Hey, a guy has been attacking my servers for 6 days straight now, thru what he says is a BYOND exploit using Export(). But not only has he been doing it to my game, but Heroes United as well.
He can crash any game using this exploit. It crashes instantly and he has it on a loop, as soon as the server comes back up, boom, down again. He doesn't need to be logged on to the game to do it.
Is there any process to get this guy in trouble? He has been crashing the main server 24 hours a day for 6 days now.
I may be able to get him to incriminate himself on my hub's forum. He loves to brag about it.
ID:960017
 Sep 2 2012, 9:00 am
|
|
|
Sep 2 2012, 9:09 am
|
|
Murrawhip
 |
Which game?
|
As soon as I say the entire BYOND community will cease to care but, Dragon Universe. http://www.byond.com/forum/Lizard_Sphere_X/1
| |
He's not exploiting anything. The owner of that game coded that in himself so that he could close down servers he doesn't want.
| |
I'm the owner of that game and that feature has long since been disabled. There is no longer any code defined for Export() or Topic(). He says he is doing it thru the recently added Flash integrated in BYOND. He is also doing it to the game Heroes United
| |
Post a bug report, and report the guy through the contact form. Perhaps log what's coming to the world through Topic so you can add to the bug report exactly what's crashing the world.
Heroes United also had the shutdown via Topic functionality, IIRC. | |
Ok I'll try logging it
| |
Nevermind, no point logging it. I asked the co-owner of the game who is more knowledgeable about it than me...And he says he reported it months ago, directly to Lummox.
So if it's not been fixed in that time span, no point in me reporting it again. Too bad he isn't crashing NEStalgia or something, then it would've been fixed a long time ago | |
Here's the thing, can you be sure that he's telling the truth and the exploit is a common one for the entire byond engine or that he's lying and using the fact that you aren't the original owner to mislead you?
Honestly if there was a simple exploit that could easily and consistently bring down byond servers, I think we'd see trolls using it against Nestalgia/SS13/Eternia. | |
I am the original owner. But no I can't be sure that he is lying. Also 90% of all BYOND trolls are on my game =P
Maybe I can provoke him into doing it on some other game as evidence. | |
Just log what's going to Topic. It's unlikely it will be fixed if Lummox/Tom can't reproduce it.
For all we know, your game could be crashing due to some other problem, and the guy's just taking credit for it. It happens often with anime games. | |
If you know the incoming IP, you could easily block it through a firewall, or even using Dream Daemon's banning stuff, even on a linux shell.
edit: world/Topic(T,Addr) for logging, or something. | |
Ok thanks SSX. Should have results in a few hours tops.
| |
He brought down the entire shell server before I could get any results. This is gonna take a while. Tech support is slow.
My game that usually has 150 players a day now has 0 | |
That seems more like a DDOS attack than anything to me.
| |
Super Saiyan X wrote:
If you know the incoming IP, you could easily block it through a firewall, or even using Dream Daemon's banning stuff, even on a linux shell. > world/Topic(T,Addr) for logging, or something. Dream Daemons banning system isn't strong enough. He managed to get around it using an alt account. Does it auto update to include alternate nicknames that he may come up with. | |
Dream Daemon's bans, if sticky, ban IP addresses, and computer ID. Dream Daemon now also is supposed to stop connections from proxies as well.
| |
Don't ban him, I want to see some logs of what's going on here.
Sounds more like a DDOS than an exploit. | |
It looks like a DDOS attack, since my internet effectively dies when he does it. either way, the entire list of games on the page have been attacked and are going down.
| |
We've been given no evidence to suggest it's DDoS. It could be anything. Without seeing server logs it's pointless to randomly guess like that.
Give a competent person access to your server and they will probably be able to determine what's up. | |