Jump to content

CAPTCHA code before entering server

ArnoG

By ArnoG
in Suggestions

Recommended Posts

ArnoG Vic

ArnoG

Posted
Posted

Hey,

I played on the CIT server for some time, but now it's attack by a 'DDOS' or something?

But while I started thinking about a solution for this kinda attacks, can be a build-in CAPTCHA code help to prefent these attacks?

Maybe it's a bit unnessacary for the not-populair servers, but the security of servers right now is just too bad for as far as i know.

Maybe this is a bad idea, but I like it.

It isn't annoying, because you only need to spend 3 seconds of typing 2 words or 4 digits to prefent 3 days of playingtime thrown away by a no-life hacker.

Before you are connecting to a server, you need to fill in the CAPTCHA correctly, else you can't connect and you need to try again. The server can't flood then.

Well, this is only my 2 cents. Since I'm banned for a strange reason at the CIT forum(postwhoring? I only posted 15 posts or something) I try it here.

Link to comment
darkdreamingdan Foot Soldier

darkdreamingdan

Posted
Posted

I'm not sure how this suggestion makes sense. Captcha's are designed to prevent automated bots from proceeding. MTA's spammers/trolls are human, so a captcha within MTA serves no purpose.

As for denial of service attacks, these are facilitated outside the MTA client by flooding the server with requests, so a captcha could not prevent them.

Link to comment
ArnoG Vic

ArnoG

Posted
  • Author
Posted

Isn't it a flood that is attacking CIT?(although I thought it was)

If you need to enter the CAPTCHA code befóre connecting to a server, you prefent flood connection. That means that you can't get a "server overload" because you didn't connect, you only connect áfter entering a CAPTCHA.

Now if it can't stop a DDOS it's useless I think, but if you can, it's usefull.

If they connect without using the MTA client it's totally useless.. Damn I thought I had a solution..

But I do think that I found the attacker of CIT, but I'm not sure.

Link to comment
Xierra Homie

Xierra

Posted
Posted

DDOS is called Distributed Denial Of Service Attack. It's an attack that could get your server screwed up or even shut down. Well, there's much more information on Wikipedia here: http://en.wikipedia.org/wiki/Denial-of-service_attack

Symptoms of DoS / DDoS from US-CERT:

Unusually slow network performance (opening files or accessing web sites)

Unavailability of a particular web site

Inability to access any web site

Dramatic increase in the number of spam emails received—(this type of DoS attack is considered an e-mail bomb)

So it's better to find a way to prevent DoS and DDoS attacks ASAP. Captcha couldn't work as the ones who did that is a human, not a bot. They could get past that defense easily.

Link to comment
ArnoG Vic

ArnoG

Posted
  • Author
Posted

Oh.. But Arran posted a 15 seconds log of the attack.

He used different IP's for the attack(I think), alot of different IP's. That means he controls the computers(different IP's)remotely.

On each computer will be shown a different CAPTCHA code, so he only can connect with the computer he controls. The remote controlled computers can't connect, 'cause of the different CAPTCHA code.

I just think he used different IP's, don't blame me if it's wrong. If the CAPTCHA code idea can't help for any other hack and/or attack this topic can be closed.

Link to comment
qaisjp Shooter

qaisjp

Posted
Posted

Yes Talidan is correct, all you need to do is to type [i'm not gonna say what to type] in cmd and then, DDoS attack might happen. The command line is all you need, so it isn't quite possible. The only thing I can think of is stopping repetitive joining (which I believe occurs when I kept trying to join a server that cancelled event with a timed out as reason for me xD)

Link to comment
darkdreamingdan Foot Soldier

darkdreamingdan

Posted
Posted

You guys are getting confused. A denial of service attack can be facilitated without ANY connection to MTA. By getting 100,000 machines to ping (that is, cmd -> ping google.com) a server, the server gets overwhelmed with requests and starts slowing down until it eventually slows to a halt.

No implementation within MTA can prevent such an attack, unless there is a security vulnerability within MTA itself.

Link to comment
Arran Mack

Arran

Posted
Posted

For your information the attacks against CIT and other MTA servers is a distributed reflected denial of service attack related to another game's servers. Attacker sends request to those servers with fake source IP address (where the hell is IP spoof filtering when you need it...) and those servers respond back to us with much larger response, like 200 servers sending responses to us.

There are only 2 ways of stopping it: hardware firewall which might not even be that effective, or get tons of available bandwidth more than the attacker can flood. Or the attacker slips up and reveals their identity or we waste loads of time trying to contact these servers that are unintentionally flooding us and hope that they might be able to find the source, unless of course the IP address coming to them is spoofed. This wouldn't be a problem if every single ISP had egress filtering (stop fake packets leaving their network)

Link to comment
Cadu12 Road Dawg

Cadu12

Posted
Posted

Both, Flood can be DDOS. When i was playing in owls orange server (game mode race), a 5 memebers flood using binds, i got timed out.

For who connect without playing mta

use this 

  
function playerConnect (playerNick, playerIP, playerUsername, playerSerial, playerVersionNumber) 
    if playerNick and playerSerial then 
        outputServerLog(playerNick.." just connected to the server.") 
    else 
        outputServerLog("IP: "..playerIP.." > Warning: This IP is DDOS!") 
    end 
end 
addEventHandler ("onPlayerConnect", getRootElement(), playerConnect) 
 

More than 24 hours, you need check the logs, ctrl+F and find "Warning: This IP is DDOS!"

They add ban his ip

Link to comment
  • 2 weeks later...
Feche1320 Hustler

Feche1320

Posted
Posted
Both, Flood can be DDOS. When i was playing in owls orange server (game mode race), a 5 memebers flood using binds, i got timed out.

For who connect without playing mta

use this 

  
function playerConnect (playerNick, playerIP, playerUsername, playerSerial, playerVersionNumber) 
    if playerNick and playerSerial then 
        outputServerLog(playerNick.." just connected to the server.") 
    else 
        outputServerLog("IP: "..playerIP.." > Warning: This IP is DDOS!") 
    end 
end 
addEventHandler ("onPlayerConnect", getRootElement(), playerConnect) 
 

More than 24 hours, you need check the logs, ctrl+F and find "Warning: This IP is DDOS!"

They add ban his ip

Is this effective?

Link to comment
DakiLLa Hoodsta

DakiLLa

Posted
Posted
I don't think so, onPlayerJoin means a client that joined the game, a DDOS isn't a ingame attack and onPlayerJoin doesn't dettect it.

Look carefully, in that code there is 'onPlayerConnect'. Though I'm not actually sure, if 'onPlayerConnect' could solve the problem.

Link to comment
eAi Foot Soldier

eAi

Posted
Posted

Nothing can protect against DDOS except for just having enough capacity to deal with the traffic, as Arran says.

Any code you write in onPlayerConnect could actually just make things worse, as that has to be run for every joining players.

Link to comment
diegofkda Loc

diegofkda

Posted
Posted
I don't think so, onPlayerJoin means a client that joined the game, a DDOS isn't a ingame attack and onPlayerJoin doesn't dettect it.

Look carefully, in that code there is 'onPlayerConnect'. Though I'm not actually sure, if 'onPlayerConnect' could solve the problem.

Oh well, so it means onPlayerConnect, not when something connected to the server.

Also, will you be able to script an antiDDOS attack in lua when MTA Team can't (if I'm not wrong) make one in C++?

Link to comment
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...