Map Database  •  FAQ  •  RSS  •  Login

Spamming private chat for a player to time out (exploit)

<<

Omnix

Post 01 Dec 2014, 00:31

Spamming private chat for a player to time out (exploit)

I don't know if this is the right place to talk about this but i found a very bad way to exploit chat to timeout players.

So recently i've been playing 2v2v2v2 and one of the players called "tyz" after many insults started spamming the hell out of my private chat.
The game couldnt handle such spam and froze resulting in me being kicked out for a timeout.

So my question is to at least place an "ignore player" option for the chat if that's possible. (maybe i just dont know there is one so plz direct me to it :P)
I also know that changing a nickname is pretty easy in this game so mayby consider bringing in IP indicator or some sort of player tag to prevent people from being incognito after such things...

I'm sorry i didn't take any pictures but i had no time to turn fraps on becouse the game froze pretty quick and i couln't even alt+tab.

Also please keep an eye for a player called "tyz" since he's a very "dirty" player so to speak.

Sorry for eventual mistakes in typing.
<<

Krom

User avatar

Knights Province Developer

Posts: 3280

Joined: 09 May 2006, 22:00

KaM Skill Level: Fair

Location: Russia

Post 01 Dec 2014, 05:09

Re: Spamming private chat for a player to time out (exploit)

Maybe we can add a cooldown period between player sending messages. That was used in World Racing 2 multiplayer. Cooldown was ~2sec there. What do you think about 2 sec between being able to send a new message?
Knights Province at: http://www.knightsprovince.com
KaM Remake at: http://www.kamremake.com
Original MBWR/WR2/AFC/FVR tools at: http://krom.reveur.de
<<

Lewin

User avatar

KaM Remake Developer

Posts: 3822

Joined: 16 Sep 2007, 22:00

KaM Skill Level: Skilled

ICQ: 269127056

Website: http://lewin.hodgman.id.au

Yahoo Messenger: lewinlewinhodgman

Location: Australia

Post 01 Dec 2014, 07:13

Re: Spamming private chat for a player to time out (exploit)

Thanks for reporting this Omnix.
Maybe we can add a cooldown period between player sending messages. That was used in World Racing 2 multiplayer. Cooldown was ~2sec there. What do you think about 2 sec between being able to send a new message?
A 2 second cooldown could be irritating if you send a message to correct or add something to your previous message (or very short messages like "hi lewin" can be typed in < 2 seconds). I think a 500ms cooldown would be fine, since we limit chat messages to 256 characters so that means at most someone could spam you with about 1 KB/sec (2 bytes per character) of chat data, which is very little (IIRC the game uses around 10 KB/sec while playing, depending on game speed and player count). A cooldown like this is a very simple change so I'm prepared to implement it for the upcoming release even though we're close to the release date.

Of course, a cooldown doesn't solve players annoying you by spamming your chat so you get a constant annoying noise and miss important messages from other players, so we might want to add a "mute" ability later. But if they can't freeze your game or cause you to timeout that's the most important thing.
<<

Krom

User avatar

Knights Province Developer

Posts: 3280

Joined: 09 May 2006, 22:00

KaM Skill Level: Fair

Location: Russia

Post 01 Dec 2014, 07:39

Re: Spamming private chat for a player to time out (exploit)

Cooldown wont be so annoying, we should test it with 500-1500ms.

Amount of data is not that big of a deal, separate packets are. We know transfer can handle 1mb of map being sent between players, but sending 20+ packets a second could be troublesome. Also, malicious players might use some sort of automation tools alike AutoIt to send 100+ messages per second from GUI.
Knights Province at: http://www.knightsprovince.com
KaM Remake at: http://www.kamremake.com
Original MBWR/WR2/AFC/FVR tools at: http://krom.reveur.de
<<

Esthlos

User avatar

Knight

Posts: 676

Joined: 23 Jun 2013, 16:02

KaM Skill Level: Beginner

Post 01 Dec 2014, 08:38

Re: Spamming private chat for a player to time out (exploit)

Can the cooldown be made scaling, maybe?

If you sent only one message, there is no cooldown.
If you already sent two, there is 500 ms cooldown before sending the third.
If you already sent three, the cooldown is 1000 ms.
And so on up to... 2 seconds, maybe?
Then this scaling count resets after 2 seconds of not trying to send messages, or when you receive a message from another player.
  Code:
//global variables var iChatCount: Integer; var LastChatTime: //Not sure what type should be used to store a time //while trying to send messages, the cooldown is ChatCoolDown := (iChatCount-1)*500; //ms if ChatCoolDown < 0 then ChatCoolDown := 0; //other code //in the code that sends the message if iChatCount < 5 then iChatCount := iChatCount+1; if //Current time//-LastChatTime > 2000 then iChatCount := 0; //ms LastChatTime := //current time //while receiving a message iChatCount := 0;
This way corrections, the occasional fast message or fast exchanges of short messages shouldn't get affected by this, while a single player spamming would.

What do you think? Is this too complex to be worth it?
Just when you think you know something, you have to look at it in another way, even though it may seem silly or wrong. You must try! - John Keating, "Dead Poets Society"
<<

Krom

User avatar

Knights Province Developer

Posts: 3280

Joined: 09 May 2006, 22:00

KaM Skill Level: Fair

Location: Russia

Post 01 Dec 2014, 09:20

Re: Spamming private chat for a player to time out (exploit)

This is too complex solution, bloating the code and penalizing short messages that might occur in the chat. Another downside is the complexity of UI - simple 0.5sec rule is easy to grasp, but the scaling rule is more complicated to a player and will annoy with it's seeming unpredictability.

Best solution is K.I.S.S. (http://en.wikipedia.org/wiki/KISS_principle)
Knights Province at: http://www.knightsprovince.com
KaM Remake at: http://www.kamremake.com
Original MBWR/WR2/AFC/FVR tools at: http://krom.reveur.de
<<

Esthlos

User avatar

Knight

Posts: 676

Joined: 23 Jun 2013, 16:02

KaM Skill Level: Beginner

Post 01 Dec 2014, 09:26

Re: Spamming private chat for a player to time out (exploit)

This is too complex solution
Ok.
penalizing short messages that might occur in the chat.
How? (?)
Just when you think you know something, you have to look at it in another way, even though it may seem silly or wrong. You must try! - John Keating, "Dead Poets Society"
<<

Lewin

User avatar

KaM Remake Developer

Posts: 3822

Joined: 16 Sep 2007, 22:00

KaM Skill Level: Skilled

ICQ: 269127056

Website: http://lewin.hodgman.id.au

Yahoo Messenger: lewinlewinhodgman

Location: Australia

Post 01 Dec 2014, 09:28

Re: Spamming private chat for a player to time out (exploit)

Cooldown wont be so annoying, we should test it with 500-1500ms.

Amount of data is not that big of a deal, separate packets are. We know transfer can handle 1mb of map being sent between players, but sending 20+ packets a second could be troublesome. Also, malicious players might use some sort of automation tools alike AutoIt to send 100+ messages per second from GUI.
I think 500ms is okay, I tested and found it didn't block me when making fast corrections/additions. Longer than 500ms could be annoying IMO. As for the number of packets, 500ms is 2 packets per second, so I don't think we should worry about that. When you play at x2 speed with 8 players you get 10*2*8 = 160 command packets per second. I think you're right, people who were abusing it were sending 100+ messages per second, so 2 messages per second is nothing ;)
<<

Krom

User avatar

Knights Province Developer

Posts: 3280

Joined: 09 May 2006, 22:00

KaM Skill Level: Fair

Location: Russia

Post 01 Dec 2014, 09:28

Re: Spamming private chat for a player to time out (exploit)

For example new player joins lobby, asks about team setup and smiles:

hi all!
4v4? *500ms
=) *1000ms ?
Knights Province at: http://www.knightsprovince.com
KaM Remake at: http://www.kamremake.com
Original MBWR/WR2/AFC/FVR tools at: http://krom.reveur.de
<<

Esthlos

User avatar

Knight

Posts: 676

Joined: 23 Jun 2013, 16:02

KaM Skill Level: Beginner

Post 01 Dec 2014, 09:36

Re: Spamming private chat for a player to time out (exploit)

For example new player joins lobby, asks about team setup and smiles:

hi all!
4v4? *500ms
=) *1000ms ?
Sorry, I still don't understand... he'd get the same cooldown that Lewin just tested, but only for the last message, and then at this point you can expect him to be waiting for an answer anyway (which would reset the counter)... (?)
Just when you think you know something, you have to look at it in another way, even though it may seem silly or wrong. You must try! - John Keating, "Dead Poets Society"
<<

pawel95

Castle Guard Swordsman

Posts: 1912

Joined: 03 Oct 2008, 22:00

KaM Skill Level: Skilled

Location: "Pawel95" on Youtube.com

Post 01 Dec 2014, 11:58

Re: Spamming private chat for a player to time out (exploit)

I already wrote many topics about it.

A simple MUTE BUTTON for every player and the problems are fixed. no spam, no insults: Happy Gaming.
<<

Krom

User avatar

Knights Province Developer

Posts: 3280

Joined: 09 May 2006, 22:00

KaM Skill Level: Fair

Location: Russia

Post 01 Dec 2014, 14:01

Re: Spamming private chat for a player to time out (exploit)

KaM Remake server is dumb, it can only re-transmit messages.
Mute button would work on "victims" client (just hiding messages from players sight) and thus - still receive all those spam messages and overload the channel and freeze the game.
Knights Province at: http://www.knightsprovince.com
KaM Remake at: http://www.kamremake.com
Original MBWR/WR2/AFC/FVR tools at: http://krom.reveur.de
<<

pawel95

Castle Guard Swordsman

Posts: 1912

Joined: 03 Oct 2008, 22:00

KaM Skill Level: Skilled

Location: "Pawel95" on Youtube.com

Post 01 Dec 2014, 18:05

Re: Spamming private chat for a player to time out (exploit)

Ok then I misunderstood the problem. However I´m still for an additional mute button before the next official release(if possible).
<<

Ben

User avatar

Former Site Admin

Posts: 3814

Joined: 08 Jan 2009, 23:00

Location: California - Pacific Time (UTC -8/-7 Summer Time)

Post 03 Dec 2014, 16:07

Re: Spamming private chat for a player to time out (exploit)

Please do NOT add a delay to chat. Delays feel like lag, and that's just annoying. Plus, I often add a line to my chat, and if I have to wait or-- the horror-- retype my message because it was within a delay, I'm going to go nuts when playing KaM Remake. How about a cooldown if you send 5 chats in rapid succession? This is common in everything: messengers, chats, games, etc.
I used to spam this forum so much...
<<

Lewin

User avatar

KaM Remake Developer

Posts: 3822

Joined: 16 Sep 2007, 22:00

KaM Skill Level: Skilled

ICQ: 269127056

Website: http://lewin.hodgman.id.au

Yahoo Messenger: lewinlewinhodgman

Location: Australia

Post 04 Dec 2014, 02:05

Re: Spamming private chat for a player to time out (exploit)

Please do NOT add a delay to chat. Delays feel like lag, and that's just annoying. Plus, I often add a line to my chat, and if I have to wait or-- the horror-- retype my message because it was within a delay, I'm going to go nuts when playing KaM Remake. How about a cooldown if you send 5 chats in rapid succession? This is common in everything: messengers, chats, games, etc.
We were never planning to add a delay, since a delay doesn't stop someone spamming. Instead we have added a 0.5 second cooldown after each chat message. I found this didn't cause any problems for me when sending short messages in quick succession (and I'm a fairly quick typer). You will never have to retype your message anyway, it simply blocks you sending (so the message stays there and can be sent by pressing enter again after the cooldown). As Krom said a cooldown after 5 rapid chat messages is complicated and less intuitive.

Return to “Bugs”

Who is online

Users browsing this forum: Google [Bot] and 7 guests