28.10.2018, 13:12
Quote:
|
Originally Posted by niCe
 There are multiple methods how to detect them:
- They use same name length, you can kick all players with the same name length, that are not registered/logged - There are often too many consonants in the row in their names, unlike regular player's name, you can apply some heuristics to detect the bot from its name - They attempt to connect multiple times with the same IP, calling OnIncomingConnection quickly - regular players don't call this more than twice within 30 seconds. Besides that, they all use VPN/Proxy. So far I have blocked these ranges, it helped to reduce the attacks a bit: Code:
95.156.102.* 192.169.217.* 31.13.224.* 95.78.157.* 138.118.224.* 103.250.166.* 177.131.12.* 114.6.27.* 192.169.188.* 157.119.207.* 203.145.179.* 83.143.31.* 42.51.216.* 114.55.63.* 185.67.93.* 37.113.191.* 85.192.154.* 185.124.86.* 128.199.*.* 46.101.*.* 201.184.*.* 136.243.*.* 188.235.*.* 195.9.*.* 94.153.*.* 162.144.*.* 192.169.140.* 185.40.31.* 173.249.29.* 128.199.36.* 192.163.207.* 163.53.209.* 154.72.75.* 103.21.163.* 46.101.240.* 123.249.*.* 46.214.146.* 37.59.8.* 42.51.*.* 103.240.161.* 121.12.92.* 5.135.20.* 103.216.82.* |
The only thing that would have been great is if OnIncomingConnection was able to pull the player's name so that we can do the name checking in that function (since GetPlayerName does not work).
Right now I check the rate in which these bots connect and if there is an anomaly then it will block their IP for 60 seconds. It seems to work a bit, I mean they do connect but they don't stay very long. I'd say maybe 75% reduced in connections alone just by checking the rate of connecting.
Got another check to see if the ID is within range otherwise it will block them (so that my NPCs dont get kicked). Will see how this holds up... Still hasn't went over the limit, yet.
Just gonna leave this info here if by chance Kalcor sees the thread and decides one day to give the issue another tackle.
GPCI is useless by the looks as someone suggested up. Different between every bot.
IncomingConnection:
Code:
[13:53:31] Name:(45)
Version:
IP: / 123.249.60.171:54741
Network Stats:{Network Active: 1
Network State: 6
Messages in Send buffer: 0
Messages sent: 0
Bytes sent: 0
Acks sent: 0
Acks in send buffer: 0
Messages waiting for ack: 0
Messages resent: 0
Bytes resent: 0
Packetloss: -nan%
Messages received: 0
Bytes received: 0
Acks received: 0
Duplicate acks received: 0
Inst. KBits per second: 28.8
KBits per second sent: 0.0
KBits per second received: 0.0
}
Ping:-1
NPC:0
GPCI:
Code:
[13:53:30] [join] kKFdGEyGrk9TlTAI has joined the server (68:70.83.106.82)
[13:53:30] Name:kKFdGEyGrk9TlTAI(68)
Version:0.3.7
IP:70.83.106.82
Network Stats:{Network Active: 1
Network State: 8
Messages in Send buffer: 7
Messages sent: 52
Bytes sent: 2596
Acks sent: 6
Acks in send buffer: 3
Messages waiting for ack: 0
Messages resent: 0
Bytes resent: 0
Packetloss: 0.0%
Messages received: 8
Bytes received: 186
Acks received: 0
Duplicate acks received: 0
Inst. KBits per second: 28.8
KBits per second sent: 71.1
KBits per second received: 5.0
}
Ping:65535
NPC:0
GPCI:544E5049485245344C5238504F51584850494734