#[Solution]About the Server brower hacked, I will give a solution here.

what? why the post content was deleted. the link problem?

OK, I will I will edit blow.

First of all, welcome to the English world to the CLONE era - a world that we Chinese players have endured for 3 months and 13 days.

If you want to solve this problem, you can consider using my software, you can view the pictures, that's works.

I mean no harm, so I'll open source it so you can probably save yourself some guesswork if you can compile it yourself. Souce Code：https://github[dot]com/madlifer/Squad-Clone-Server-Block

i dont know man sound sketchy af...

You fucking lot get lost with your servers hacks, don't come messing with our servers

lol you mad huh?

I don't care what happens in china, just don't bring them here to our servers

OWI agree with you, but someone don't think so. Cause he hacked the ENG list

You can see the video of the effect here, it is effective. THE VIDEO: https://www[DOT]bilibili[DOT]com/video/BV1SjJKzeE3j/

I packaged this software, you can download it directly and run it. Please note: due to historical reasons, it will download a list of blocked server keywords from the cloud, but it is no longer effective. However, the software itself is working, so don't worry about it. THE APP:https://drive[DOT]google[DOT]com/file/d/1GFR-B2tFXyOgKW-vASN_X37y9THi7_8F/view?usp=drive_link

aint no way some1 rly gonna open your links man its too skechy even for a dumbass like me

yeah, but, Maybe you could check out GitHub and compile it yourself? I don't really care how you use it, I'm just trying to help out out of kindness.

xd naive EN natives

sad i dont have that gif around
''First time?''

My honest reaction

Now, let's discuss why this shit happened:

Let me start with the conclusion—OWI deserved it.

1. When a player opens the server list, they're sending a request to the EOS server: "Hello, give me all the SQUAD servers!"

2. Of course, at the same time, as the server owner, you also need to constantly send requests to the EOS server: "Hello, I'm a SQUAD server. Please add me when users request a list."

Disgusting

Normally, this request is automatically sent by the server client to EOS, honestly reporting: "My serverName is XXX, my address is XXXX, and how many people are currently playing on my server?"

The problem is that by intercepting and modifying this network request, the server can send arbitrary messages to the EOS server: for example, a server could say: "my serverName is “FuckOWI! FIX CLONE SERVER BUG.” I currently have 999,999 people playing on my server."

3 months, so what? You deserved that. We all know that Chinese players hack in every game.

This is how it all happened. The hacker created a system that constantly sent requests to the EOS server, adding random variables.

For example, language options and mode options, the hacker then continuously reported the appearance of a new server to EOS. When players requested a server, a bunch of these servers would appear.

This hacking activity first occurred on May 9, 2025, and has continued to occur daily since then.

The problem this discovery raises is that, as a server owner, I can send EOS the names of 1,000 popular servers, but change their IP addresses to mine, so that players are redirected to my server.

Chinese players first reported this incident on Discord on the 13th. and the MODDER delete the post because some player get more and more mad ,request OWI fix it quickly.

招不招笑啊哥们🤣

跟个四马了一样

In May, I successfully created this blocking tool. Later, I discovered that its principle is exactly the same as that of the attack itself—it's just a switch between attack and defense. Their essence is the same: intercepting request network packets and forging them.

I immediately notified OWI officials on Dicord and explained the severity of the attack: Because the hacker needed to divert traffic, he was limited to using the tool against Chinese servers. However, this was actually a T0 bug, capable of destroying the entire Squad list server.

I also created attack tools and shared the source codes of both attack and defense tools with OWI officials.

And guess what? 3 months later, the bug is still there. This bug has been rampant on the Chinese server for 3 months. Many people have posted on Discord asking for a fix, and I have provided a solution. In this case, OWI still has not fixed the problem.

During these three months, the method of exploiting this bug has been gradually expanded from the hacker and I who knew it when I submitted it to more and more people. It has become a tool that can be purchased for a fee, just like DDOS (used to maliciously forge other people's servers and redirect them to your own servers).

你是哪个服主

Finally, someone couldn't take it anymore, figured out how to exploit this bug, and created these clones on the ENG server list.

What can I say?I hate to see the game being ruined like this , but when someone couldn't help but do it I can only express my regret and say: Well done, damn!

他好像不是，不过是那个屏蔽工具的开发者

我只能说世外确实是活该的

I repeat the severity to OWI at 6.15, and no reply. so, what can I say?

Knowing OWI they will fix it in 5-6 years. They don't care, they are busy downgrading UE5

yeah. our poor OWI. UE5 is too fucking difficult. UE5 should be blamed: they tied up OWI

Small indie studio, they are so poor

But any junior project manager would know that the order should be to create new experiences without affecting existing experiences.

Definitely not them

Still didnt fix rpg ghost reload (6 year bug)

i wonder if OWI can even fix it, to me it sounds like a EOS issue where they dont auth where the request is coming from like the IP of the server.

Not so soon, at least a decade later

They are not even looking into the matter let alone fix it, UE5 is obviously more important to them.

i mean, this is a pretty serious problem, and everyone see it, would be hard to ignore, doesnt mean they can do anything about it, they'd have to get epic to fix it, and seeing how shit it is and how slow it is to update, it will be a while ahahah

No,EOS needs to verify the client token to ensure that the message is sent from the client, but OWI does not protect this token, which means you can easily obtain this token, and the expiration time of this token is 24 hours.

LOL CHINESE DID CHINESE THINGS

Lets wait and see how OWI reacts to this post and find out.

that is OWI's problem, not Epic's problem.

算了这些歪国人就受着吧

我倒是挺期待腾讯代理的国服

看看这些人的回复，我只能说 加大力度，顺便再把UE4崩服BUG也给他们安排上

好言相劝不听

一群撒掉

Есть какие то новости или слова от разработчиков по этому поводу?

No they are ignoring this

They are as quiet as dead up till now

When it's your turn to be harassed and you can't play, just cry

R.I.P

Well I guess doing it on weekend was a strategic move

Let you feel it too

I can think of ten thousand ways to strengthen client security, set shorter tokens, and not allow the same IP to send multiple EOS requests at the same time in a short period of time. This is not a difficult problem, it is an attitude problem: they don’t care. JUST Don't Fucking Care

Judging from solution code, does it mean if they ramp it up above response limit we will have an empty browser in the end? @tacit temple

I get it, yes. My answer is yes. If a hacker creates 2,000 or 3,000 servers, you won't see any servers other than the garbage he created because the client is limited to requesting only 200 server data at a time.

fun times

So in my code, I modified the request limit and changed the number of requests at a time to 9999. Then I deleted the garbage based on duplicate names, duplicate IP addresses and other information before sending it to you.

I wonder if this bug is a byproduct of them hastily moving from steam api to eos

I think maybe there wasn't such a strong need for token protection when using the Steam API? And they just not strengthen the protection after the migration.

i bet, i havent seen issues on steam browser like that

probably, may be then server was directly authenticated with steam and that was all that was needed

because EOS browser migration was a clusterfuck of problems on its own

yeah, i still wonder the real reason of the switch...

Yes, the server client needs to request a token from EOS and then use it to send server information. However, the client side is more complicated. In addition to requesting an EOS token, the client side also needs a token from Steam, which expires in one hour.

To continuously monitor the servers on the EOS list, I had to create a Windows environment and install Squad on the server because Steam tokens were difficult to obtain.

However, creating a clone server doesn't require this much effort; it's very simple.

probably a deal with tencent and epic, that then was imposed after OWI being purchased

@tacit temple Hi, madlifer. I support you 100% percent. I wish if offworld eat more shit. After all of this community ignoring and literally sucks relationship

It is like we give you funding if you get locked with our API

then devs are rushed to do something on top of what their do already

and you have a fucked up browser

that is the speculation, i'm not sure what tencent or epic has to gain from this switch, i would think it's more of a technical reason

WOW

I thin you can use more strongly text like a advertisement of prohibited content))

steam API ？There were problems back then, didn't you know that? You could have just blown up the server, but that's what other people told me, I hadn't even played the game at the time.

More reliance on Epic Services - more control, it is same with their tactics with EGS and free games, more devs rely on you - the better

hearsay my honor 🙂

thx buddy.I want this game to be stronger and I won't do anything to ruin this game. Cause I‘m an Gamer

And also i want to mention other problems with OWI like fake clicking online and ini configs, that the 2 more reason that approve that owi deserve this

and Lighting update , and ICO, and UE5 perf 🤣

I thought they fixed the ini problem when releasing 8.2?

fake clicking is ALL on OWI not doing a simple check on server side code

yeah, the fake player number, right? This is also ridiculous. I've fixed this issue in my software, and it now displays the actual number of players.

I also fixed the issue of multiple click-and-exit loops causing the server population to increase, but OWI seems to have addressed this issue in UE5 as well.

How we know the online counts was fake?

they have a queue and have steam id on player join request, it is like 1 minute fix to check who is in queue before bumping player count

😱

see,totalPlayers is the true player count

and OWI use PLAYERCOUNT_l

that's the problem

I suppose there is an internal join queue that is not being handled correctly

that is added to totalPlayers

After all, they prefer to revoke server licenses (which literally happened to dozens of server owners) rather than apply a ready-to-use fix. This is the craziest community work I've ever seen

Their logic is that when you click to join a server, EOS adds 1 to the server's player count because you requested to join. However, OWI uses a 5-second countdown, so you can't actually join the server. Repeating this will cause EOS to add even more players.

EOS is helpless, as it has no idea OWI would do such a foolish thing.

At the same time, the server actually sends EOS the actual number of players on the server, and OWI only needs to use this number, but it still doesn't do it.

I mean all they had to do is to check who is in the queue, if you add log verbosity you will see there is even steam_id handshake happening during this click exploit

Easy as a fuck for Dev. the just don't care those things. same like clone server bug

所以EOS是用来干什么的

Epic Online Service , SQUAD uses one of the features of EOS: storing and distributing server lists.

草尼玛纱布老外怎么这么多啊，中国玩家和外国玩家不都是受害者吗，给你们提供解决方案还这么挖苦嘲讽，那我只能说活该了，迟早UE4崩溃bug给你们安排上你们就舒服了💩💩💩

乌拉给我炸

Duuuuuuuude... Check the news 😁

依旧腐木起档

I didn't realize OWI is so incompetent XD

Both Chinese and foreign players are victims of this bug. I don’t get why some people keep mocking and making fun of others—especially when someone’s kindly offering a temporary fix. If things keep going this way, then I can only say you deserve this treatment. You should count yourselves lucky that the UE4 engine crash bug hasn’t hit you yet. 💩 💩 💩

CHINESE DID CHINESE THINGS
DO NOT MESS UP WITH OTHER PEOPLE WITH YOUR PROBLEMS

What does this mean? Rotten wood?

thats means family

🧐

father and mother ，u understand

keep saying shit can't solve any problems

草泥马个逼，你这个大煞笔就别叫了，腐木双亡被拴在家门口被日本人强煎，逼都抄烂了

My Google translate completely broke down trying to understand this sentence😨

Github上那个gui文件需要自己编译吗
我几乎完全不懂编程（

bad language,just ignore it