My apologies if this is in the wrong forum, but I wasn't sure to post it in the bug forum, given that I didn't know if it was a bug, or a mistake on my part.
I posted a topic awhile back concerning a griefing exploit that was being used to crash servers, create bugs, and generally cause havoc.
I noticed that the latest updates claim to have fixed this, and I updated (My game, Dragonball Phoenix is running Linux currently.) Byond accordingly.
However, as of now I noticed that there are over 260 private keys online, which is in line with the original grief concerning the tool that was used to crash my game, along with several other games.
For the record, there are only roughly 100 players online on the server in question. That means that over 160 connections with no keys are currently being made to the server.
I was just hoping to get some sort of confirmation that the bug was or wasn't fixed. Unfortunately, i'm unsure as to how to stop it (I have all of the original griefing methods patched out, to the best of my ability. It doesn't seem to stop it from contacting the server constantly either way.) save for the tedious process of tracking down the offending IP's.
I also received word that the original griefer apparently was handing out some sort of TCP/IP flooder that infected a few players of my game, and targets our IP address.
This only came to light after he was unbanned after assisting the Byond staff. Whether this was bluster on his part, or even true at all I don't know. I'm current investigating the veracity of these claims.
Though, thus far, it seems to carry some weight, since we had one player who investigated the original tool and was helping me stop it, suddenly have his IP address come up as one of the attackers one day. Though i've been wondering if his IP address was spoofed, somehow.
But, given the fact that it's rather unfair to ban people who have no affiliation with the actual griefers, I was wondering about alternative ways to stop that particular method of griefing, aside from requesting a change of IP address from our shell companies' host.
Also, as a reference for suggestions until/if a byond admin posts here, i've currently disabled the features in question that allow people to use the griefing exploit on my game. That isn't actually stopping the connections from showing up on the hub.
While I appreciate the free publicity whoever is doing this is giving me, i'm also concerned about negative effects this could have on the server, if there are any. If there aren't, then aside from the fact that my game's population is being represented, I suppose I won't be too concerned about it.
ID:132490
 Sep 20 2010, 9:29 pm
|
|
I'll do that once I get up. As much as i'd like to do it now, it's past 5:30AM, and i've been working on the code for quite a few hours, now. I'm hoping some rest will let me get my thoughts in order to make sure I haven't overlooked anything.
For referencing though, the original topic can be found here. http://www.byond.com/developer/forum/?id=756921 | |
Speaking of Dragonball Pheonix...
Since it runs using Dragonball Finale/PVP or whatever you want to call it these days, the original owner had created a "Remote" utility to communicate between servers of the specific game and calling world.Topic() within the game. A failed connection or repeated connection accounts for the abnormal amounts of fake connections. That has been discussed and potentially looked into/fixed if you look in the Bug Reports. As far as actual bugs, glitches, exploits, etc. etc. you'll need to remove world.Topic() completely or alter it to disallow the "Remote" that is publicly available. I believe the most common attacks are "Save 4 Pwipe", Spamming, Crashing, and distribution of Moderation. There is no actual "hacking tool". It's a separate DM environment ran remotely. You should look into world.Topic() clearly and disallow any connections you don't want Export()'d into the server. So, as of right now, this is a programming issue that isn't really affiliated with BYOND but the original owner of your used Source Code and/or the person(s) in charge of your current Source Code who have access to change the world.Topic() information and process. EDIT : For more information, visit the Ex : http://s1.zetaboards.com/Neko_Sennin/topic/3292271/1/ | |
Archonex wrote:
However, as of now I noticed that there are over 260 private keys online, which is in line with the original grief concerning the tool that was used to crash my game, along with several other games. Version 475 and up doesn't report world.Export() connections to the hub. What you're seeing here is a residual bug in the hub we'll be clearing up shortly. The high number of players doesn't indicate an attack on your server, at least not in newer builds. I also received word that the original griefer apparently was handing out some sort of TCP/IP flooder that infected a few players of my game, and targets our IP address. It sounds like you're operating on some vague stories there. A utility designed to flood an address wouldn't "infect" anyone because things that infect are viruses, and a flooder is a regular utility. There was a flooder of some kind written in DM which I assume is the one you're talking about. The original author put in a half-baked effort to shut down remote copies but I think his concept was simple enough that it would have been easy to copy. However if you really are being flooded, this should be verifiable by looking at your traffic and determining the IP address. But, given the fact that it's rather unfair to ban people who have no affiliation with the actual griefers, I was wondering about alternative ways to stop that particular method of griefing, aside from requesting a change of IP address from our shell companies' host. A simple ban on the IP address should work fine, as should blocking it from your firewall. If that proves inadequate and the constant barrage of traffic even outside the firewall is interfering with your server, then it's time to talk to the attacker's ISP. However, it's questionable whether you're being attacked at all. Don't trust the hub player count for this purpose. Lummox JR | |
I've been aware of the remote for some time. One of the first things I did was disable it's functionality for the server that I personally host.
World.export and world.topic have been disabled for some time now, which is what confused me. Good to know that it's just a minor bug though. If there's no actual damage to the server being done then there's nothing for me to worry about. I appreciate the information. Edit: I also emailed the shell company a few days back asking if they've noticed a large increase in traffic lately. Hopefully i'll get a response back soon, since they're aware of the issue with the original DoSing method. That should confirm whether or not my game is under attack again for certain. | |
Please head there and give as much detail as humanly possible.