search

rbxb / place

a clone of r/place
GNU General Public License v3.0
84 stars 61 forks source link

Security question #16

Closed ghost closed 1 year ago

ghost commented 1 year ago

Hello, I have been editing place.js and main.js to put some custom commands I wanted to make to show cords etc... so I also wanted to add manutention/moderation commands to whitewash something fast, but when I was editing the code I was wondering if the place has security to prevent people from hacking etc... I just want to know if the place code is secure.

rbxb commented 1 year ago

I found that the easiest way to clean up the canvas is to just stop the server and edit place.png using an image editor.

There is no security. It is extremely easy to make a bot to draw images on the canvas.

ghost commented 1 year ago

I found that the easiest way to clean up the canvas is to just stop the server and edit place.png using an image editor.

There is no security. It is extremely easy to make a bot to draw images on the canvas.

Oh I didn't think of that thanks, but I don't want bots drawing things in my place, will a CAPTCHA fix that? Thanks.

rbxb commented 1 year ago

I use Cloudflare (free tier) which gives you a captcha. It doesn't entirely prevent bots but it raises the barrier enough that most people are too lazy to try. Cloudflare also allows you to block IPs.

I found that the most effective solution to prevent bots is to shut off the server for a few hours whenever you see someone using a bot. That usually takes the fun out of it for them.

I also recommend having some way to easily roll back place.png. I have a script that runs automatically every 24 hours that makes a copy of place.png and another script that I can manually run that restarts the server with the old copy of place.png. It's also a good idea to restart the server occasionally to kill any lingering connections.

This runs automatically once every 24 hours:

cd ~/go/src/github.com/rbxb/place/web

# shut down the server
pkill place

# make a copy of place.png
cp place.png place_rollback.png

# restart the server
~/go/bin/place -port :2052 -load place.png &>place.log &

I manually run this when I want to roll back the canvas

cd ~/go/src/github.com/rbxb/place/web

# shut down the server
pkill place

# switch out the current canvas for the copy
cp place_rollback.png place.png

# restart the server
~/go/bin/place -port :2052 -load place.png &>place.log &
ghost commented 1 year ago

Thank you, I will keep that in consideration to make my own place.