How i can permanently ban someone by their ip from the server? [SOLVED]

Questions about the LÖVE API, installing LÖVE and other support related questions go here.
Forum rules
Before you make a thread asking for help, read this.
Darlex
Party member
Posts: 128
Joined: Sun Sep 24, 2017 10:02 am
Location: Chile
Contact:

Re: How i can permanently ban someone by their ip from the server? [SOLVED]

Post by Darlex »

grump wrote: Sun Mar 10, 2019 7:29 pm Also, since you seem to be worried about someone brute-forcing login passwords (at least that's my interpretation of "some kind of loop algorithm"): do not confirm/deny login requests right away. When the server receives a login request, let it sit idle and sleep for a little while before it sends its response. Like 1 to 3 seconds. This makes any attempt at brute-forcing passwords completely futile.

I have to agree with Hippyman though. Making a "massive online game" requires a lot of expertise and manpower, not to mention infrastructure, since "massive" implies the need for much more than a single server running Lua code on your home PC.
Technically im not going to host any server, i want to make a totally hackable server for the community, Look at all these Minecraft™ mods! Mojang™ is just offering the game and Microsoft™ invented Realms™ (but are expensive (compared to homemade) and Microsoft™ is just forcing everyone to use that (and bedrock™)). Millions of full modded servers to make everything more fun but where is the problem? The server itself, look at them, are expensive, uses a lot of internet and the client suffer the same pain as the server. But wait if.. I make a totally hackable server that uses his own easy-to-learn API, that can run in maximum graphics in a cellphone! or even a server! Maybe i sound crazy but if i make it, then making games and servers online will be a lot easier and comfy!

EDIT: wow is really late and i sound like some crazy inspirational business lizard-man or something lol
Hi! I wish you have an amazing day!
Darlex
Party member
Posts: 128
Joined: Sun Sep 24, 2017 10:02 am
Location: Chile
Contact:

Re: How i can permanently ban someone by their ip from the server? [SOLVED]

Post by Darlex »

ivan wrote: Mon Mar 11, 2019 12:51 pm
grump wrote: Sun Mar 10, 2019 7:29 pmWhen the server receives a login request, let it sit idle and sleep for a little while before it sends its response. Like 1 to 3 seconds. This makes any attempt at brute-forcing passwords completely futile.
Even if the response is delayed, somebody could still queue a lot of requests therefore the system would be vulnerable to brute force attacks.
A better approach is to store a timestamp of the "last login attempt" and ignore requests when the last login attempt was less than 5 seconds ago. So it's good to know the last login attempt per account.
This is just one part of the problem, a malicious script could try to login with different accounts at the same time, so you absolutely need to store the client's IP and ignore repeated requests coming from the same IP.
A good and secure login system is a big and difficult project and it's very easy to get it wrong. You really should use something established like oAuth if you can help it.
Yup, that would be a really good idea! Thanks
Hi! I wish you have an amazing day!
User avatar
zorg
Party member
Posts: 3468
Joined: Thu Dec 13, 2012 2:55 pm
Location: Absurdistan, Hungary
Contact:

Re: How i can permanently ban someone by their ip from the server? [SOLVED]

Post by zorg »

Darlex wrote: Wed Mar 13, 2019 2:29 am The entire purpose of banning via IP was trying to not save data in the client. People is really intelligent and love "exe" compression is weak so everyone with a minimum love/lua/coding knowledge can just bypass everything and destroy the servers making unhappy players. Unhappy players go to another games and that is how you lose players and the game goes out of "trendings". Sorry if i'm too analytic and soulless but is true :/
Yes, clients, whether löve or not, can be cracked... still, i feel like you haven't read past my first sentence though. :roll:

The gist of my post was that just using IP based bans can be easily circumvented as well. So to answer the topic itself, there's NO WAY to permaban someone by their ip, they will be circumvented.

So, what you could do, is to either use a UUID as well, in conjunction with IP addresses, or better yet, get the MAC address since that's way harder to spoof.

Edit: And now you're replying to grump that you want the server to be hackable?
...at this point, i don't even know what ideas you have about security to be honest.
Me and my stuff :3True Neutral Aspirant. Why, yes, i do indeed enjoy sarcastically correcting others when they make the most blatant of spelling mistakes. No bullying or trolling the innocent tho.
grump
Party member
Posts: 947
Joined: Sat Jul 22, 2017 7:43 pm

Re: How i can permanently ban someone by their ip from the server? [SOLVED]

Post by grump »

zorg wrote: Wed Mar 13, 2019 3:13 am Edit: And now you're replying to grump that you want the server to be hackable?
...at this point, i don't even know what ideas you have about security to be honest.
I'm pretty sure he's talking about the good kind of hacking, like mods, and not in the sense of cracking,
User avatar
pgimeno
Party member
Posts: 3674
Joined: Sun Oct 18, 2015 2:58 pm

Re: How i can permanently ban someone by their ip from the server? [SOLVED]

Post by pgimeno »

Darlex wrote: Wed Mar 13, 2019 2:44 am Technically im not going to host any server, i want to make a totally hackable server for the community, Look at all these Minecraft™ mods! Mojang™ is just offering the game and Microsoft™ invented Realms™ (but are expensive (compared to homemade) and Microsoft™ is just forcing everyone to use that (and bedrock™)). Millions of full modded servers to make everything more fun but where is the problem? The server itself, look at them, are expensive, uses a lot of internet and the client suffer the same pain as the server. But wait if.. I make a totally hackable server that uses his own easy-to-learn API, that can run in maximum graphics in a cellphone! or even a server! Maybe i sound crazy but if i make it, then making games and servers online will be a lot easier and comfy!
Um, have you tried Minetest? https://minetest.net/
Darlex
Party member
Posts: 128
Joined: Sun Sep 24, 2017 10:02 am
Location: Chile
Contact:

Re: How i can permanently ban someone by their ip from the server? [SOLVED]

Post by Darlex »

zorg wrote: Wed Mar 13, 2019 3:13 am
Darlex wrote: Wed Mar 13, 2019 2:29 am The entire purpose of banning via IP was trying to not save data in the client. People is really intelligent and love "exe" compression is weak so everyone with a minimum love/lua/coding knowledge can just bypass everything and destroy the servers making unhappy players. Unhappy players go to another games and that is how you lose players and the game goes out of "trendings". Sorry if i'm too analytic and soulless but is true :/
Yes, clients, whether löve or not, can be cracked... still, i feel like you haven't read past my first sentence though. :roll:

The gist of my post was that just using IP based bans can be easily circumvented as well. So to answer the topic itself, there's NO WAY to permaban someone by their ip, they will be circumvented.

So, what you could do, is to either use a UUID as well, in conjunction with IP addresses, or better yet, get the MAC address since that's way harder to spoof.

Edit: And now you're replying to grump that you want the server to be hackable?
...at this point, i don't even know what ideas you have about security to be honest.
I have a anti-hack system already done, Uses a lot of CPU when there is a lot of people connected but it is harder to hack. Client gives what keys are being pressed. Server gets its keys, calculates and throw x movement and y movement (or prime things like buying objects, hit damage, or bullets x,y movement (a game mechanic..) ) , everything (more complicated) else is calculated every 1 second passed and client pre-calculates that too making estimated x,y with the x,y movement of players on his area. when the data thrown comes to the client, the client update the everyone's data (in his area) and that's it!
Hi! I wish you have an amazing day!
Darlex
Party member
Posts: 128
Joined: Sun Sep 24, 2017 10:02 am
Location: Chile
Contact:

Re: How i can permanently ban someone by their ip from the server? [SOLVED]

Post by Darlex »

pgimeno wrote: Wed Mar 13, 2019 10:37 am
Darlex wrote: Wed Mar 13, 2019 2:44 am Technically im not going to host any server, i want to make a totally hackable server for the community, Look at all these Minecraft™ mods! Mojang™ is just offering the game and Microsoft™ invented Realms™ (but are expensive (compared to homemade) and Microsoft™ is just forcing everyone to use that (and bedrock™)). Millions of full modded servers to make everything more fun but where is the problem? The server itself, look at them, are expensive, uses a lot of internet and the client suffer the same pain as the server. But wait if.. I make a totally hackable server that uses his own easy-to-learn API, that can run in maximum graphics in a cellphone! or even a server! Maybe i sound crazy but if i make it, then making games and servers online will be a lot easier and comfy!
Um, have you tried Minetest? https://minetest.net/
The problem of that game is a lot of people look at him like a "weird minecarft rippoff" (I played it on my time and i liked it really much).
My game will be something else, like some weird game with his own personality.
Hi! I wish you have an amazing day!
Darlex
Party member
Posts: 128
Joined: Sun Sep 24, 2017 10:02 am
Location: Chile
Contact:

Re: How i can permanently ban someone by their ip from the server? [SOLVED]

Post by Darlex »

grump wrote: Wed Mar 13, 2019 5:00 am
zorg wrote: Wed Mar 13, 2019 3:13 am Edit: And now you're replying to grump that you want the server to be hackable?
...at this point, i don't even know what ideas you have about security to be honest.
I'm pretty sure he's talking about the good kind of hacking, like mods, and not in the sense of cracking,
Exactly, Graphical mods for clients (Like shaders and pretty cool stuff that people do with their games)
and Function mods for servers (Like PVP modes, and etcetera)
Hi! I wish you have an amazing day!
Post Reply

Who is online

Users browsing this forum: dusoft, Google [Bot] and 12 guests