BNLS needs a method to stop idiots..

Yegg · January 12, 2007, 02:07 PM

Quote from: dlStevens on January 12, 2007, 10:08 AM
Also, Why not add an unique token, the computer has to send to the BNLS server? each computer has to have their own individual token, if that token has say 8+ logins at the same time, then disallow anymore from that computer until a connection is dropped?

Like I said, if this were the case, a bot could be written to use proxies. All they'd have to do is run x amount of accounts per proxy, and BNLS wouldn't be able to do anything about it.

Dale · January 12, 2007, 04:06 PM

Quote from: Yegg on January 12, 2007, 02:07 PM
Quote from: dlStevens on January 12, 2007, 10:08 AM
Also, Why not add an unique token, the computer has to send to the BNLS server? each computer has to have their own individual token, if that token has say 8+ logins at the same time, then disallow anymore from that computer until a connection is dropped?

Like I said, if this were the case, a bot could be written to use proxies. All they'd have to do is run x amount of accounts per proxy, and BNLS wouldn't be able to do anything about it.

This has nothing to do with the connection, per-say.

I'm talking about you register a serial number with BNLS, and apon connecting, send the serial.

vuther.de · January 12, 2007, 04:38 PM

I know alot of flooders/loaders and almost all of them use port 1080 for their proxies.

Mystical · January 12, 2007, 04:57 PM

Quote from: inner.de on January 12, 2007, 04:38 PM
I know alot of flooders/loaders and almost all of them use port 1080 for their proxies.

1080 and 26662

Wolf · January 12, 2007, 05:22 PM

Wait a minute, thats just basic a Sock 4/5 connection routed through someones proxy server isn't it? These proxies that people log onto are just other peoples proxy servers left unsecure. I would imagine that the people who leave there servers like this open to the world don't even realize that others are massing with them. If they don't realize, then mostlikely the ports to connect to are at default (1080 and 26662) like what Mystical just said. So they can be anything, true, but the majority of the connections are on the 2 ports. If you blocked the 2, there is only a small handful of ports that people would leave open to the world that others would connect to, wouldn't it? If there were only a small handful, it doesn't correct massing completely but wouldn't it reduce it a whole lot?

shout · January 12, 2007, 05:28 PM

Just make it closed. That will force people to procure a way to log on locally, although the amount of people flooding the forum might be the same as the massloads...

l2k-Shadow · January 12, 2007, 05:45 PM

I hope you "block proxies" guys realize that ONLY YOU connect to the proxy on port 1080, the proxy connects to the destination server from a different local port, since 1080 is the listening port.

vuther.de · January 12, 2007, 05:54 PM

Just bring back the simple username/password logon, and monitor the users for any type of abuse of the service.

Mystical · January 12, 2007, 06:43 PM

Quote from: inner.de on January 12, 2007, 05:54 PM
Just bring back the simple username/password logon, and monitor the users for any type of abuse of the service.

Already Agreed.

Newby · January 12, 2007, 09:00 PM

Quote from: topaz on January 12, 2007, 08:53 AM
Useless. Proxies can use almost any available port (2^16 - 1) and aren't confined to just 1080 and 1050.

Cpt. Obvious plays WoW and gold farms.

UserLoser · January 12, 2007, 10:36 PM

Testing to see if the client is a proxy or not isn't practical. With the amount of connections that BNLS recieves per minute, it'd be just stupid to attempt a connection to each one on X port to see if it's a proxy. The BNLS server might as well just DDoS itself.

The easiest way to go about adding a "restriction" would be an algorithm calculating the amount of logon queries/cdkey encryption/connection attempts per bot id in Y amount of time resulting in a value determining or not if it's abusive.

l)ragon · January 13, 2007, 01:56 AM

Quote from: UserLoser on January 12, 2007, 10:36 PM
Testing to see if the client is a proxy or not isn't practical. With the amount of connections that BNLS recieves per minute, it'd be just stupid to attempt a connection to each one on X port to see if it's a proxy. The BNLS server might as well just DDoS itself.

The easiest way to go about adding a "restriction" would be an algorithm calculating the amount of logon queries/cdkey encryption/connection attempts per bot id in Y amount of time resulting in a value determining or not if it's abusive.

Something like that could work if the ip logging in goes passed 8 within a specified time frame, I know I hit bnls atleast 4 or 5 times times and they're probably only a few ms apart from eachother.

Dale · January 13, 2007, 11:06 AM

Quote from: UserLoser on January 12, 2007, 10:36 PM
Testing to see if the client is a proxy or not isn't practical. With the amount of connections that BNLS recieves per minute, it'd be just stupid to attempt a connection to each one on X port to see if it's a proxy. The BNLS server might as well just DDoS itself.

The easiest way to go about adding a "restriction" would be an algorithm calculating the amount of logon queries/cdkey encryption/connection attempts per bot id in Y amount of time resulting in a value determining or not if it's abusive.

Yes, Exactly what I was getting at.

Warrior · January 13, 2007, 11:23 AM

Quote from: Mystical on January 12, 2007, 06:43 PM
Quote from: inner.de on January 12, 2007, 05:54 PM
Just bring back the simple username/password logon, and monitor the users for any type of abuse of the service.

Already Agreed.

Because they arn't sent in PLAIN TEXT to BNLS right?

Dale · January 13, 2007, 11:54 AM

I'm not positive, but I'm almost sure that they aren't sent in plain text.

They're probably sent encrypted, or what not.

But still, you can monitor it...

BNLS needs a method to stop idiots..

shout

UserLoser