Thread: [Important] Protecting your server from WPE, packet abusers

What you are adding and how this will benefit your server

The code I'm providing you is a short snippet on how to prevent packet abusers from attacking your server. Why am I releasing this? Most packet abusers aren't looking to help an owner, that is why they are abusing it. So I'm going to step forward and help out a bit. This is important because using Winsock Packet Editor (A.K.A WPE), if done right can cause dupes onto your server, can crash your server, can be abused to change the abusers name to random letters making it near impossible to find him, and can end up making them invisible.

Now for the actual code

Packethandler.java

Look for

Code:

public static void processPacket

Replace that entire thing with this.

Code:

public static void processPacket(Client c, int packetType, int packetSize) {
        PacketType p = packetId[packetType];
        if(p != null && packetType > 0 && packetType < 257 && packetType == c.packetType && packetSize == c.packetSize) {
            if (Config.sendServerPackets && c.playerRights == 3) {
                c.sendMessage("PacketType: " + packetType + ". PacketSize: " + packetSize + ".");
            }
            try {
                p.processPacket(c, packetType, packetSize);
            } catch(Exception e) {
                e.printStackTrace();
            }
        } else {
            c.disconnected = true;
            System.out.println(c.playerName + "is sending invalid PacketType: " + packetType + ". PacketSize: " + packetSize);
        }
    }

Now go to Config.java and add this line of code anywhere.

Code:

 public static boolean sendServerPackets = false;

The "sendServerPackets" in Config just check's what packets are currently being sent (if set to true), should only be used for testing purposes only.

Final notes

• There are SO much better ways of doing this, this is nowhere near close to how Jagex does it (no RSPS is) and I made this nearly a year ago. But from experience it's effective and will save you a lot of trouble.

• This packet abuse works on nearly 70-89% of Project Insanity servers, if you are unsure if it works on yours, add it anyway to ensure that your server is safe or up to date with the fix.

• Optionally you can automatically IPBan the user too by placing an alternative code above "disconnected = true;" (not recommended until you fix all unhandled packets, example is the Duel Arena ledge)

• If you know a better way of doing it, I can care less. Either release it, or stop posting the same stuff. This works. Thanks.