[1-12-2008] Player Protection against DDoS / Flood / Nuke attack

[Nottinghster]

Player don't lose level and skills

 

[LucasFerraz]

This guide to install do not work with 0.4

 

[adriez]

tfs 0.4 ???

-- This code is free to use and modify. Credits go to Proglin --

Problem: your server is constantly under DDoS / Flood / Nuke attack and players are dying.

One possible solution: when player dies try to reach a computer outside to see if your server connection is ok.

Comments: I have developed this solution because my server in constantly under DDoS attack. I used SVN revision from begining of December, but you can use this code as base to your personal necessity.


Modifications:

@ game.cpp

After:

#include "talkaction.h"
#include "spells.h"
#include "configmanager.h"

Add:

#include "tools.h"

After:

Game::Game()
{

Add:

    #ifdef __UCB_DDOS_PROTECTION__
    connectionTestFalseValidUntil = std::time(NULL) + 2*60; //Ignore verification in first 2 minutes
       connectionTestTrueValidUntil = connectionTestFalseValidUntil;
    connectionTestOk = true;
    #endif

At botton add:

#ifdef __UCB_DDOS_PROTECTION__
bool Game::isOutSideWorldResponding(){
    uint32_t now = std::time(NULL);
    if( !connectionTestOk ){
        if( now > connectionTestFalseValidUntil ){
            //Redo test
            connectionTestOk = isWorldReachable();
            connectionTestFalseValidUntil = now + 60; //False result is valid for 60 seconds
        }
    } else {
        if( now > connectionTestTrueValidUntil ){
            //Redo test
            connectionTestOk = isWorldReachable();
            connectionTestTrueValidUntil = now + 10; //Ok result is valid for 10 secongs
        }
    }
    return connectionTestOk;
}
#endif

@ game.h

After:

    void internalCreatureChangeVisible(Creature* creature, bool visible);
    void changeLight(const Creature* creature);

#ifdef __SKULLSYSTEM__
    void changeSkull(Player* player, Skulls_t newSkull);
#endif

Add:

    #ifdef __UCB_DDOS_PROTECTION__
    bool isOutSideWorldResponding();
    #endif

After:

    uint32_t inFightTicks;
    uint32_t exhaustionTicks;
    uint32_t fightExhaustionTicks;

Add:

    #ifdef __UCB_DDOS_PROTECTION__
    bool connectionTestOk;
       uint32_t connectionTestTrueValidUntil;
       uint32_t connectionTestFalseValidUntil;
    #endif

@ tools.cpp

Add at bottom:

#ifdef __UCB_DDOS_PROTECTION__
bool isWorldReachable(){
    int32_t ret;
    #if defined __WINDOWS__   
    ret = system("ping -n 1 -w 500 google.com > NUL");
    #else
    ret = system("ping -q -c 1 -w 1 google.com > /dev/null");   
    #endif
    return (ret == 0);
}
#endif

@ tools.h

Add at bottom:

#ifdef __UCB_DDOS_PROTECTION__
bool isWorldReachable();
#endif

@ player.cpp
Change this line:

if(skillLoss){

To:

#ifdef __UCB_DDOS_PROTECTION__
if(skillLoss && g_game.isOutSideWorldResponding()){
#else
if(skillLoss){
#endif

Chage this other line:

experience -= getLostExperience();

To:

#ifdef __UCB_DDOS_PROTECTION__
if( g_game.isOutSideWorldResponding() ){
     experience -= getLostExperience();
}
#else
experience -= getLostExperience();
#endif

Now rebuild all and test (remeber to use flag: -D__UCB_DDOS_PROTECTION__

Note: you can change the part "google.com" for anyone that you think is better. For test if this is ok, change this part to a site that you know that is not responding and kill youself in server. If it works ok you will go to temple with full life.

Have new year

Later I could improve this code.

Have FUN

-- This code is free to use and modify. Credits go to Proglin --


Rep++ ME!