Jump to content

[Feature Ideas] for better End-User DDOS prevention and/or self moderation


Recommended Posts

First, the password feature for games to protect host IP addresses == winner.  From my perspective, DDOS has dropped off substantially and the person (whoever it is) doesn't do it as the entry point has been raised.  Many thanks to @Angen and whoever else implemented this.  You can see this feature's effectiveness by logging in late at night and, usually, mostly PW protected games are up.  Other games likely have been bumped.

 

Second, there are two additional features that would help augment the effectiveness of password protected games:

  • Private messages between users in the game lobby, and/or  (credit to @user1)
  • Allowing users to temporarily put the PW in the game name/title and make it disappear once a game is hosted.  (Someone mentioned this to me, forgot who)

 

Ideally, it would be best to allow for "private messages between users in the game lobby."  This would be an amazing feature.  Something like "/msg Obi, hi, pw is abracadabra".  This would allow for users to share passwords with specific users when requested.  The added benefit to this is that the community can somewhat self-moderate by not escalating DDOS issues to moderators.  Specifically, DDOS is hard to prove (can be proven currently with the PW) but most users cannot prove or show evidence of proving it.

To "allows users to temporality put the PW in the game name/title and make it disappear once a game is hosted" would dramatically help at the current state.  Specifically, to protect from DDOS currently games get hosted with titles such as "XYZ's game (TG)" where TG is the PW.  This protects the host's IP from the lobby.  However, this does not protect the game from DDOS as the DDOSer is able to join the hosted game to obtain the IP address.  Accordingly, after "XYZ's game (TG)" starts the game could be renamed to "XYZ's game" in lobby thereby removing the PW and making it not possible for the DDOS person to affect the hosting player.  I forgot who suggested this idea but it is, in my opinion, a good idea.  (Note:  You could have a checkbox for "Public PW Announcement" when entering game PW)

@aixo @Palaiogos  @letsplay0ad @PistolPete  @chrstgtr @badosu  @Cesar

Edited by Dizaka
  • Like 3
Link to post
Share on other sites
Posted (edited)
2 hours ago, nani said:

I like that a lot as a viable option. 

I like that because it redefines the term "password" to a more neutral tone of a "buddy game" and adds utility to an existing mechanic.  As a "Buddy Game" the icon, instead of a locked lock, could be 2 heads representing a "Buddy Game" and a Sword (or bow) for "Open Game."

 

Edit:  Thinking about it, I like this idea a lot.  Simple to the end user.  Doesn't use terminology that makes it seem "weird" (e.g., password protected).  "Password-protected" is weird in the sense that it functions like an added-in feature rather than a feature that was "naturally designed."  (idk how to explain it, it just makes more sense to make it "buddy games" and "public games" vs using terminology that is exclusive like "private").

Edited by Dizaka
  • Like 2
Link to post
Share on other sites

maybe I'm saying nonsense, but would it be possible to have an open game protected from dos by switching it to a password protected game automatically, before the match starts? I hope the game itself could do this automatically (but if the game crashes it should be possible to rejoin without ever having to know the password).

Link to post
Share on other sites
33 minutes ago, alre said:

maybe I'm saying nonsense, but would it be possible to have an open game protected from dos by switching it to a password protected game automatically, before the match starts? I hope the game itself could do this automatically (but if the game crashes it should be possible to rejoin without ever having to know the password).

The theory, as I understand it, is that someone is using a program to scan the games in the lobby, which provides the DDOSer with the host's IP. Once the DDOSer has a host's IP, he/she can make DDOS attacks. By protecting the game with a password, the scanning program cannot obtain the host's IP. So no what you propose is not possible. 

  • Like 1
  • Thanks 1
Link to post
Share on other sites

I have spotted a pattern, not sure if you have also observed this:

When I host a game with mostly pro players (>1400), DDOS is very frequent (about half or a third of the time).

When I play 1v1 DDOS rarely occurs, although it did happen a few times when I challenged pros. 

When I play a TG with all nubs (<1300) I have never experienced anything like DDOS, even if it is 4v4. 

Therefore the DDOSer could be targeting the good players only or games that contain many good players. 

The DDOSer uses fake IP addresses to flood routers with packets. When I tracked them down with Wireshark I found packets from many countries at the same time. Perhaps the DDOSer knows the IP of some unfortunate players and attack them whenever they are online. When I inspected the contents of the packet I found maths questions like calculating large numbers and Fourier Transform. 

  • Thanks 1
  • Sad 1
Link to post
Share on other sites
11 hours ago, Yekaterina said:

I have spotted a pattern, not sure if you have also observed this:

When I host a game with mostly pro players (>1400), DDOS is very frequent (about half or a third of the time).

When I play 1v1 DDOS rarely occurs, although it did happen a few times when I challenged pros. 

When I play a TG with all nubs (<1300) I have never experienced anything like DDOS, even if it is 4v4. 

Therefore the DDOSer could be targeting the good players only or games that contain many good players. 

The DDOSer uses fake IP addresses to flood routers with packets. When I tracked them down with Wireshark I found packets from many countries at the same time. Perhaps the DDOSer knows the IP of some unfortunate players and attack them whenever they are online. When I inspected the contents of the packet I found maths questions like calculating large numbers and Fourier Transform. 

Some people think that the IPs have been recorded from some previous time and are just being attacked. Some people have avoided this by getting new IPs. This makes sense why it would only happen to "good" players because those are typically the ones who have been playing since the problem began ~9ish months ago.

Some other people think it is someone with an axe to grind against certain known players. Maybe theories are abound about who that someone actually is. 

  • Like 1
Link to post
Share on other sites
17 minutes ago, chrstgtr said:

Some other people think it is someone with an axe to grind against certain known players. Maybe theories are abound about who that someone actually is. 

Yes, because I have no complaints about that from my regular players on my page.

 

The attacks seem to be only with a certain level of player, perhaps competitive.

 

And surely the trolls we  know , who obsess over those ranking  points.

  • Like 1
Link to post
Share on other sites
2 minutes ago, Yekaterina said:

How do you get a new IP? Please don't tell me VPN. ;)

 

 

You can ask your ISP to change it if you have a fixed one, some routers have mechanisms for that too. You could try shutting it down and restarting and see if that changes it.

Else VPN yeah. You can also probably play WAN using Hamachi and the direct conntect feature.

Link to post
Share on other sites

Most service providers do not give you a fixed IP address to get a different IP all you have to do is disconnect then reconnect you will get a new IP from the pool of IP addresses that your ISP is assigned.

Enjoy the Choice :)  

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...