Loading...
  OR  Zero-K Name:    Password:   

Forum index  > News   >

Automated PMs

21 posts, 2152 views
Post comment
Filter:    Player:  
Page of 2 (21 records)
sort
9 years ago
A recently banned troll has been setting up accounts sending automated malicious PMs. We are mass-banning as fast as we can and looking into more long-term solutions. Please bear with us as this is sorted out.
+0 / -0
New account registration has been disabled for the time being.

EDIT: Registrations should be back up.
+0 / -0


9 years ago
In lobby settings,you can disable messages from non friends.
Turn off the lobby, edit ZeroKLobbyConfig.xml to change:
BlockNonFriendPm to true
+0 / -0
Whoa whoa whoa... new account registration has been taken away? That's a little extreme.. don't you think?

I'd rather deal with stupid pms from a banned troll than a lack of legitimate users coming in.

Also suggestion for @licho / ZKL devs:
Have an option like BlockNonFriendPM but allow people you message first to message back.
+5 / -0


9 years ago
Thats how it works, when you "open channel" you can PM freely.
+0 / -0

9 years ago
Admins should get through the friendzone too, their messages are important usually.
+0 / -0


9 years ago
quote:
Thats how it works, when you "open channel" you can PM freely.


Oh so the other person cannot initiate the PM, but can respond to it? Nice feature.
+0 / -0
9 years ago
There is a way to stop this kind of attacks you know. ZK just needs the standart registraction procedure with e mail, captcha etc. That would stop the spams considerably.
However it would need aproval of whole spring community too, right?
+2 / -0
9 years ago
quote:
However it would need aproval of whole spring community too, right?

It would need changes to uberserver which covers all of spring. I doubt there would be objections from other mods though as these changes would control their troll populations too.
+0 / -0


9 years ago
Yeah, like @thesponge says, it's not like ZK is the only spring game that can come under troll attack. Maybe other games are ok currently, but, say, if BAR becomes popular, they're sure to attract some scum as well.
+2 / -0
Skasi
9 years ago
Yay do that, then no autohosts and other bots will be able to sign up anymore! \o/
+0 / -0
Firepluk
Captcha and email actually won't stop thorough trolls
- 1 recognized captcha pic costs as low as 0.1 cent(paid only for successfully recognized images), so u have to introduce something that cannot be solved by presented services like "captchabot" but still hardly solvable by algorithms
example: http://lmgtfy.com/?q=captcha+bot

- 1000 emails cost ~ 1-10$, very poor protection actually but it's better than nothing

also u have to think about such services as:
http://lmgtfy.com/?q=email+for+spam

The last thing I'd recommend to do is a proof of work protection when connection comes from previously not known IP address:

- delegate a client a simple task that takes N seconds to compute - calculate hash that starts from 0x00(N times) where N is hardness of the task
such task should take 10-15 seconds to compute on an average PC

this helps to protect network from abusing by malicious multi-threaded bots as it requires time(sec) to solve the task * N threads of computational time and fast becomes resource inefficient.

for example to attack network with 100 threads you will need 15 * 100 seconds of computational time - a big deal and very resource hungry
+ captcha for each registration
+ new IP for each registration which is not blacklisted, combining with the first requirement of proof of work - good luck to abuse this without investing N amount of money in hardware.

server can verify proof of work blazing fast for millisecond or less and after this is done IP address can be white-listed for a few hours(days)
+1 / -0
9 years ago
[ignorance]I heard in #zkdev that it would be possible to implement automatic VPN detection in uberserver. If that was done wouldn't IP bans work in most (all?) cases?[/ignorance]
+0 / -0
Firepluk
GBrankTheSponge as IT professional I can assure you that there is no reliable way to detect is user comes from VPN/proxy or direct connection.
blacklists are good but not reliable as tons of new vpn providers appear every day and also if you want to you can simply use network of trusted PCs with different IP addresses(even across the world) with installed proxy software - totally undetectable but expensive way.

We already have blacklist of VPN/proxy afaik and it indeed helps to reduce connects from VPN/proxy - imho good as it is.
+1 / -0


9 years ago
For the time being, [AG]abma (AFAIK) has blocked PMs from all (non-admin non-bot) users with less than 10 minutes of ingame time.
+1 / -0

9 years ago
...also keep in mind that dynamic IPs are a thing (especially in Germany). Excessive blacklisting can go awry quite quickly.
+1 / -0
9 years ago
quote:

The last thing I'd recommend to do is a proof of work protection when connection comes from previously not known IP address:

- delegate a client a simple task that takes N seconds to compute - calculate hash that starts from 0x00(N times) where N is hardness of the task
such task should take 10-15 seconds to compute on an average PC

Zero-Koin!
+1 / -0
I want to be an I.T professional when I grow up, can you give me some tips?
+1 / -0

9 years ago
quote:
when I grow up

If, anteep. If.
+7 / -0
Skasi
9 years ago
If I ever grow up I want to be a retiree.
+3 / -0
Page of 2 (21 records)