• L4D2: How to force Valve to patch a dead game in under 5 days
    25 replies, posted
Valve Time is a myth if you simply complain a lot. A whole freaking lot. To anyone who still plays a game that's been drenched with the scent of skunk carcass ever since Valve's collective abandonment off the heels of leaving it to the Workshop and Modding Communities to sort it out... its just been updated: Left 4 Dead 2 - Update March 27, 2019 - L4D Team An update has been released for Left 4 Dead 2. - Fixed a spectate command exploit that caused servers to hang. - Fixed lobby chat messages not appearing on Linux. Left 4 Dead Blog It all started when a friend randomly made public a 3 year old Steam Guide about how to crash servers. Seeing as the exploit is corrected, there's no harm in explaining how it worked: spec_goto: How to instantly crash any L4D2 server (and how Admins can patch it) In short, this minimum command executed in free-roaming spectate would cause a buffer overflow instantly crashing any server, ranging from Official Dedicated to competitive: spec_goto 0 0 274877923328.1 0 0 This exploit has existed 10 years (since L4D1), where spectating outside of maps only minor distances would cause servers to lag -- other games have been affected, notably CS:S which had plugin fixes for it as of 2 years ago. Community-wise, there were 2 exceptionally notable things about this exploit: It could crash any server through gameplay with the perpetrator remaining 100% anonymous with zero server-side evidence (like through Google Breakpad) Valve's HackerOne explicitly calls Denial of Service out-of-scope so it could only best get attention by voluminous Steam Support tickets In contrast, widely-known L4D2 crashes and exploits like pistol duping or team-switch invulnerability are ignored by Valve as trolls are exceptionally obvious enough to simply be kicked. The only extent of censorship of this guide from Valve was its removal from the Guides Hub so it could only be directly linked. The guide had the ambiguous intent of both existing to make third-party server Admins aware of the vulnerability (competitive servers had it patched the same-day), and ensuring that it was massively exploited in order to ensure it got Valve attention -- harking back to L4D1's final days where a command "outro_stats_done" would instantly score the round and end the game, which was similarly short-lived once made public and widely abused. It didn't take long for this exploit to be widely shared: some those who simply wanted to grief, or intent on amassing as much awareness as possible to get Valve's attention. Others vowing to shut down infamous Lewd4Dead servers whose sole intent are to squat malicious MOTD script and ads: https://old.reddit.com/r/l4d2/comments/b4uzz8/lewd4dead_and_hentai_rape_servers_are_complete/ It was widely reported to Steam Support: https://i.imgur.com/nMee9mL.png There was no shortage of outcry on the Steam Forums either: Getting banned on Lewd4Dead servers. https://steamcommunity.com/app/550/discussions/0/1850323802581269285/ Please upvote this and let Valve know that ignoring the server crash exploit is not okay. https://steamcommunity.com/app/550/discussions/0/1850323802588908789/ And Valve actually did something. And it took a small portion of a week. Valve Time == myth?
This is very out of the ordinary of Sensationalist Headlines but it was a good read, well done.
I'm starting to think Valve Time is just a mix of poor judgement and management along with a touch of laziness that came along with complacence.
Valve Time has died a long time ago along when old Valve died. Nowadays it can be summarized as "It will be done when someone will be interested enough to actually make it from start to finish. Good luck finding such people."
I still dont know if that exploit where you can download shit onto peoples computers using sprays was ever fixed, I fully believe when it comes to valve all game breaking and user harming exploits should be put out to the public and abused freely so they get fixed instead of thrown in some backlog that'll never get checked unless X becomes widely abused.
Same story with the recent GoldSource engine updates fixing exploits. I actually talked to a Valve dev through HackerOne to ask about new bugs caused by such a patch and suggested doing something about the communication issues, because that's why this is taking years to fix.
Can you call L4D2 dead when it's hovering around 10-15k players? I mean, if that counts as dead, I don't even know what Artifact counts as.
if information about such exploits is out in public, chances are that its already patched there are quite juicy rewards on hackerone if u provide such exploit along with way to reproduce or code that produces it last guy got 15k$ iirc
I still play L4D2 with friends all the time, it's not dead lol, there's no shortage of players, it just doesn't get updates very often anymore
I am pretty sure it's fixed by now. It required them to update the Source Engine branches across all games. There was another exploit too that I remember which allowed custom maps to execute remote code if a player ragdolled for an example, it was found by a security researcher and they fixed that as well.
I find it heart warming how the L4D2 fanbase and all around community never disappears Long after the world has died out, the energy of these beings will live on, scaring people into confusion as to why they aren't asking for their soul, but are in fact shouting for pills and incendiary ammo.
L4D and L4D2 are both games that I'll enjoy despite their age because they're fun games.
One thing that seems to be lost to time for L4D2 is a mutation that made all zombies slow but hit like a truck, it also disabled most of the hud. it basically turned solo into a completely different kind of game which was just soaked in atmosphere. I lost it a long time ago
L4D2 is still my favorite Source game to map for. I wish there was at least a small team making occasional content updates like TF2.
I literally just installed L4D2 and decided to do a Versus quick match. Took me all of 5 seconds.
The modding community is alive to, its been about a few weeks since RE2R release, and now the main cast is available to play as any of the survivors.
He do https://steamuserimages-a.akamaihd.net/ugc/987883208224191153/2FD020F389CCA134E2CB6061D9B643544589438C/
damnit man don't make this into another FEAR, I got so many games I haven't played yet and then someone reminds me of this great game I've played back and forth, like FEAR and L4D2 in this case, and forget about the rest of the library
Well I just needed to update the OP but I never expected this kind of response. Lovely times whenever an old game becomes talk-worthy... just unfortunate it took a gamebreaking exploit to do it! https://old.reddit.com/r/l4d2/comments/b6p324/to_the_people_who_helped_patch_the_server_crash/ And that's it from me, thanks all!
What the fuck is Lewd4Dead
Aparently it's an anime themed server or something, it would appear they exploit the fact matchmaking also sends you to community servers to put ads in the MOTD and monetize that way. The guy that aparently resurfaced the exploit seems to have a personal problem with the admins of those servers, so he decided to use the exploit to shut servers down.
You are exactly right and I failed to elaborate on this in the article, so just some added context: https://i.imgur.com/4E6uaJW.jpg Simply reporting the exploit on the forums could get you banned To counter matchmaking, bans from this community are coveted -- and frequently requested Their first Steam Group "Hentai R---!" was deleted on violation Valve never banned anybody for abuse of this exploit, despite the wave of euphoria from people discovering an easy way to get banned from third-parties they dislike. One (since redacted) plugin even instantly banned for any use of spec_goto, facilitating such heinous behavior.
I used this any time a group of 3 tried to kick me from a match to make room for their 4th. The plus side is they all get to start back at the beginning with their friend, lucky them!
Sorry, you need to Log In to post a reply to this thread.