has been edited 1 time(s), last time on Dec 7 2013, 5:58 am by Zhuinden.

I haven't seen Frux in a long time, did he come back or something? Haven't played SC in a few weeks.

He did for like 5 hours, although it's not Frux, it's Zeratul, according to someone who can't be trusted in a legitimate manner, so who knows.


Anyways, the problem is the gamecrawlers. They're changing their IP each day.
158.255.213.147 Clinger-maliciousBot
174.95.231.153 GameCrawler-maliciousbot
174.95.112.127 GameCrawler-maliciousbot2
70.55.68.4 GameCrawler-maliciousbot3
174.95.233.82 GameCrawler-maliciousbot4

and it's the same type of bot, but the IPs are different.

Post has been edited 1 time(s), last time on Dec 12 2013, 5:45 pm by Zhuinden.

IP-Range ban?
Yes, you could ban some legit users if they are using the same ISP / proxy, but I find it fairly unlikely that "normal" users coincide to use the same ISP / proxy hackers use.
And even if they are the IPs of a major ISP the chances are still relatively low that whoever's trying to connect to you has the same ISP.
Worth not getting crashed any day in my book.

It's interesting, because the 205.204.82.68 (also called IPREAP) has not changed in 3 months, but the Gamecrawler does - that 70.etc IP is particularly interesting, because that is definitely a proxy. I still am eager to see the complete range of it, although according to my IP logs, there were other people from that area, so the 174.xyz is not actually a proxy, it's just someone with a dynamic IP.

Fun fact, sometimes when you join a game, the IP-based blacklist hack detects their IP, which means you can peerblock them like that. On a sidenote, if you manually blacklist them in your banlist.txt and use /reloadlist, then if you turn /autoban off then on, then it can be kicked. In the other thread, I posted wDetector 3.24 bundled in Mca64Launcher, which can see every joiner of your game even if they did not send an astat packet.

Post has been edited 1 time(s), last time on Dec 13 2013, 1:05 pm by Zhuinden.

Umm, sorry to ask that, but what's this renamed game stuff ?