[Freeciv-Dev] Re: DoS attack server with allowconnect (PR#1139)

[Reinier Post <rp@xxxxxxxxxx>]

On Fri, Dec 14, 2001 at 04:10:57PM +0100, Reinier Post wrote:
> On Fri, Dec 14, 2001 at 05:02:03AM -0800, schnetter@xxxxxxx wrote:
> > Full_Name: 
> > Version: 
> > Distribution: Don't know
> > Client: Both (or N/A)
> > OS: 
> > Submission from: (NULL) (217.224.164.57)
> > 
> > 
> > I have already reported bug#1103 (maxplayers abuse).
> > But civserver.freeciv.org port 5551 is still not reachable.
> > Server messages:
> > ...Sorry, no new players allowed in this game
> > or if you join with name "joker" (there is only 1 AI player)
> > ...Sorry, no observation of AI players in this game
> 
> Correct, I haven't reset any existing servers, I'll look at it in the evening
> if I have time.
> 
> > After a while i found the setting: allowconnect
> > You can DoS server with "set allowconnect" (without any value) - this will
> > disable access for everyone.
> 
> Ironic, considering that the allowconnect option was added precisely to
> keep abusers out - and it has never been used up to now.
> 
> I don't much feel like kludging up the code with patches just to prevent
> abuse - it seldom happens, so it's better to identify abusers and shut them 
> out.

What I did was add a command /fix that allows options to be fixed
at runtime.  This is experimental.  The nice thing is that things like
/set allowconnect, /set endyear and /set fogofwar can now be prevented,
but it may also introduce problems - you typically don't want someone
to type /fix timeout just before the game starts, for example.

See PR#1582 for the patch.

> The validmaxplayers patch is nice.  We can make another one to put 
> 'allowconnect'
> at HACK level, but this is alrready a kludge.  An alternative is to switch
> the public servers to 'cmdlevel first' mode of operation,
> where only one player has ctrl access at any time.

This is still a possible option.  The idea is that of an IRC channel,
where the first user to connect gets control.
 
> -- 
> Reinier

-- 
Reinier