Thread: Discussion regarding the prevention of Bot Flooding, Bruteforcing & Hacking on RSPS

Page 2 of 2 FirstFirst 12
Results 11 to 11 of 11
  1. #11  
    Respected Member

    Kris's Avatar
    Join Date
    Jun 2016
    Thanks given
    Thanks received
    Rep Power
    Quote Originally Posted by jet kai View Post
    I was thinking about this for a little but, I assume servers that fell victim to this may have a backup mirror of the full cache (for when it's being JS5 Flooded) and act like those old Cache Downloaders that everyone used to use.
    An awful "fix", but at least it'll offer some kind of backup solution for servers @ launch.
    No, they just fix their crap JS5 code.

    Start off by getting a 500mbps+ network dedi for your server. Personally wouldn't go below that if you're expecting the server to reach hundreds of players. Limit connections per IP, limit requests per file group. Block off invalid cache indexes(as of revision 178, there's only one - index 16, previous world map). The latter is a huge worrying point - you don't really want to release your server with a cache from before that. A single group in index 16 is over ten megabytes. That is such a weak point that anyone could take the JS5 down relatively easily by targeting that specific group. All it requires is for you to send a request thats a couple bytes, and the server is forced to reply to that with the aforementioned ten megabytes. With enough proxies, you can always take it down, even if the dedi has 10gbps network.
    As long as index 16 isn't in the picture anymore, everything becomes a lot more clear. The biggest group then is one of the models, with just tens of kilobytes if I recall correctly. That is significantly harder to abuse to bring the whole network down.
    It is also important to spread out the JS5 requests, don't send the whole cache to a single user all at once, throttle it so everyone gets the cache at relatively the same speed. The way I did it iirc was by only processing 100-200 requests per 100ms per IP.

    I highly suggest anyone who plans on releasing their server to get another dedi/vps, this one only needs good networking, nothing else. Disable most of your security on your game server, anything extra you got, get rid of it. Then attack your server with the newly bought dedi in the worst way you can think of. If you're the one who added all the JS5 restrictions, you're the one who knows how to best attack the JS5, where each limit sits at. You're then able to optimize your flooding to the absolute worst. Attack your own server, if it can withhold that without issues, you shouldn't need to worry about it anymore.

    I don't remember exactly what precautions I added on Zenyte for the JS5 there, however I do know that no one has ever breached it or managed to take it down. The JS5 there is on the same dedi as the game itself. It managed to feed the cache to hundreds of players fast enough to where over four hundred were online in just a couple minutes. I personally did all the math to figure out the worst-case scenario, how much bandwidth we would need to not have to worry about anything, and then I doubled that just to be safe.
    Reply With Quote  

Page 2 of 2 FirstFirst 12

Thread Information
Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

User Tag List

Similar Threads

  1. Replies: 1
    Last Post: 04-09-2014, 06:41 AM
  2. Regarding the sticky of introduction section.
    By ZammyPk25 in forum Suggestions
    Replies: 3
    Last Post: 02-03-2011, 05:26 PM
  3. Regarding the loss of my derep
    By SWAT in forum Forum Related Help
    Replies: 6
    Last Post: 06-12-2010, 07:14 PM
  4. Regarding the loss of my derep
    By Scu11 in forum Forum Related Help
    Replies: 26
    Last Post: 06-12-2010, 06:36 PM
  5. Regarding the loss of my banned status
    By ZammyPk25 in forum Forum Related Help
    Replies: 1
    Last Post: 06-10-2010, 06:37 PM
Tags for this Thread

View Tag Cloud

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts