Spam of /who command 500x/sec by macro

Issue #824 resolved
Audi created an issue

I thinking about counter of /who commands over time... because i found way how to lag core from client side by macro. I tried when i had 10 people online normally spent about 1-2% of cpu... (3,4ghz intel)

I found this trick on internet and some servers had lags after this i think about counter in mischandler.cpp on who commands with limit.

When i took macro /who 1-70 /who 1-72 /who 1-73 ... full macro and took autocast 50ms on this macro Cpu was drained up to 30-40% ... it can be drained more on servers with population 100+ online

Comments (4)

  1. desteny

    thats what i ment if i wrote my comment in "Login Opcode Spamming Exploit"

    the /who opcode spam is the same "cause of problem", and if you fix this then they will spam on ticket opcode (this is even more worse) !!Please delete this line if you think people can read it and take down servers!! (this has more fatal effect on servers, but i want explane it here!

    and if this is fixed then they use one of 8 other opcodes i know!

    the only solution worked for me (@ public) is how i explained in other post (opcode call limiting per account (config for each critical opcode a threshold and a reset intervall)) (inmemory or even better persistent saved in DB)

  2. desteny

    Yes something like this would be the in memory solution.

    i would suggest short reset intervalls and low numbers cause no normal player calls so much /who...

    for example interval 1 minute
    - warn value 5 calls
    - kick / ban value 10 calls

    count resets each minute

    and keep in mind to ban spamer for some hours could help to prevent retry spam (by non wow client spam apps / bots) (account ban 1 hour for example)

  3. desteny

    Ok thats true with arena /who checking, and ok if 10x/sec is no problem then why not.

    the way to save spamming in account (or/and separated IP table) is a good idea and the way to go.

    but the main thing i think is to implement it "different"!
    cause you implement it this time for /who, but next time you need the same thing on 10 different opcodes and just copy pasting is not the right way

    i suggest to create array of "timeLast" in wordsession (maybe for each opcode) or create separate enum with all supported opcodes to check

    then create a config where you can set active opcode checks with threshold and intervall.

    then check the timers and counters not in opcode it self, check it before opcode handler is called (general way)

    the benefit is no redundant code,
    config to change values at runtime (or disable / enable new opcodes) without compiling / restart, only reload config, this is more then gold worth on P servers!

    "only my two cents"

  4. Log in to comment