Velocity icon indicating copy to clipboard operation
Velocity copied to clipboard
verified publisher icon PaperMC

Implement a command and chat rate limit

Open zPirroZ3007 opened this issue 2 years ago • 2 comments

Abstract

In the last weeks this exploit affected a lot of proxies with great suffering from a lot of Minecraft server owners.

The exploit just works by creating a custom client that floods "heavy" commands in order to flood the proxy with tasks to crash it.

The solution

I've implemented a simple command + chat rate limiter that works just like the Minecraft server does. If a user sends more than 10 commands in less than 4 seconds, gets kicked.

This fix will keep sure that things like this will never happena again

Clear and simple.

zPirroZ3007 avatar Feb 03 '23 13:02 zPirroZ3007

@astei this is crucial. fixes a huge vunerability

Emibergo02 avatar Feb 15 '23 17:02 Emibergo02

updates on this?

There is no need to bump a pull request if there is no activity. If you are having any related problems, update to the latest version of Velocity, a change has been implemented that may help solve this problem

4drian3d avatar Apr 03 '23 16:04 4drian3d

Closing this because has already been fixed with better methods by the Velocity team.

zPirroZ3007 avatar Jul 12 '24 22:07 zPirroZ3007