Closed 10maurycy10 closed 2 years ago
Why would the current ip limit code caps total connections to the game to be 6 people instead of per ip? Weird Was this an issue after the current update or was it always a bug and I just never noticed
reachedIpLimit:function (ips, ip, limit) {
let count = 0;
for (let i = 0; i < ips.length; i++) {
if (ip === ips[i]) {
count++;
if (count >= limit) {
return true;
}
}
}
return count >= limit;
}```
@ZeroTixDev The bug is new, previosly, I was able to create hundreds of simultanios connections.
Fixed. (However you can still technically spoof x-forwarded-for but at least the IP limit works as intended when you don't try to spoof)
The current IP limit code caps total connections to 6, not connections/ip.
This allows a trival complete denial of service attack with minimal resources.
There, I dropped the code.