Server Update for <unknown> type spam messages

Need help seting up a server, or have a question on how to run one? This is the place.
Post Reply
User avatar
JeffM
Staff Sergeant
Staff Sergeant
Posts: 5173
Joined: Fri Dec 13, 2002 4:11 am
Location: https://discord.gg/NN9uAvx
Contact:

Server Update for <unknown> type spam messages

Post by JeffM » Thu Dec 21, 2006 12:53 am

Sometime this afternoon an individual began using a script to connect to large groups of servers with the express intent of spreading annoying and vulgar messages ( spam ) in a vain attempt to ruin the game for as many people as he could.

He is exploiting a bug in bzfs that accepts a chat message before a full connection is finished. This happens before any ban or other security blocking code.

We have fixed the bug in bzfs in our SNV branch for 2.0.x. We highly recommend that all server owners upgrade to the current version of bzfs via the SVNsystem. Instructions on how to access SVN are on the http://my.bzflag.org/w/BZFlag_SVN page.

The fix will kick anyone who sends a message that is unexpected. This should not affect normal clients, bzadmin, or stat sites at all.

We know exactly who has done this, and no there is no real way to ban them. They are heavily using proxy servers(the TOR network ) and dynamic IP addresses. So please don't comment on that aspect.

Thank you.

User avatar
JeffM
Staff Sergeant
Staff Sergeant
Posts: 5173
Joined: Fri Dec 13, 2002 4:11 am
Location: https://discord.gg/NN9uAvx
Contact:

Post by JeffM » Mon Apr 16, 2007 3:19 am

Just so everyone knows, this guy is going around again. If your server is getting hit you need to upgrade your server to the current 2.0.9 version from SubVersion.

Optionally you can also install the Torblock plug-in to block any person from the tor proxy network the attacker is using. There is no legitimate reason for a player to use TOR to play ( It is TCP only and too slow to play ).

The upgrade will prevent the current spam. The TorBlock is an added measure to prevent future abuse via the tor network.

Post Reply