Sorry if this is in the wrong forum, but I have a rather large problem that I require some help on.
Currently, the game I code for is resident to a group of players that are determined to cause as much havoc and damage to the game's community as possible. This would not be an issue, if wasn't for the fact that they've stepped up their efforts, as of late, and apparently have found a way to DoS the game.
Unfortunately, code-banning them doesn't seem like it would work, as they're using a rather interesting method to screw with player's ability to save their progress and connect to the server.
http://img7.imageshack.us/img7/7796/exgen.png
Note the number of private keys connected to the top server. Unfortunately, those keys are not actually connected to the game, as far as I can tell, nor do we have 150+ players actually online.
It seems that the players in question are somehow causing a very large number of connections to the server to occur, shutting down service for the actual players.
When the number of private keys connected gets too high (In the 150+ range, usually.), players lose their ability to connect to the server, and issues start to crop up with the actual player's connected having the ability to save, causing their saves to corrupt on saving, which obviously does a fairly significant amount of damage to the wipe.
I've received numerous people telling me that the person/s involved have confessed, and they've even gone so far as to distribute the host files for the game in an effort to cause further issues, though compared to the previously mentioned issue, that's not really a concern to me.
In addition to that, one of the people involved with the attacks gave me a screenshot some time ago, showing logs of the attacks. However, since it actually does name names (Something i'm not wanting to do on a public forum, as I can't confirm all of the participants myself.) i've refrained from posting it here, as that isn't really that relevant at the moment.
My question is this, what can be done about this on my end? For the most part, it's out of my hands to deal with, aside from coding in a fix, once I figure out how it's being done. Can I report the people involved and get the Byond administration to do something? And if so, how?
ID:132520
 Aug 13 2010, 11:57 am
|
|
I was brought in a month ago to code for the game. So i'm still getting familiar with the code, and patching out years of bugs from Finale, which was the base for this game, as the coder for Finale gave Bishamon permission to do a sequel game.
As of today, i've fixed dozens of bugs, some of the bugs which appear to have been at least a year old given changes in the game's code. So it's entirely possible the fault lies somewhere in the code. As for the save system, as far as I can tell, it writes a file to the hosting server with the player's key and variables using the write proc. This is done on a loop and on certain events, such as player death and logout. I'll check out the things you posted, thanks. | |
DoS is a serious offense and we will do what we can to assist. What you need to do is determine the ip-address(es) of these malicious users. Presumably they aren't using BYOND to connect to your games but are instead spamming the network with login packets. We may be able to protect against this to some degree; we'll have to research to see what is possible.
The best protection would be through a port-monitor, to allow you to detect and block specific ip-addresses before they even reach the software. For linux, we use denyhosts; there is surely some equivalent in windows. I suggest researching network & port monitors to find an appropriate tool that will allow you to block these trolls. | |
I'll see what I can do to determine the IP addresses of the folks who claim to be responsible for this, too, then, and get back to you with the proper IP addresses.
Currently the main server runs through a shell company. I'll look at contacting them as well, as the shell runs on Linux. Again, I really appreciate all the help. | |
780 private keys logged on? BYOND problem indeed.
If they're not actually connecting through BYOND, as Tom suggests, it may be difficult to track. Especially if using a generically run shell server. | |
For referencing, this is what Falacy is referring too.
http://img811.imageshack.us/img811/326/dos.png As of now, pretty much all of the saves on the server are messed up, and alot of players are having trouble making connections. This wipe is pretty much ruined as a result, and we've had a few of the players quit out of irritation at the situation. So it's safe to say that the game itself has had a decent amount of damage done to it. Unfortunately, I haven't made any headway on finding the IP address of the perpetrators. However I can post a screenshot of the program they claim to be using, with their ID and keys in the logs of the program, if that will help. Alternatively, I can message/send it to where-ever it needs to be sent, if that's preferable. | |
An enormous problem with BYOND is that you see their IP address and an open port number when connecting to a game, the latter of which is all you need to pull off a DDoS, no?
| |
The server has officially lagged out, now. Last I checked, there's only "fake" keys online.
This also puts something of a damper on my ability to find the IP addresses of the perpetrators. | |
One of the IP's: 92.13.71.11
Keep in mind that the player with that IP has a habit of running through proxies, however. Not sure if that will help you. He logged and said this: EXGenesis(EXGenesis): Tick Tock, the bomb went off. In referencing to the DoSing, not long after the DoSing began, as well. I've also alerted the shell company to the problem, and they've said they're looking into the issue. | |
And yet another update. Lewis in these logs is the previously aforementioned Exgen/Exgenesis. Apparently he distributed an exploit/program that lets you DoS games.
http://i37.tinypic.com/2mhtteu.jpg Apologies if I posted names on here after I said I wouldn't. The situation has gotten kind of critical on my end. | |
Archonex wrote:
Apologies if I posted names on here after I said I wouldn't. Feel free to post their real names and addresses, so we know who to pick up and ship off to the concentration camps. Though I would recommend against posting a link to the actual problem, lest we end up with another resource extractor era. | |
Not a problem. I just had someone give me the program that they're using to DoS the servers.
Haven't tested it myself yet (I'm not that dumb.), but i'd be happy to send it to the Byond administration if it would help patch whatever they're doing out of the service. | |
Archonex wrote:
I'll see what I can do to determine the IP addresses of the folks who claim to be responsible for this, too, then, and get back to you with the proper IP addresses. Once you have an ip or ip-range (I'll lookup the one you provided), you can block them via the "denyhosts" program. Perhaps your server administrator can help set that up for you. | |
Because it's nearly impossible to get the IP addresses of everyone that Lewis distributed the program too(Nevermind the fact that it could be floating around for a long time, and i'd never be entirely certain that I had gotten all of the addresses.), I jury-rigged a fix while I wait for the shell company to get back to me.
After getting my hands on the source of the DoS program, I figured out that it utilizes a facet of world.topic to run. So I disabled world.topic functionality entirely, and am going to code it so that it requires a hash to run properly when that portion of the code is in use. That should disable the DoSing program while allowing for any world.topic related functions to work properly. Another user claims that world.topic is toggled to be enabled at all times, unless manually disabled with /world.Topic() return() which was the problem, as the DoS program relied on it to run properly. Not sure if that's true, but that would explain the problems we had. While we still have an absurd number of private "keys" logged in, the game doesn't appear to be hampered in it's ability to save as of now. I'm unsure as to how well connections are going to be handled, as I haven't had time to test the patch yet. However, it appears that we're not having any difficulty, despite the attacks on the game servers continuing. I'll update this topic tomorrow. Hopefully things will be better by then. Again, I appreciate all the help. | |
If the DoS "program" is just some noob BYOND/DM creation, then you should write something into your world/Topic() to check/log/ban external IPs attempting to access it.
Another user claims that world.topic is toggled to be enabled at all times, unless manually disabled To a degree, but it should only reply to the ping command by default. | |
Already working on implementing something like that, actually.
If i've planned it out right, if an external source fails the hash check, it'll be banned and logged in a file that I or any other admin above a certain level can read. That should allow administrators and hosts to track who is messing with the server/s without their permission. To a degree, but it should only reply to the ping command by default. Well, that's odd. Not entirely sure how world.topic works myself, so I can't comment, but I can confirm that it was the problem. There are no other instances of world.topic in the code, either. | |
The difference being getting graphics pre-RSC extractor was still piss easy and sounds much the same way.
| |
Whelp, update time. It's 8AM EST now, and the server is still running flawlessly.
We had an issue with world.import last night, where the griefing players somehow found a way to icon change objects in the gameworld into a large compilation of large and disgusting objects (From a certain site that hosted tubgirl, I believe.), however the image size filter I designed a few weeks ago caught them and removed them only a few seconds after each one was uploaded. Which was certainly a nice bonus from a feature that I had no intention of using like that when I originally designed it. One quick reboot later, and all image importing from out of the game world was disabled, and as far as I can tell, we haven't had a problem since then outside of a few of the griefers logging on to rage at the playerbase, and try to troll directly. Unfortunately, because of the large amount of damage to the wipe due to so many people losing their saves, I was forced to just wipe the server and start over. This apparently made us lose a few players. Hopefully we can gain them back over time, as there was little I could do about the situation given how quickly it cropped up, as even with back-ups I didn't have the saves of the first 20 or so people who lost their saves. I appreciate all the advice and help given here. I'm still in contact with the shell host, waiting to see how this denyhost program works. Hopefully that will pan out too. | |
Update. Getting griefed again. As of this post there are over 1000 private keys connected. Saving is impossible, which means we don't even have a working game at the moment.
This is after Exgen's IP has been blocked and world topic was disabled, so someone else is apparently doing it using a new method now. I just checked my MSN and received logs from Exgen talking to a player, saying that he found a way around world.topic being disabled. Not sure if that's true or not, given it came from him. Could just be bluster. Is the issue on Byond's side of things? And if so, is there any fix incoming for it? I'm about at my wits end here given the diversity of IP's that could be the cause for this. I ask because the whole "private keys connected" thing seems like an exploit of some sort. | |
Start by setting a hub password, and/or not handing out the host files, add a white-list for hosting if necessary.
How does the save system work? For a completely separate server to screw with it, I would figure it would need to be some sort of mysql or BYOND server for saves - fix the security holes in them. If it uses Topic()s in a BYOND server system, they can very easily be abused if they aren't safe guarded.
If players are mass logging in to legit servers then there could possibly be problems with any Login related systems. The original zeta source handled characters horribly. Though something that would effect it like this would seem more like a BYOND bug - and they did say they just fixed something similar.
A computer_id ban should be enough to keep out the general troll, and would probably be your best bet if some moron is mass logging a game. If it doesn't, an IP ban could help - but usually do more harm than good.
I don't see how that's the case. Unless you aren't involved in the game's development, or this is some crazy BYOND bug.