OTSAdmin: 2012

niedziela, 9 grudnia 2012

Symfony2 + Windows + less

Less for windows exists. But using CLI applications on Microsoft's platform is pain in the ass.
Instead of installing less to the PATH env variable I decided to use serverside lessphp (this is NOT recomennded for production env).

Symfony2 + Composer + twitter/bootstrap dependency problem

Today I started my playground with Symfony 2. As it uses Composer as dependency manager -which I have also never used before - I realised that it's gonna be workful weekend.

After almost 2 hours of fightining with twitter/bootstrap package not found error:

 PS D:\Projects\symfony> composer install  
 Loading composer repositories with package information  
 Installing dependencies  
 Your requirements could not be resolved to an installable set of packages.  
  Problem 1  
   - The requested package twitter/bootstrap could not be found in any version, there may be a typo in the package name  
 .  
 Potential causes:  
  - A typo in the package name  
  - The package is not available in a stable-enough version according to your minimum-stability setting  
   see <https://groups.google.com/d/topic/composer-dev/_g3ASeIFlrc/discussion> for more details.  
 Read <http://getcomposer.org/doc/articles/troubleshooting.md> for further common problems.

trying different configurations of composer.json, crawling millions of issues & forums finally I came to solution, which worked:
Repository:

 "repositories": [  
           {  
                "type": "package",  
                "package": {  
                     "version": "master",  
                     "name": "twitter/bootstrap",  
                     "source": {  
                          "url": "https://github.com/twitter/bootstrap.git",  
                          "type": "git",  
                          "reference": "master"  
                     },  
                     "dist": {  
                          "url": "https://github.com/twitter/bootstrap/zipball/master",  
                          "type": "zip"  
                     }  
                }  
           }  
      ],

require:

 "twitter/bootstrap": "dev-master"

Hope that this will save someone's time in the future (or mine, if I will forget).

wtorek, 4 grudnia 2012

Tricks for web development enviornment on Windows

Usually I do work on my laptop running Debian. However my desktop PC is running Windows and I don't wanna change it (gaaameees <3).
Recently I found that sitting in front of big screen have many pros and that's why I started to looking for things that would speed up working with many projects.

First of all I installed XAMPP.
Next, in Apache documentation I found module called vhost_alias which allows to map requested address to local file system without touching mod_rewrite rules.
I store my projects in D:/Projects so it looks like following (replace in http-vhosts.conf):

<VirtualHost *>
UseCanonicalName Off
VirtualDocumentRoot "D:/Projects/%1/
<Directory "D:\Projects">
Order allow,deny
Allow from all
Options FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>

Next I had to manually add entries to windows/system32/drivers/etc/hosts file, which maps domains to IP address before making DNS request. I found opening this file as administrators really boring plus it took so many time.

In about 10 minutes I wrote application in C# which allows me to modify this file. It's simple, without support for comments (it will ommit them when saving again):

You can download it here: HostsEditor.exe

Beware: Bitdefendeer removed contents of my hosts file after I added mapping for google.com :P

niedziela, 21 października 2012

wladca's PayGol script

Wladca posted on Otland.net script to allow people to pay with PayGol services.

Code:

<?php
/*


Note:Before starting you have to create an account at http://www.paygol.com/register?affiliatecode=T8Y7-LK0M-NY0R-Y6O3


*/


// check that the request comes from PayGol server
if(!in_array($_SERVER['REMOTE_ADDR'],
  array('109.70.3.48', '109.70.3.146', '109.70.3.58'))) {
  header("HTTP/1.0 403 Forbidden");
  die("Error: Unknown IP");
}
  

// get the variables from PayGol system
$message_id = $_GET['message_id'];
$service_id = $_GET['service_id'];
$shortcode = $_GET['shortcode'];
$keyword = $_GET['keyword'];
$message = $_GET['message'];
$sender = $_GET['sender'];
$operator = $_GET['operator'];
$country = $_GET['country'];
$custom = $_GET['custom'];
$points = $_GET['points'];
$price = $_GET['price'];
$currency = $_GET['currency'];

//Replace these parameters by your database details
$dbhost     = "localhost"; //Your database domain
$dbuser     = "root"; //Database username
$dbpassword = "dbpass"; //Database password
$db         = "dbname"; //Database name

//Connect to Database
$conn = mysql_connect($dbhost, $dbuser, $dbpassword);
mysql_select_db($db);

$sql = "UPDATE accounts SET premium_points = premium_points+$points WHERE name = '$custom'";
mysql_query($sql);

mysql_close($conn);

?>

He was sure that this script is secure because it allows connection only from IP's of PayGol.
I explained him that user provides the 'custom' GET parameter, so as his account name he can put anything, also something what will for example add points to all users. I fixed that for him but today I came with another idea.

I've created PayGol account, created own multiprice service with price 1 euro, 9000000 points for that and IPN URL pointing to... wladca's website.
Than I turned on testing mode, made the purchase in testing mode and on wladca's server I had 9000000 points :)

So what is the solution for this problem?
Check if parameters passed to your IPN script match the values you obtained from PayGol (especially service_id, price and points).

C++ TFS packet flood protection

Recently I posted the The Forgotten Server Firewall codes on the Premium Board of OTLand.net but noone implemented it in tfs core. I believe that developers are using it on their own servers to gain some advantage over competition.

I don't like this kind of attitude so I decided to release it here.
WARNING: This is not simple copy&paste code. You need to read it carefully and add some variables in files. Ok, you have been warned - so here you are:
Add this function & function's prototype:


bool ProtocolGame::gotCooldown(Player* player, int recvbyte)
{
    if(!player)
        return false;
    if(player->isRemoved())
        return false;
    int64_t tNow = time(NULL);
 
    if(cooldownExceedAttemp > g_config.getNumber(ConfigManager::COOLDOWN_EXCEED_ATTEMP)) //20
    {
        disconnectClient(0x14, "Tried to send too many packets.");
        std::clog<<"[ DOS ATTEMPT FROM ] "<< player->getName()<<std::endl;
        return false;
    }
    if(cooldownLast != tNow)
    {
        if(cooldownCounter < g_config.getNumber(ConfigManager::COOLDOWN_EXCEED_WARNING)) //5
            cooldownCounter = 0;
        else
        {
            if(cooldownExceed + g_config.getNumber(ConfigManager::COOLDOWN_EXCEED_SECONDS) < tNow) //SECONDS
                cooldownCounter = 0;
            else
            {
                cooldownExceedAttemp++;
                cooldownCounter = g_config.getNumber(ConfigManager::COOLDOWN_EXCEED_WARNING); //5
            }
        }
        cooldownLast = tNow;
        return false;
    }
    else
    {
        cooldownCounter++;
        if(cooldownCounter < g_config.getNumber(ConfigManager::COOLDOWN_PPS)) //10
            return false;
        else
            cooldownExceed = tNow;
    } 
    return true;
}

PHP Code:

void ProtocolGame::parsePacket(NetworkMessage &msg)

before

PHP Code:

        switch(recvbyte)
        {

add:

PHP Code:

if(recvbyte >= 0x6F && recvbyte != 0x96 && recvbyte <= 0xF1)
            if(gotCooldown(player, recvbyte))
                return;

in:

PHP Code:

bool ProtocolGame::parseFirstPacket(NetworkMessage& msg)

after
if(g_game.getGameState() == GAMESTATE_SHUTDOWN)
{
getConnection()->close();
return false;
}
add

PHP Code:

cooldownLast = 0;
    cooldownCounter = 0;
    cooldownExceed = 0;
    cooldownExceedAttemp = 0;

and add above in protocolgame.h
And add those config variables from 1st function to the configmanager.

And you can now limit incoming packets based on the character to prevent too fast items moving, or too fast attacking creatures or even too fast using talkactions or items.

Good luck!

SYN_RECV flood

Today my monitoring tool reported weird traffic on the webserver.
Short investigation showed that we are under SYN_RECV flood, what looked like this:

tcp 0 0 188.165.xxx.xxx:80 107.83.110.62:1234 SYN_RECV -

tcp 0 0 188.165.xxx.xxx:80 109.143.164.196:1234 SYN_RECV -

tcp 0 0 188.165.xxx.xxx:80 109.222.2.66:1234 SYN_RECV -

tcp 0 0 188.165.xxx.xxx:80 1.118.132.82:1234 SYN_RECV -

tcp 0 0 188.165.xxx.xxx:80 114.19.38.196:1234 SYN_RECV -

tcp 0 0 188.165.xxx.xxx:80 115.71.32.78:1234 SYN_RECV -

tcp 0 0 188.165.xxx.xxx:80 117.157.27.87:1234 SYN_RECV -

tcp 0 0 188.165.xxx.xxx:80 118.0.125.227:1234 SYN_RECV -

tcp 0 0 188.165.xxx.xxx:80 1.183.162.94:1234 SYN_RECV -

tcp 0 0 188.165.xxx.xxx:80 119.19.140.214:1234 SYN_RECV -

......... and many, many more ;]

Having syncookies turned on, I couldn't do much more about this than limiting connections with SYN_RECV to 1 per second per IP address.

Attacker tried like 5-10 times more to bring down our server but without success. The whole bandwidth of attack varied between 90-200 mbps.

To protect the website in future, I implemented Varnish Cache mechanism with Apache for dynamic content and nginx for static.

It works really well, page serving time dropped from 4s to 2.5s (including downloading all images, styles and javascripts).