search

TotalFreedom / TotalFreedomMod

A server modification for the TotalFreedom server
http://totalfreedom.me/
Other
44 stars 222 forks source link

Adjustable login delays #1974

Open StevenNL2000 opened 7 years ago

StevenNL2000 commented 7 years ago

Thread by @jjjaguar2000: http://totalfreedom.boards.net/thread/49769/solution-spambots-ban

The gist of the idea is that we add an artificial delay to the login process of players. The advantage of this over #1829 is that we don't have to block or rate limit anyone and force legitimate players to wait until they can click to join again. Instead, the only thing they will notice is that their client is taking a bit longer to connect to the server, while spambots (more accurately, joinbots) become unprofitable.

Here is the theoretical implementation I commented on the thread: A new asynchronous thread is generated for each server login, which means that using Thread.sleep() is safe if we want to delay things. In this case, we would delay the login process by calling that method from the AsyncPlayerPreLoginEvent. The appropriate delay can be calculated by storing the timestamp of the last login in a variable and subtracting the time difference from the threshold.

Wild1145 commented 7 years ago

It would however still lag the server to hell and back. Its not just the clients appearing in the map that slows the server down, its the hammering on the network. All we would be doing is making it even more difficult for legit players to connect because we'd be clogging network resources for longer than it already is.

StevenNL2000 commented 7 years ago

@Wild1145 I think we would need to profile that. To my knowledge, Minecraft's bandwidth usage is low enough that even Multiplay's network should be able to keep up as long as nobody is performing a DoS.

Wild1145 commented 7 years ago

@StevenNL2000 I might be wrong, I was under the impression that you could only have so many people trying to login at once, im not sure exactly where that limit is, but you do have it, as I've seen first hand while running the infrastructure for larger MC events .

StevenNL2000 commented 7 years ago

@Wild1145 There might be one further in the login process, but I didn't find such a thing studying the asynchronous part, where the players would be held in this implementation. I would link the code here since it's not very big, but nms is copyrighted; if anyone would like it, please PM me on the forums.