Cheaters new exploits

So theres been a modder going around in my servers crashing peoples games
I don't know what he does but whenever he "closes" a room you can still see it in the list, but if you try to join you get this exception before right after OnJoinedRoomFail() is called: https://pastebin.com/pe22bEyH
after that you get the OnPhotonJoinedRoomFailed(), OnLeftLobby() and OnDisconnectedFromPhoton() logs.
http://i.imgur.com/aTNAoWj.png

Just what is this?

Comments

  • JohnTube
    JohnTube ✭✭✭✭✭
    Hi @mau,

    Thank you for choosing Photon!

    I moved this discussion to Photon Server category.

    We will investigate this issue but could you please answer these questions:
    1. What Server SDK version do you use?
    2. Anything useful in server logs? maybe we will ask you to send us the logs or increase log level.
    3. What plugins configuration do you use? maybe we will ask you to send us the config files.

    @chvetsov could you take a look please.
  • we need to find out what is going on
    please provide all infromation requested by JohnTube

    best,
    ilya
  • mau
    mau
    edited June 2017
    Well, here is where things get a bit difficult. Im just a programmer trying to hold the fort while the actual game developer is away dealing with a sudden case of existential crisis.

    Unfortunately, being as it is, I cant really say for sure how he has setup everything on his side (I now see that my first post may have caused this misunderstanding, sorry about that). But what I can say is that the dev is just a bit lazy, he would rather set every setting to default as long as the multiplayer works.
    As for logs, what you see in the pastebin is what I get, and thats whats bothering me. Why can I even see those, can the modder inject invalid properties to a room that somehow drops everyone out?

    Edit: I dont know if it helps but in the code base I have the the versionPUN is set to "1.28"
    and our Photon3Unity3D dll is in version 4.0.0.4
  • yeah, we need time to investigate this problem
    it would be good to understand what is inside of MaxPlayer property if it is not byte

    best,
    ilya
  • Hi, mau
    i managed to reproduce this cheat. we need to think how to fix your version
    are you using your own hosting our cloud?

    best,
    ilya
  • cloud
  • what region are you using?
    best,
    ilya
  • Asia, eu, jp and us
    The attacks happen more often in us server.
  • ok.
    thank you
    best,
    ilya
  • hi, mau
    we started deploy.
    slowly all server will get new version
    thank you for report

    best,
    ilya
  • Oh thank you very much
    I will report back if anything new comes up
  • Hi
    Given that we ll don't use cloud, and some of us use our own photon servers, could you describe the issue and the resolve so we can implement the check/protection in the server please - this question is for Photon staff.
    Thanks
  • hi, @petergpls

    i do not want to disclose issue details, so that someone who did not update his code did not suffer from clever customers. i will share fix with you

    it is really simple. Just set ActorNumber to 0 if it is less then 0 in SetPropertiesRequest constructors

    best,
    ilya