James Hancock
asked on
How do I stop hackers from flooding out my in-game-server?
Hi
If I make my game server in Java, with TCP/IP HELO, START and in-game messages, game runs in browser, javascript to my server,
what can I expect as the worst from the unavoidable hackers and miscreants? Floods..
DSS attacks. Are they detectable? Stoppable? Google suggested they are stoppable. I will be using a Godaddy professional private server.
Floods will be a certainty if my game escalates. It would suck, because there will be prizes in contention.
Do Blizzard and Microsoft weed these out? Is this how the old disconnect-hacks worked?
Thanks
If I make my game server in Java, with TCP/IP HELO, START and in-game messages, game runs in browser, javascript to my server,
what can I expect as the worst from the unavoidable hackers and miscreants? Floods..
DSS attacks. Are they detectable? Stoppable? Google suggested they are stoppable. I will be using a Godaddy professional private server.
Floods will be a certainty if my game escalates. It would suck, because there will be prizes in contention.
Do Blizzard and Microsoft weed these out? Is this how the old disconnect-hacks worked?
Thanks
You'll build in these design elements.
1) Each game must authenticate to the game server to get an authorization token to validate they can play.
2) The connection between each game client + game server will run over a TLS encrypted connection.
3) Likely you won't be able to use CloudFlare, because you'll be running on some other port besides 443 + running some game optimized protocol, rather than HTTPS. This means you'll likely build your own caching system into your game server.
4) In conjunction with your authentication in #1, likely best to have an iptables ipset hash of all IPs which have authenticated. Then only allow traffic to your game server from authenticated IPs. This means the default is all IPs begin as 100% blocked (all ports + protocols), then as authentication occurs, the authenticated IP is added to the ipset which is allowed game server access.
#4 handles the case of someone doing a DDOS attack against your specific game server active port(s), as the default will be to block all IPs initially.
1) Each game must authenticate to the game server to get an authorization token to validate they can play.
2) The connection between each game client + game server will run over a TLS encrypted connection.
3) Likely you won't be able to use CloudFlare, because you'll be running on some other port besides 443 + running some game optimized protocol, rather than HTTPS. This means you'll likely build your own caching system into your game server.
4) In conjunction with your authentication in #1, likely best to have an iptables ipset hash of all IPs which have authenticated. Then only allow traffic to your game server from authenticated IPs. This means the default is all IPs begin as 100% blocked (all ports + protocols), then as authentication occurs, the authenticated IP is added to the ipset which is allowed game server access.
#4 handles the case of someone doing a DDOS attack against your specific game server active port(s), as the default will be to block all IPs initially.
ASKER
Can't miscreants sniff out my secret-server-notification -of-client IP's-system, and blow me out anyway?
How do agar.io and slither.io do it? Exactly as above? Don't overwhelming packet floods to a new-game port make game notifications impossible?
Thanks
How do agar.io and slither.io do it? Exactly as above? Don't overwhelming packet floods to a new-game port make game notifications impossible?
Thanks
ASKER
Is it really that simple, just to shut out certain IP's not on the list? Doesn't the flood overwhelm the system?
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Suggestion: Might be good for you to hire a variety of consultants for short conversations about how to design...
1) Security.
2) User authentication.
3) Server scalability.
4) Game ecosystem, for example, if all people will be playing through one game terrain (World of Warcraft) or be playing in small groups (Fortnight). This is a crucial game server design element.
Best to work out details about all these areas prior to designing any of your game code.
1) Security.
2) User authentication.
3) Server scalability.
4) Game ecosystem, for example, if all people will be playing through one game terrain (World of Warcraft) or be playing in small groups (Fortnight). This is a crucial game server design element.
Best to work out details about all these areas prior to designing any of your game code.
ASKER
Thanks
ASKER
Thanks
That is a great suggestion, to seek help. Don't allow any opportunities for unfixable things later. Especially if I can find a javascript super-guru!
Are u thinking freelancer.com? What, - should I do a whole-job price, or hourly? minimum wage!?
That is a great suggestion, to seek help. Don't allow any opportunities for unfixable things later. Especially if I can find a javascript super-guru!
Are u thinking freelancer.com? What, - should I do a whole-job price, or hourly? minimum wage!?
ASKER
If my game is turn based, *like* checkers, or chess, does the non-real-time aspect simplify anything here?
Thanks
Thanks
We're getting into another question here, so likely best to open a new question, as others may have good input.
I tell my clients to avoid the normal places for hiring people.
Instead, look for people who speak about a related topic at Meetup groups or conferences or contribute on GitHub (either running projects or fixing bugs).
These people tend to have far more expertise, than people working through job sites.
They may also be more expensive... although... they might be cheaper too...
I tell my clients to avoid the normal places for hiring people.
Instead, look for people who speak about a related topic at Meetup groups or conferences or contribute on GitHub (either running projects or fixing bugs).
These people tend to have far more expertise, than people working through job sites.
They may also be more expensive... although... they might be cheaper too...
https://www.cloudflare.com/