How strict should the autoban be? (without causing false bans)

[SYJourney]

Hello ragezone,
I'm in the process of rewriting some of mooples handlers and noticed some stuff about them that I'd rather ask about. Generally speaking, wether I can always ban when something in the packet is off, or if that can also happen due to other reasons.

For example, in a buy action (cashshopoperation, shop, or even the storage) I've noticed that they simply return when currency < itemprice.
From my understanding, sending the packet should not be possible in the first place if a player doesn't have enough meso/cash. I'm in general for banning for everything (before the hacker causes harm in some other way), so in this case, can I just assume someone packet edited and ban immediatly? Or can this also happen due to lag or some other error?

The same goes for item == null checks, for example:

Code:

 CashItem cItem = CashShopFactory.getInstance().getItem(snCS);
            if (cItem == null || !cItem.isOnSale() || cs.getCash(useNX) < cItem.getPrice()) {
                c.announce(MaplePacketCreator.enableActions());
                return;
            }

As CashShopFactory only returns null if the snCS is not in my servers commidity.img.xml, can I be safe to ban players if cItem == null?

Thanks for any advice!

[MentaL]

[Fraysa]

cItem will return null if your CashShopFactory will not contain it, which will happen if your data files actually don't contain it, which is not likely to happen, or the user sent this packet with a custom item. As for the price, this would also be a custom edited packet.

This is, after all, your choice. I would also just return instead of banning the player.

Also, this thread belongs in the Help forum.

[SYJourney]

cItem will return null if your CashShopFactory will not contain it, which will happen if your data files actually don't contain it, which is not likely to happen, or the user sent this packet with a custom item. As for the price, this would also be a custom edited packet.

Okay good to know.

This is, after all, your choice. I would also just return instead of banning the player.

Would you mind explaining this a bit? What would you say is the advantage from just returning vs. banning someone who wants to cause harm to your server?

Also, this thread belongs in the Help forum.

I wasn't sure where to pots it, I thought it belonged here because I thought of it as more of a discussion thread than a "help me"-thread.

[Fraysa]

Okay good to know.


Would you mind explaining this a bit? What would you say is the advantage from just returning vs. banning someone who wants to cause harm to your server?


I wasn't sure where to pots it, I thought it belonged here because I thought of it as more of a discussion thread than a "help me"-thread.

There isn't really a good answer for that. Neckson themselves don't immediately ban you for every little packet that you edit. They just don't handle it.

[Syre]

Like Fraysa said, an immediate ban is a bit intense. However, adding a counter, on the other hand, may not be.

I would intensively dig through the tetrasea autoban to see how it works.