Required security updates - Printable Version

Required security updates - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: Required security updates (/showthread.php?tid=323652)

Required security updates - Amit_B - 06.03.2012

Hey,

I'm running a large amount of SA-MP servers (15+-) for a large Israel SA-MP related community called "SAMP-IL" ("Vgames" in the past).
As the best SA-MP community in Israel, with a lot of competitors, we having some people who want to crash the servers.

Some of my servers running with a large amount of players. Something like 50~120, and it can get to much higher amount. Also, every server uses it's own systems, meaning it can be a system of data saving which can be through MySQL or files. The scripts are very large and uses a lot of different systems. I'm telling you that so you'll be able to understand the situation.

Lately, my servers being attacked. It was all started with mass vehicle spawning attack. After a lot of crashes, i've used an improved system against it (Gamer_Z's) and it created some other problems involved with my exists systems. But never mind, after that was stopped, they started to use some cleo-mods to use some invalid vehicle components. Then i've scripted something against this too, by reading JernejL's tutorial, and looks like they've stopped. Then they tried another easy and stupid way of attacking - reconnecting really fast with a large amount of users. That's, of course, spammed the chat but it doesn't matter because I got a limit of 4 IPs connected to the server in time. One ban fixed everything.

And here comes the problem - they've used some crazy proxy system and done the hack above with something like 200 different IPs. I couldn't block that with any anti IP connection spam, because there was difference of time between every connection with the same IP. In that difference, something like other 50 IPs connected and disconnected. Then i've just uploaded a fast filterscript I made that ban their names (that were similiar), and the spam on the chat started to be more slow from second to second, but still - it took time to ban everyone of them.

Some logs:
(samp.ban)

Код:

24.22.62.220 [03/03/12 | 01:00:17] IP_EC_Clan_0D - INGAME BAN
85.67.77.31 [03/03/12 | 01:00:18] UA_EC_Clan_C3 - INGAME BAN
85.67.77.31 [03/03/12 | 01:00:18] UA_EC_Clan_C3 - INGAME BAN
93.143.154.223 [03/03/12 | 01:00:18] hi_EC_Clan_Lb - INGAME BAN
93.143.154.223 [03/03/12 | 01:00:18] hi_EC_Clan_Lb - INGAME BAN
89.201.202.181 [03/03/12 | 01:00:18] cm_EC_Clan_r4 - INGAME BAN
188.96.178.232 [03/03/12 | 01:00:18] zz_EC_Clan_KG - INGAME BAN
188.96.178.232 [03/03/12 | 01:00:18] zz_EC_Clan_KG - INGAME BAN
85.67.165.118 [03/03/12 | 01:00:18] PK_EC_Clan_Bf - INGAME BAN
85.64.206.69 [03/03/12 | 01:00:18] Jw_EC_Clan_Ni - INGAME BAN
255.255.255.255 [03/03/12 | 01:00:18] Jw_EC_Clan_Ni - INGAME BAN
81.0.76.186 [03/03/12 | 01:00:18] hn_EC_Clan_Op - INGAME BAN
81.0.76.186 [03/03/12 | 01:00:18] hn_EC_Clan_Op - INGAME BAN
93.142.186.189 [03/03/12 | 01:00:18] jk_EC_Clan_1x - INGAME BAN
93.142.186.189 [03/03/12 | 01:00:18] jk_EC_Clan_1x - INGAME BAN
95.178.195.208 [03/03/12 | 01:00:19] qN_EC_Clan_an - INGAME BAN
87.211.206.204 [03/03/12 | 01:00:19] gm_EC_Clan_sU - INGAME BAN
41.164.7.162 [03/03/12 | 01:00:26] Es_EC_Clan_LQ - INGAME BAN
255.255.255.255 [03/03/12 | 01:00:26] Es_EC_Clan_LQ - INGAME BAN
108.80.249.210 [03/03/12 | 01:01:31] NONE - IP BAN
62.163.11.157 [03/03/12 | 01:01:35] nO_EC_Clan_dP - INGAME BAN
87.229.8.130 [03/03/12 | 01:01:36] fU_EC_Clan_DJ - INGAME BAN
87.229.8.130 [03/03/12 | 01:01:36] fU_EC_Clan_DJ - INGAME BAN
81.183.207.5 [03/03/12 | 01:01:36] py_EC_Clan_EG - INGAME BAN
84.3.191.54 [03/03/12 | 01:01:36] 8r_EC_Clan_Cz - INGAME BAN
94.21.231.5 [03/03/12 | 01:01:36] 71_EC_Clan_Sq - INGAME BAN
94.21.231.5 [03/03/12 | 01:01:36] 71_EC_Clan_Sq - INGAME BAN
195.80.133.6 [03/03/12 | 01:01:36] pp_EC_Clan_cF - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:36] pp_EC_Clan_cF - INGAME BAN
88.132.175.190 [03/03/12 | 01:01:37] gq_EC_Clan_R3 - INGAME BAN
46.13.31.155 [03/03/12 | 01:01:37] CV_EC_Clan_yf - INGAME BAN
92.155.249.6 [03/03/12 | 01:01:37] 4D_EC_Clan_4D - INGAME BAN
86.88.212.208 [03/03/12 | 01:01:37] Rc_EC_Clan_Ac - INGAME BAN
86.94.222.186 [03/03/12 | 01:01:37] sl_EC_Clan_nP - INGAME BAN
188.103.255.14 [03/03/12 | 01:01:37] DM_EC_Clan_ie - INGAME BAN
78.34.219.193 [03/03/12 | 01:01:37] 6T_EC_Clan_hR - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:37] 6T_EC_Clan_hR - INGAME BAN
79.184.52.68 [03/03/12 | 01:01:37] DH_EC_Clan_Gn - INGAME BAN
93.138.76.235 [03/03/12 | 01:01:37] vD_EC_Clan_ts - INGAME BAN
92.37.97.7 [03/03/12 | 01:01:37] T2_EC_Clan_XY - INGAME BAN
92.37.97.7 [03/03/12 | 01:01:37] T2_EC_Clan_XY - INGAME BAN
78.3.235.80 [03/03/12 | 01:01:37] mM_EC_Clan_tl - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:37] mM_EC_Clan_tl - INGAME BAN
76.64.141.102 [03/03/12 | 01:01:37] 6E_EC_Clan_px - INGAME BAN
83.23.137.175 [03/03/12 | 01:01:38] gN_EC_Clan_lw - INGAME BAN
91.83.68.40 [03/03/12 | 01:01:38] ez_EC_Clan_DW - INGAME BAN
77.254.177.68 [03/03/12 | 01:01:38] vE_EC_Clan_Or - INGAME BAN
178.43.164.119 [03/03/12 | 01:01:38] hF_EC_Clan_6T - INGAME BAN
93.143.146.169 [03/03/12 | 01:01:38] dd_EC_Clan_fT - INGAME BAN
82.141.65.24 [03/03/12 | 01:01:38] k5_EC_Clan_jc - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:38] ln_EC_Clan_tK - INGAME BAN
95.178.134.139 [03/03/12 | 01:01:38] 9m_EC_Clan_Ja - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:38] x8_EC_Clan_JU - INGAME BAN
88.171.115.115 [03/03/12 | 01:01:38] nx_EC_Clan_wp - INGAME BAN
88.171.115.115 [03/03/12 | 01:01:38] nx_EC_Clan_wp - INGAME BAN
79.248.141.38 [03/03/12 | 01:01:39] gZ_EC_Clan_FV - INGAME BAN
84.184.33.119 [03/03/12 | 01:01:39] FL_EC_Clan_bJ - INGAME BAN
62.101.147.191 [03/03/12 | 01:01:39] Ni_EC_Clan_oH - INGAME BAN
91.132.38.150 [03/03/12 | 01:01:39] Eb_EC_Clan_o0 - INGAME BAN
93.138.25.66 [03/03/12 | 01:01:39] xw_EC_Clan_wd - INGAME BAN
93.138.25.66 [03/03/12 | 01:01:39] xw_EC_Clan_wd - INGAME BAN
79.120.222.54 [03/03/12 | 01:01:39] nR_EC_Clan_mM - INGAME BAN
79.201.193.105 [03/03/12 | 01:01:39] D6_EC_Clan_2u - INGAME BAN
79.201.193.105 [03/03/12 | 01:01:39] D6_EC_Clan_2u - INGAME BAN
94.21.118.168 [03/03/12 | 01:01:40] Qj_EC_Clan_mB - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:40] Qj_EC_Clan_mB - INGAME BAN
46.107.112.3 [03/03/12 | 01:01:40] BX_EC_Clan_Sk - INGAME BAN
46.107.112.3 [03/03/12 | 01:01:40] BX_EC_Clan_Sk - INGAME BAN
201.47.21.113 [03/03/12 | 01:01:41] ST_EC_Clan_cC - INGAME BAN
84.0.13.79 [03/03/12 | 01:01:41] NX_EC_Clan_bJ - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:41] Ul_EC_Clan_M6 - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:41] 5E_EC_Clan_xm - INGAME BAN
84.109.39.227 [03/03/12 | 01:01:41] t1_EC_Clan_PJ - INGAME BAN
174.113.247.78 [03/03/12 | 01:01:41] HX_EC_Clan_at - INGAME BAN
174.113.247.78 [03/03/12 | 01:01:41] HX_EC_Clan_at - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:42] hl_EC_Clan_4y - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:42] kk_EC_Clan_ZR - INGAME BAN
78.63.30.187 [03/03/12 | 01:01:42] U1_EC_Clan_qT - INGAME BAN
78.63.30.187 [03/03/12 | 01:01:42] U1_EC_Clan_qT - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:42] Kz_EC_Clan_su - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:42] Jx_EC_Clan_bC - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:42] eO_EC_Clan_bN - INGAME BAN
201.50.167.240 [03/03/12 | 01:01:42] ei_EC_Clan_ii - INGAME BAN
80.60.136.9 [03/03/12 | 01:01:42] 5W_EC_Clan_2b - INGAME BAN
78.1.143.73 [03/03/12 | 01:01:42] dt_EC_Clan_WD - INGAME BAN
151.65.52.91 [03/03/12 | 01:01:42] 0m_EC_Clan_MG - INGAME BAN
92.225.99.103 [03/03/12 | 01:01:42] I0_EC_Clan_Fh - INGAME BAN
201.141.231.200 [03/03/12 | 01:01:42] wV_EC_Clan_MG - INGAME BAN
31.176.128.198 [03/03/12 | 01:01:43] N7_EC_Clan_zK - INGAME BAN
31.176.128.198 [03/03/12 | 01:01:43] N7_EC_Clan_zK - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:43] 9B_EC_Clan_ud - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:43] u7_EC_Clan_3O - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:43] zk_EC_Clan_jS - INGAME BAN
189.32.31.166 [03/03/12 | 01:01:43] IX_EC_Clan_Ab - INGAME BAN
79.101.89.146 [03/03/12 | 01:01:43] Nq_EC_Clan_n7 - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:43] 4f_EC_Clan_Wl - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:43] fk_EC_Clan_l3 - INGAME BAN
89.164.24.80 [03/03/12 | 01:01:43] nz_EC_Clan_RU - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:43] qf_EC_Clan_Xm - INGAME BAN
74.59.229.58 [03/03/12 | 01:01:44] 02_EC_Clan_aI - INGAME BAN
212.194.243.128 [03/03/12 | 01:01:44] sz_EC_Clan_XF - INGAME BAN
78.0.237.174 [03/03/12 | 01:01:44] f2_EC_Clan_eB - INGAME BAN
78.0.237.174 [03/03/12 | 01:01:44] f2_EC_Clan_eB - INGAME BAN
190.31.252.37 [03/03/12 | 01:01:44] 4T_EC_Clan_Jr - INGAME BAN
84.157.247.64 [03/03/12 | 01:01:44] B1_EC_Clan_cR - INGAME BAN
87.205.233.70 [03/03/12 | 01:01:44] ir_EC_Clan_mX - INGAME BAN
187.23.151.160 [03/03/12 | 01:01:44] jB_EC_Clan_Ba - INGAME BAN
200.146.6.236 [03/03/12 | 01:01:44] O6_EC_Clan_0n - INGAME BAN
210.86.110.141 [03/03/12 | 01:01:44] m1_EC_Clan_E8 - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:45] uC_EC_Clan_zX - INGAME BAN
89.223.234.177 [03/03/12 | 01:01:45] xD_EC_Clan_p2 - INGAME BAN
93.138.208.161 [03/03/12 | 01:01:45] pp_EC_Clan_V0 - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:45] pp_EC_Clan_V0 - INGAME BAN
68.111.150.249 [03/03/12 | 01:01:45] PR_EC_Clan_mg - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:46] TF_EC_Clan_KV - INGAME BAN
188.246.84.202 [03/03/12 | 01:01:46] zI_EC_Clan_A3 - INGAME BAN
79.114.88.72 [03/03/12 | 01:01:46] 8z_EC_Clan_Dp - INGAME BAN
108.85.90.39 [03/03/12 | 01:01:46] op_EC_Clan_Ul - INGAME BAN
84.247.176.134 [03/03/12 | 01:01:47] 2C_EC_Clan_Qi - INGAME BAN
67.166.138.65 [03/03/12 | 01:01:47] VQ_EC_Clan_6e - INGAME BAN
78.92.94.79 [03/03/12 | 01:01:48] jO_EC_Clan_EB - INGAME BAN
78.92.94.79 [03/03/12 | 01:01:48] jO_EC_Clan_EB - INGAME BAN
196.206.69.197 [03/03/12 | 01:01:48] jf_EC_Clan_t2 - INGAME BAN
178.222.151.183 [03/03/12 | 01:01:49] rF_EC_Clan_9n - INGAME BAN
190.121.20.155 [03/03/12 | 01:01:50] xE_EC_Clan_Io - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:51] 3T_EC_Clan_di - INGAME BAN
186.61.16.137 [03/03/12 | 01:01:52] 29_EC_Clan_ak - INGAME BAN
201.251.226.2 [03/03/12 | 01:01:53] IN_EC_Clan_5d - INGAME BAN
177.1.12.2 [03/03/12 | 01:01:54] 7m_EC_Clan_wt - INGAME BAN
177.1.12.2 [03/03/12 | 01:01:54] 7m_EC_Clan_wt - INGAME BAN
89.134.26.217 [03/03/12 | 01:01:55] 35_EC_Clan_wf - INGAME BAN
255.255.255.255 [03/03/12 | 01:01:55] 35_EC_Clan_wf - INGAME BAN
89.161.92.159 [03/03/12 | 01:01:56] NV_EC_Clan_Vh - INGAME BAN
186.53.49.210 [03/03/12 | 01:01:56] cD_EC_Clan_fz - INGAME BAN
91.226.51.114 [03/03/12 | 01:01:58] jR_EC_Clan_R9 - INGAME BAN
91.226.51.114 [03/03/12 | 01:01:58] jR_EC_Clan_R9 - INGAME BAN
89.164.18.172 [03/03/12 | 01:01:58] 2t_EC_Clan_XI - INGAME BAN
177.10.6.91 [03/03/12 | 01:01:59] l8_EC_Clan_jy - INGAME BAN
201.160.229.43 [03/03/12 | 01:02:13] BY_EC_Clan_wp - INGAME BAN
193.91.86.34 [03/03/12 | 01:02:17] 1c_EC_Clan_lK - INGAME BAN
89.69.45.76 [03/03/12 | 01:02:20] JH_EC_Clan_kB - INGAME BAN
84.162.200.181 [03/03/12 | 01:02:23] BA_EC_Clan_Zv - INGAME BAN
84.162.200.181 [03/03/12 | 01:02:23] BA_EC_Clan_Zv - INGAME BAN
85.28.145.200 [03/03/12 | 01:02:29] Jy_EC_Clan_TU - INGAME BAN
85.65.12.224 [03/03/12 | 01:02:33] nY_EC_Clan_el - INGAME BAN
255.255.255.255 [03/03/12 | 01:02:34] 6h_EC_Clan_jK - INGAME BAN
84.1.184.61 [03/03/12 | 01:02:35] 9C_EC_Clan_rd - INGAME BAN
255.255.255.255 [03/03/12 | 01:02:35] 9C_EC_Clan_rd - INGAME BAN
189.42.128.50 [03/03/12 | 01:03:04] gK_EC_Clan_qY - INGAME BAN
74.93.167.84 [03/03/12 | 01:03:33] a4_EC_Clan_S8 - INGAME BAN
255.255.255.255 [03/03/12 | 01:03:33] a4_EC_Clan_S8 - INGAME BAN
255.255.255.255 [03/03/12 | 01:03:36] YU_EC_Clan_M5 - INGAME BAN
79.184.214.239 [03/03/12 | 01:03:37] 6y_EC_Clan_Ij - INGAME BAN
255.255.255.255 [03/03/12 | 01:03:37] 6y_EC_Clan_Ij - INGAME BAN
197.2.121.214 [03/03/12 | 01:03:50] pR_EC_Clan_h5 - INGAME BAN
255.255.255.255 [03/03/12 | 01:04:00] jw_EC_Clan_0M - INGAME BAN
78.134.143.174 [03/03/12 | 02:07:26] lc_EC_Clan_14 - INGAME BAN
255.255.255.255 [03/03/12 | 18:10:52] Wt_EC_Clan_kz - INGAME BAN

Own connection log system:

Код:

[01/03/2012 15:22 Connects] (44)[b0t]s0nicTz666: [Connect] 84.3.191.54
[01/03/2012 15:23 Connects] (80)[b0t]s0nicTz666_NOkH: [Connect] 87.229.8.130
[01/03/2012 15:23 Connects] (76)[b0t]s0nicTz666_YnW8: [Connect] 2.40.175.243
[01/03/2012 15:23 Connects] (73)[b0t]s0nicTz666_R87U: [Connect] 84.85.189.153
[01/03/2012 15:23 Connects] (88)[b0t]s0nicTz666_aAlb: [Connect] 195.228.93.208
[01/03/2012 15:23 Connects] (57)[b0t]s0nicTz666_hW9W: [Connect] 93.136.138.131
[01/03/2012 15:23 Connects] (92)[b0t]s0nicTz666_j8jr: [Connect] 95.49.55.52
[01/03/2012 15:23 Connects] (93)[b0t]s0nicTz666_9wxH: [Connect] 94.21.86.197
[01/03/2012 15:23 Connects] (83)[b0t]s0nicTz666_stUP: [Connect] 78.63.30.187
[01/03/2012 15:23 Connects] (100)[b0t]s0nicTz666_mHYW: [Connect] 79.114.88.72
[01/03/2012 15:23 Connects] (99)[b0t]s0nicTz666_f8SN: [Connect] 89.210.230.179
[01/03/2012 15:23 Connects] (89)[b0t]s0nicTz666: [Connect] 97.87.13.244
[01/03/2012 15:23 Connects] (101)[b0t]s0nicTz666_uN1R: [Connect] 83.10.17.13
[01/03/2012 15:23 Connects] (102)[b0t]s0nicTz666_WFov: [Connect] 216.114.238.161
[01/03/2012 15:23 Connects] (103)[b0t]s0nicTz666_dBAW: [Connect] 79.186.222.232
[01/03/2012 15:23 Connects] (44)[b0t]s0nicTz666_LPN6: [Connect] 80.60.136.9
[01/03/2012 15:23 Connects] (98)[b0t]s0nicTz666_RJaT: [Connect] 83.143.139.81
[01/03/2012 15:23 Connects] (106)[b0t]s0nicTz666_vERM: [Connect] 95.38.115.52
[01/03/2012 15:23 Connects] (110)[b0t]s0nicTz666_4g8O: [Connect] 77.46.180.77
[01/03/2012 15:23 Connects] (105)[b0t]s0nicTz666_bBMA: [Connect] 178.36.210.230
[01/03/2012 15:23 Connects] (104)[b0t]s0nicTz666_FsU6: [Connect] 190.82.7.104
[01/03/2012 15:23 Connects] (108)[b0t]s0nicTz666_UhJW: [Connect] 93.143.172.40
[01/03/2012 15:23 Connects] (109)[b0t]s0nicTz666_EUVt: [Connect] 46.35.205.183
[01/03/2012 15:23 Connects] (111)[b0t]s0nicTz666_mKmQ: [Connect] 93.143.145.137
[01/03/2012 15:23 Connects] (107)[b0t]s0nicTz666_mKl1: [Connect] 81.183.61.213
[01/03/2012 15:23 Connects] (112)[b0t]s0nicTz666_dXtV: [Connect] 31.63.187.37
[01/03/2012 15:23 Connects] (114)[b0t]s0nicTz666_XhsI: [Connect] 83.31.28.208
[01/03/2012 15:23 Connects] (113)[b0t]s0nicTz666_0KpW: [Connect] 190.224.239.99
[01/03/2012 15:23 Connects] (88)[b0t]s0nicTz666: [Connect] 2.183.89.243
[01/03/2012 15:23 Connects] (89)[b0t]s0nicTz666_qbJy: [Connect] 85.60.38.170
[01/03/2012 15:23 Connects] (59)[b0t]s0nicTz666: [Connect] 31.14.25.179
[01/03/2012 15:23 Connects] (74)[b0t]s0nicTz666_Zti6: [Connect] 89.164.14.71
[01/03/2012 15:23 Connects] (62)[b0t]s0nicTz666_cTZd: [Connect] 95.178.137.127

Even if I could disable their connection messages, it will still cause lags, because of the files/MySQL data systems that i'm using. Also, my server donesn't requires people to register to it, that's why I can't handle that like most of servers.
I thought about blocking them by tracing their network stats (GetPlayerNetworkStats) and finding difference between stats of real player and stats of a bot. But I didn't tried that because the attacks stopped for now and I have no way of testing it.

The hackers are two people from my country, which both of them played SA-MP for a while and started to use cheats and from then it get to these hacks. I've already tried to contact them and stop them by words, but with no success; they say that it's fun for them to see players get angry because of them. o_O

I'm posting this because that anything done to me - can be easily done to any other server. Personally, I like that thing, that i'm creating a new block and they create a new attack, everytime, it's really fun (especially when I got the support of the players). But it doesn't matter because not every server could block these attacks as I can. I'm working on a filterscript which used to block most of the attacks, but some protection from SA-MP itself, with some client-side scripts, could be much better and faster.

Waiting for your response!

Re: Required security updates - Vince - 06.03.2012

I've seen that connection spam attack before. They connect as NPC's. Blocking and banning any foreign NPC connections might help.

Re: Required security updates - Amit_B - 06.03.2012

Quote:

Originally Posted by Vince

I've seen that connection spam attack before. They connect as NPC's. Blocking and banning any foreign NPC connections might help.

It isn't. I didn't mentioned that, but I've already seen an NPCs connection attack, and already blocked that. Also, it couldn't be NPC this time because they're visible in the score board (TAB) and maxnpcs already set to the right number.

Re: Required security updates - Scott - 06.03.2012

Read the changelog:

Quote:

- There are some minor security problems in the previous version which is resulting in servers being attacked with specially made tools. Resolving this issue requires both a client and server update.

Re: Required security updates - Amit_B - 06.03.2012

Quote:

Originally Posted by h02

Read the changelog:

Noticed that, but it's still important for you to know about the most known attacks types, which wasn't mentioned in the changelog.

Respuesta: Re: Required security updates - Kurama - 07.03.2012

Quote:

Originally Posted by Vince

I've seen that connection spam attack before. They connect as NPC's. Blocking and banning any foreign NPC connections might help.

They're fake players not NPCs. I've seen this attack type before.

Re: Respuesta: Re: Required security updates - T0pAz - 07.03.2012

Quote:

Originally Posted by Kurama

They're fake players not NPCs. I've seen this attack type before.

They are fake players but they connect as NPC's.

Re: Required security updates - Calgon - 07.03.2012

Nope, that bug was patched like 1-2 releases ago, these are fake players. I've seen this attack multiple times.

I tried to make some code to combat this, but I never tested it as the attacks stopped. I added this code before any login code was attempted:

pawn Код:

stock IsStringAlphaNumeric(string[]) {
    new
        i;

    static const
        szAppropriateCharacters[] = { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_" };

    for(new c = 0; c < strlen(string); c++) {
        for(new f = 0; f < sizeof(szAppropriateCharacters); f++) {
            if(string[c] == szAppropriateCharacters[f])
                i++;
        }
    }

    if(i < strlen(string)) return 0;

    return 1;
}

public OnPlayerConnect(playerid) { 
    new
        szPlayerName[MAX_PLAYER_NAME],
        szPlayerIP[16],
        szPlayerIPs[16],
        szPlayerNames[MAX_PLAYER_NAME];

    GetPlayerName(playerid, szPlayerName, MAX_PLAYER_NAME);
    GetPlayerIp(playerid, szPlayerIP, sizeof(szPlayerIP));

    foreach(Player, x) {
        GetPlayerName(x, szPlayerNames, MAX_PLAYER_NAME);
        GetPlayerIp(playerid, szPlayerIPs, sizeof(szPlayerIPs));
        if(strfind(szPlayerName, szPlayerNames, true) != -1 && !strcmp(szPlayerIPs, szPlayerIP, true) && IsStringAlphaNumeric(szPlayerNames) == 0)
            return BanEx(playerid, "Client spam attack attempt");
    }

    // The rest of your login code...
}

Not sure if it will work, as I said before, I haven't tested it. Nor have I tested the IsStringAlphaNumeric function, but I'm sure you get the gist of what I'm trying to do, consider it as pseudo-code, if it doesn't work.

Re: Required security updates - Amit_B - 07.03.2012

@Calgon, even if this will work, they're still amount of +-200 different players with different names. Even if they connecting as xx_Clan_xx which the "_Clan_" stays the same in every name, they can easily change it to random player names, or increase the amount of IPs to higher then 500.
The solution could be any way to find the difference between faked player and real player. Currently, I can think about one idea - captcha - but this will still have the players in the server, lagging it, and taking slots.

Re: Required security updates - Gerira Gaijin - 07.03.2012

Make an input dialog that shows when a player connects, showing them a random generated number/letter combination, like captcha. Then make a 10 seconds timer, and if they fail to type the code in or they log off/wait too long, kick them and save their IP.

Then next time they connect, check if their IP already failed the captcha. Once they fail 3-4 times, ban the IP.

Just an idea.

Re: Required security updates - Amit_B - 07.03.2012

Quote:

Originally Posted by Gerira Gaijin

Make an input dialog that shows when a player connects, showing them a random generated number/letter combination, like captcha. Then make a 10 seconds timer, and if they fail to type the code in or they log off/wait too long, kick them and save their IP.

Then next time they connect, check if their IP already failed the captcha. Once they fail 3-4 times, ban the IP.

Just an idea.

Quote:

Originally Posted by Amit_B

Currently, I can think about one idea - captcha - but this will still have the players in the server, lagging it, and taking slots.

It would be really hard to find a solution, but it's necessary.

Re: Required security updates - robintjeh - 07.03.2012

Does OnPlayerConnect get called with these bots?

Re: Required security updates - -Prodigy- - 07.03.2012

Yes.

Re: Required security updates - lolumadd_ - 08.03.2012

I had this type of attack twice on my server. Although, when it happened to me, they were all connecting via IP, so it was an easy fix.

Also, the mass teleporting car hack happens very often on my server and causes huge lag and player timeouts. I've coded some protection against this in my script, but haven't tested yet.

Re: Required security updates - Calgon - 08.03.2012

This has been fixed in 0.3e anyway - feel free to test it for yourself, there's a million tools around for it, and someone was kind enough to post a link to one in this thread IIRC.

Re: Required security updates - Amit_B - 08.03.2012

Quote:

Originally Posted by Calgon

This has been fixed in 0.3e anyway - feel free to test it for yourself, there's a million tools around for it, and someone was kind enough to post a link to one in this thread IIRC.

What of the attacks is fixed? the randomally IPs connect spam?