Java Attacks Can I Reverse The Effect ?

[Warren-Plus]

Hi. I have a game server which is written in Java.

One problem, someone released a program which can be used on games like mine to crash them.

Basically it logs in hundreds of accounts using the name SYIPkpker(random letter)

This is getting really annoying as ive been attacked twice in the last 2 days so i was wondering is there a way i could make a If statement so if the name began with SYI it would block the connection and send it back ?

P.S. Im quite new to java

Thanks for your help

Brendan

[dhicks]

Quote:

Originally Posted by Warren-Plus

i was wondering is there a way i could make a If statement so if the name began with SYI it would block the connection and send it back?

I don't know the details of the software you are running, but it sounds like somewhere you should find a bit of code that reads in the username from the user (probably something reading a variable in from an HTML GET or POST request). You need to check this String to see if it begins with "SYI". You could use one of the methods of the String class to do this:

String (Java 2 Platform SE v1.4.2)

Or use regular expressions:

Lesson: Regular Expressions (The Java™ Tutorials > Essential Classes)

Is this your first go at programming? You might find it a little tricky to wade right in with trying to fix someone else's code, you might want to write a bit of your own code first to get the idea of what you're doing.

--
David Hicks

[el8linuxel8]

Id just drop the IP via a htaccess for iptables (if you have root). You could even filter GET/POST via htaccess.

[Warren-Plus]

Umm thats all confusing to me.

It is someone elses code but i have added things to it and edited others etc.

Its basically just lots of .class files with a few other folders to store information on all characters.

Its run using command prompt. A sample of the code can be downloaded here:

http://www.brenzscape.co.uk/Server/client.java

This is the main .class file in its Java form.

Plz Help

Thnx Brendan

[dhicks]

Quote:

Originally Posted by Warren-Plus

Umm thats all confusing to me.

Well, yes, hence you need to go and learn more about games servers / general networking / Java / general programming! There's probably a forum somewhere dedicated to the piece of software you're using to run your server, would that have details of available patches or additions to the software? If not, you'll need to write one yourself.

Quote:

It is someone elses code but i have added things to it and edited others etc.

Sounds like a good start, but you might find it beneficial to try creating a couple of your own simple programs so you get the ideas behind what you're doing.

Quote:

Its run using command prompt.

Is this thing web-based? Does the program implement its own web server, or is it a servlet installed on a web server?

--
David Hicks

[Warren-Plus]

Its just run from my home machine.

Players access the game using our downloadable client or a webclient like the one on moparscape.org

Brendan

[dhicks]

Quote:

Originally Posted by Warren-Plus

Its just run from my home machine.

As its own web server, or as part of another web server?

Quote:

Players access the game using our downloadable client or a webclient like the one on moparscape.org

If someone else has written a fix for the software you are using then you need to find it and install it - a dedicated forum will probably be the best place to find something like that. Otherwise, you need to write a fix yourself. If you don't know how to do this then you need to learn.

--
David Hicks

[OutToLunch]

Quote:

Originally Posted by Warren-Plus

If statement so if the name began with SYI it would block the connection and send it back ?

Why would you send it back? That's similar to the old 'antispam' tools that claimed to be beneficial by bouncing back your spam. You just use more of your own bandwidth to do this - double that of what it would take to just detect the nickname and close the connection. This would be a lot more useful especially if you're hosting on a home connection.

To patch it, if someone else hasn't already, you'd need to search the java code for the nickname registration section, add a string comparison to find the SYI starting point of the nickname and simply exit the routine cleanly.

[el8linuxel8]

If you can access apachce/IIS logs paste the "attackers" IP and GET requests.

easy way to generate a htaccess for you: .HTACCESS IP, Referrer, and Hotlink Banning Generator