Page 1 of 1
PHX vs Multisell
Posted: Wed May 27, 2009 11:38 am
by momo61
Today on my server, a player tried exploiting with PHX. It was the same situation that I reported last time.
Server console message:
Character: LoLLoR is tryign to cheat in Multisell ID: 12271227
I check his inventory and it shows me he has a lot of Goldbars and items from the multisell shop.
I confronted the player asking him how he did it.
He replied that he was using L2 PHX to send packets in milliseconds to the shop and the server is failing to update his inventory. He told me he wants a reward for explaining how to fix it. I agreed of course.
He said: Add a flood protector of 1 second on the Multisell and I will not be able to send so many packets.
I check the database and some items that he hacked out had the location: VOID in the 'items' table.
Why has this not been taken into concideration ?
Re: PHX vs Multisell
Posted: Wed May 27, 2009 11:42 am
by blacksea
coz we are humans:D
Re: PHX vs Multisell
Posted: Wed May 27, 2009 11:43 am
by momo61
blacksea wrote:coz we are humans:D
please no such comments. Let's try and find a solution.
Re: PHX vs Multisell
Posted: Wed May 27, 2009 11:49 am
by momo61
not sure if this is a fix:
Code: Select all
Index: MultiSellChoose.java===================================================================--- MultiSellChoose.java (revision 1791)+++ MultiSellChoose.java (working copy)@@ -38,6 +38,8 @@ import net.l2emuproject.gameserver.templates.item.L2Armor; import net.l2emuproject.gameserver.templates.item.L2Item; import net.l2emuproject.gameserver.templates.item.L2Weapon;+import net.l2emuproject.gameserver.util.FloodProtector;+import net.l2emuproject.gameserver.util.FloodProtector.Protected; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory;@@ -89,6 +91,11 @@ private void doExchange(L2PcInstance player, MultiSellEntry templateEntry, boolean applyTaxes, boolean maintainEnchantment, int enchantment) {+ if (!FloodProtector.tryPerformAction(player, Protected.MULTISELL))+ {+ return;+ }+ PcInventory inv = player.getInventory(); // given the template entry and information about maintaining enchantment and applying taxes@@ -478,4 +485,4 @@ { return _C__A7_MULTISELLCHOOSE; }-}\ No newline at end of file+}
find this line HEROVOICE(10000), and after add this MULTISELL(1000),
Re: PHX vs Multisell
Posted: Wed May 27, 2009 3:59 pm
by toastgodsupreme
Yeah, I think L2JOfficial or Emu came up with a similar fix not too long ago. Also the same thing for request html as well so the server couldn't be flooded by thousands of html requests from multiple bot clients at once. a 1 second delay would be appropriate.
Re: PHX vs Multisell
Posted: Wed May 27, 2009 4:08 pm
by momo61
toastgodsupreme wrote:Yeah, I think L2JOfficial or Emu came up with a similar fix not too long ago. Also the same thing for request html as well so the server couldn't be flooded by thousands of html requests from multiple bot clients at once. a 1 second delay would be appropriate.
Yes. This is from L2Emu. Almost all forks have fixes except for L2J ^_^ which is very strange since L2J is or should be #1
The guy who exploited this way could also make the server stop with his flooding.
I think something should be done and this should be committed in the flood protection system by fordfrog which was committed here:
http://www.l2jserver.com/trac/changeset/2936
Re: PHX vs Multisell
Posted: Wed May 27, 2009 8:50 pm
by _DS_
I testing floodprotector expansion for multisell now..
Re: PHX vs Multisell
Posted: Wed May 27, 2009 9:31 pm
by toastgodsupreme
_DS_ wrote:I testing floodprotector expansion for multisell now..
If you implement it, you should implement one for html requests as well so a server can't be flooded.
RequestLinkHtml.java
Re: PHX vs Multisell
Posted: Wed May 27, 2009 10:16 pm
by momo61