Store Page
Tabletop Simulator
All Discussions Screenshots Artwork Broadcasts Videos Workshop News Guides Reviews

Tabletop Simulator

Store Page
View Stats:
Global Achievements
McCloud Jul 8, 2018 @ 6:48am
WebRequest Security Question
I have a WebRequest in my script that is on a tick of 6 seconds to capture some json. It can throttle itself to hit the server only once every few minutes but during a certain phase of the game it ramps up to 6 seconds.

Curious, what's stopping people from d/l the game, altering the tick rate to, say, once every milisecond and running the game. How do I prevent my server from basically being DDOS'ed? I already have a security feature to stop sending data if the server gets hit more than 3 times in under 1 second but that just blacklists the IP, Steam ID to not receive any more json data (returns nothing) but they can still pummel my server with requests.

Can't think of a solution. Is there inherit security in TTS to stop this behavior that I may not be aware of?

Edit: basically I need a socket connection. lol
Last edited by McCloud; Jul 8, 2018 @ 6:50am
< >
Showing 1-4 of 4 comments
Knil  [developer] Jul 8, 2018 @ 12:26pm 
I mean they could just DDOS you outside the game once they have the IP. This protection has to be setup server side.
#1
McCloud Jul 8, 2018 @ 12:32pm 
Oh yes I know and sorry if the post sounds like a 'blame and shame' I'm just hoping to hear of some mearsures others have taken and how to mimimize it as best as possible from a less-hackey type of user. =)

Hey, can I send (make) my own headers to send with the requests from the TTS client? I actually could stop a large majority of DDOS attempts if that's possible [when the headers (or lack there of) hit the server scripts]. Probably a unity thing though.

Anyways, I so far made a game that can be completely controlled with a mobile device. =)
#2
SaltyO Jul 10, 2018 @ 9:06am 
neat. Doesn't Steam client act as a relay between server IP and other players? I see people post IPs in global chat and think that maybe this isn't the best idea?
#3
McCloud Jul 10, 2018 @ 12:22pm 
Originally posted by Elder_Salt:
neat. Doesn't Steam client act as a relay between server IP and other players? I see people post IPs in global chat and think that maybe this isn't the best idea?


Not how WebRequests work. They go directly to/from a remote server. A browser will have failsafes (to a certain degree and origin headers, etc). Anyways, web requests is amazing though it could be used for *ahem* "evil doings" in many other capacities.

Such as making a game like I did that uses mobile devices to control the game then (Disclaimer: I WILL NOT DO THIS, but it's totally feasible) streaming the client TTS and then people could play the game and not have to ever buy it. (AGAIN not my end goal but probably should be noted being the devs are watching this thread... I think).
Last edited by McCloud; Jul 10, 2018 @ 12:23pm
#4
< >
Showing 1-4 of 4 comments
Per page: 1530 50

Tabletop Simulator > General Discussions > Topic Details
Date Posted: Jul 8, 2018 @ 6:48am
Posts: 4

Discussions Rules and Guidelines