+ Post New Thread
Results 1 to 9 of 9
Coding Thread, Java Attacks Can I Reverse The Effect ? in Coding and Web Development; Hi. I have a game server which is written in Java. One problem, someone released a program which can be ...
  1. #1

    Join Date
    Nov 2007
    Posts
    51
    Thank Post
    8
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Exclamation Java Attacks Can I Reverse The Effect ?

    Hi. I have a game server which is written in Java.

    One problem, someone released a program which can be used on games like mine to crash them.

    Basically it logs in hundreds of accounts using the name SYIPkpker(random letter)

    This is getting really annoying as ive been attacked twice in the last 2 days so i was wondering is there a way i could make a If statement so if the name began with SYI it would block the connection and send it back ?

    P.S. Im quite new to java

    Thanks for your help

    Brendan

  2. #2

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,648
    Thank Post
    1,256
    Thanked 781 Times in 678 Posts
    Rep Power
    236
    Quote Originally Posted by Warren-Plus View Post
    i was wondering is there a way i could make a If statement so if the name began with SYI it would block the connection and send it back?
    I don't know the details of the software you are running, but it sounds like somewhere you should find a bit of code that reads in the username from the user (probably something reading a variable in from an HTML GET or POST request). You need to check this String to see if it begins with "SYI". You could use one of the methods of the String class to do this:

    String (Java 2 Platform SE v1.4.2)

    Or use regular expressions:

    Lesson: Regular Expressions (The Java™ Tutorials > Essential Classes)

    Is this your first go at programming? You might find it a little tricky to wade right in with trying to fix someone else's code, you might want to write a bit of your own code first to get the idea of what you're doing.

    --
    David Hicks

  3. #3

    Join Date
    Nov 2007
    Location
    Preston
    Posts
    98
    Thank Post
    2
    Thanked 4 Times in 4 Posts
    Rep Power
    14
    Id just drop the IP via a htaccess for iptables (if you have root). You could even filter GET/POST via htaccess.

  4. #4

    Join Date
    Nov 2007
    Posts
    51
    Thank Post
    8
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Umm thats all confusing to me.

    It is someone elses code but i have added things to it and edited others etc.

    Its basically just lots of .class files with a few other folders to store information on all characters.

    Its run using command prompt. A sample of the code can be downloaded here:

    http://www.brenzscape.co.uk/Server/client.java

    This is the main .class file in its Java form.

    Plz Help

    Thnx Brendan

  5. #5

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,648
    Thank Post
    1,256
    Thanked 781 Times in 678 Posts
    Rep Power
    236
    Quote Originally Posted by Warren-Plus View Post
    Umm thats all confusing to me.
    Well, yes, hence you need to go and learn more about games servers / general networking / Java / general programming! There's probably a forum somewhere dedicated to the piece of software you're using to run your server, would that have details of available patches or additions to the software? If not, you'll need to write one yourself.

    It is someone elses code but i have added things to it and edited others etc.
    Sounds like a good start, but you might find it beneficial to try creating a couple of your own simple programs so you get the ideas behind what you're doing.

    Its run using command prompt.
    Is this thing web-based? Does the program implement its own web server, or is it a servlet installed on a web server?

    --
    David Hicks

  6. #6

    Join Date
    Nov 2007
    Posts
    51
    Thank Post
    8
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Its just run from my home machine.

    Players access the game using our downloadable client or a webclient like the one on moparscape.org

    Brendan

  7. #7

    dhicks's Avatar
    Join Date
    Aug 2005
    Location
    Knightsbridge
    Posts
    5,648
    Thank Post
    1,256
    Thanked 781 Times in 678 Posts
    Rep Power
    236
    Quote Originally Posted by Warren-Plus View Post
    Its just run from my home machine.
    As its own web server, or as part of another web server?

    Players access the game using our downloadable client or a webclient like the one on moparscape.org
    If someone else has written a fix for the software you are using then you need to find it and install it - a dedicated forum will probably be the best place to find something like that. Otherwise, you need to write a fix yourself. If you don't know how to do this then you need to learn.

    --
    David Hicks

  8. #8

    Join Date
    Feb 2006
    Location
    Derbyshire
    Posts
    1,381
    Thank Post
    181
    Thanked 211 Times in 171 Posts
    Rep Power
    65
    Quote Originally Posted by Warren-Plus View Post
    If statement so if the name began with SYI it would block the connection and send it back ?
    Why would you send it back? That's similar to the old 'antispam' tools that claimed to be beneficial by bouncing back your spam. You just use more of your own bandwidth to do this - double that of what it would take to just detect the nickname and close the connection. This would be a lot more useful especially if you're hosting on a home connection.

    To patch it, if someone else hasn't already, you'd need to search the java code for the nickname registration section, add a string comparison to find the SYI starting point of the nickname and simply exit the routine cleanly.

  9. #9

    Join Date
    Nov 2007
    Location
    Preston
    Posts
    98
    Thank Post
    2
    Thanked 4 Times in 4 Posts
    Rep Power
    14
    If you can access apachce/IIS logs paste the "attackers" IP and GET requests.

    easy way to generate a htaccess for you: .HTACCESS IP, Referrer, and Hotlink Banning Generator

SHARE:
+ Post New Thread

Similar Threads

  1. [News] 'Sex pest' seal attacks penguin
    By ZeroHour in forum Jokes/Interweb Things
    Replies: 2
    Last Post: 2nd May 2008, 05:48 PM
  2. One quick trick prevents AutoRun attacks
    By ChrisP in forum Windows
    Replies: 0
    Last Post: 29th November 2007, 11:04 AM
  3. Funky desktop effect, how?
    By Dos_Box in forum Windows Vista
    Replies: 20
    Last Post: 13th February 2007, 12:51 PM
  4. Spam attacks
    By mark in forum *nix
    Replies: 5
    Last Post: 15th December 2006, 06:21 PM
  5. Phone effect in Audacity?
    By dagza in forum Educational Software
    Replies: 4
    Last Post: 3rd November 2005, 05:50 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •