-
-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes to block bot attacks #516
Comments
Funny thing. I had this discussion multiple times and people don't seem to understand the origin of this problem.
FastLogin already has this check. See this: FastLogin/bungee/src/main/java/com/github/games647/fastlogin/bungee/listener/ConnectListener.java Line 112 in 7192dcd
FastLogin has to do the check on the PreLogin event, because this is where the onlinemode decision is made. Source of this issue:TL;DR If your anti-bot plugin peforms the check asynchronous, then the event listener of other plugins including FastLogin will fire while the check is performed. Try to think about a parallel program flows. At this time the event isn't cancelled, because the check is still performed (like a HTTP api check). This means the Solutions:Often also suggested in other threads:
FastLogin specific
Side-NotePlease use the search functionality first. The issue came up multiple times and all should be linked together. |
Sorry if I sounded a bit harsh. I don't know if you have any technical knowledge about this situation. Basically the source is the parallel program flow. FastLogin can't see the result of the AntiBot plugin if the check is still performed. If you or any other have any questions, feel free to ask. Maybe I could describe it in a non-technical way. |
Taking the OP of your linked post. There is still no public available API of |
Despite not having technical knowledge, I fully understand the reason after your explanation, thanks for your patience.
I will show him this discussion and maybe it can be solved through the botsentry plugin |
Hello, I am the developer of BotSentry and I have read through this issue. This is the second time we have noticed problems with FastLogin. This issue will also be fixed by using the FastLogin API for our BungeeCord (and forks) system. Also, we do have a public API. More information about the problem or a better solution can be reported at: |
@Laurenshup Ok sorry I missed it, my fault; I only took peak look and tried to use search. However there are a few things that should be addressed. There seems to be no way to query the result of a currently connecting player (Event or Method like
Thank for looking into it and integrating support into your plugin. |
@games647 Since we are an AntiBot we have to make sure the server can handle everything. That is also why we are currently having no event related to connecting. If needed, I can try to implement it in any way that is possible. If any new feature is needed into the API, I will be happy to add it to the newest version. As stated before, BotSentry is already integrated with FastLogin in Spigot. I do not see the need of FastLogin also integrating into BotSentry. |
Because of the event overhead? Then you could create a custom event with a simple java interface listener this way there no really overhead.
Yes I noticed that, but does it make a new request while you are making a check at the same time? It indicates that you would make another request.
Just giving feedback at this point. In case for other plugins. |
|
@Laurenshup This is likely not the best solution or at least your API still has no way for plugins to check the check result during login. I'm closing it in favor of the mentioned ticket. |
Is your feature request related to a problem? Please describe.
Every time I get a bot attack my anti-bot system blocks the bot's entry but FastLogin performs the check anyway
Describe the solution you'd like
I believe that the implementation of these changes would solve my problem:
https://spigotmc.org/threads/formal-petition-to-all-bungeecord-plugin-developers.393041
Describe alternatives you've considered
We have two options:
With this code, you will be cancelling your plugin checks, if an AntiBot plugin has kicked the player. This way, bot-attacks won't crash the server due to your bungeecord plugin.
LoginEvent
instead of thePreLoginEvent
Additional context
Log of the Bots that are trying to access my server but blocked by the anti-bot system:
The text was updated successfully, but these errors were encountered: