search

DevotedMC / NameLayer

A Citadel reinforcement group manager. Allows the creation of groups in Minecraft. Built for Spigot 1.14.4
https://build.devotedmc.com/job/Namelayer-master/
BSD 3-Clause "New" or "Revised" License
3 stars 8 forks source link

Command 'nlmp' can lag a server. #33

Closed ribagi closed 5 years ago

ribagi commented 5 years ago

The command 'nlmp' causes a large amount of lag when moderately spammed.

ProgrammerDan commented 5 years ago

Ty, will look into it. Would a simple rate limiter be OK or more complex lockdown?

On Sat, Jan 26, 2019, 18:12 ribagi notifications@github.com wrote:

The command 'nlmp' causes a large amount of lag when moderately spammed.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/DevotedMC/NameLayer/issues/33, or mute the thread https://github.com/notifications/unsubscribe-auth/AAY-jneBmWFhbA8uHcwcYLDPkYAvD3Obks5vHODtgaJpZM4aUcCh .

ribagi commented 5 years ago

A rate limiter can work (Would stop a DOSs), can it be done on a global level? The only thing is a single use of the command does do some lag on the server.

ProgrammerDan commented 5 years ago

Yeah, gotcha. Should be doable. You are using latest from this repo or do you need me to merge in anything from classic fork?

On Jan 26, 2019 19:12, "ribagi" notifications@github.com wrote:

A rate limiter can work (Would stop a DOSs), can it be done on a global level? The only thing is a single use of the command does do some lag on the server.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/DevotedMC/NameLayer/issues/33#issuecomment-457877480, or mute the thread https://github.com/notifications/unsubscribe-auth/AAY-jgk_3hWU0oq-hhs7Dmzns8n3eoh0ks5vHO7fgaJpZM4aUcCh .

ribagi commented 5 years ago

We are forking off this Devoted's branch, from the commit 92e006b. But I dont think it would matter.

ProgrammerDan commented 5 years ago

working on it here: https://github.com/DevotedMC/NameLayer/tree/1.12-feature-ratelimit

haven't tested yet, but basic idea is there.

Not sure exactly how exploited but noticed it was trivially exploitable via both tab complete and actual command issue, so rate limiter applied to both

ProgrammerDan commented 5 years ago

@Maxopoly read some of your comments on the reddit thread related to the abusers. Thoughts on this approach -- seems like it might be too simple to deal with the intentional abuse per the abusers.

I had a thought to allow caching of replies for the tab complete, and for the actual command execution, could do an exponential decay function (delay lengthens the more often you use it).

ribagi commented 5 years ago

@ProgrammerDan Thanks dan. It would make sense that the tab complete is doing fun things as the PermissionsById size is over 3 million.

ProgrammerDan commented 5 years ago

Might be best to test this out before merging into live server. Let me know if anything comes up during test, I'm working on NL 1.13 tonight but will get back to this either later tonight or tomorrow.