In the past ~30 hours my server has been bombarded with bots. They are all with random names and they are all offline mode.
First, I will explain my process of combatting the bots, then I will follow it by how I think this feature should be implemented.
When the bot attack started to come, it caused things to become unstable, especially the hub and its wrapper. I first tried switching fastlogin to "switch" mode, so the bots couldn't join. This both helped and made things worse. It helped because the bots no longer clogged up the database―I actually needed to delete over 5000 rows of bots from the database. It made things worse because they still joined the hub, and when they joined they immediately disconnected, causing hundreds of lines per second in console crashing it and its wrapper. I lowered the max player count of the hub to 10, made it more stable but it eventually crashed. Now it's at 5. It's not fun to get into the server when the hub's max player count is 5. Last night I disabled authme and fastlogin and set the server to online mode. It did the trick, but by doing that I closed off half of my player-base.
These bots are ones that anyone can download pretty easily and attack any server with fastlogin. In this case, however, this person gained access to a unique IP address for every single bot. It is very difficult to deal with distributed attacks like these.
My proposed solution:
If a configurable amount of cracked players join in a configurable amount of milliseconds, set the server to premium only for a configurable amount of seconds. If it happens again, it would double the time. For example, if 50 players join in 1500 milliseconds, set the server to premium for 600 seconds. If it happens again, it would double the time to 1200 seconds.
When in premium mode, FastLogin should have minimal database usage to prevent overloading the server, since hundreds of bots are trying to join every second. All it should do is log which accounts successfully join as premium as it would normally do, to keep the account secure.
By setting the server to premium for a period of time, it will prevent all bots from joining except for those that bought leaked Minecraft accounts on the black market. Those on the black market are almost impossible to prevent since they are premium, but the average person cannot gain access to them.
If this feature gets added, it also makes sense for you to add a command that sets the server to prevent for a configurable amount of seconds.
Also why do you request that the proxy is set to offline mode? In the event where the plugin isn't loaded, it could cause vulnerabilities. Also, a few of my bungee plugins have features that break when it is in offline mode.
In the past ~30 hours my server has been bombarded with bots. They are all with random names and they are all offline mode.
First, I will explain my process of combatting the bots, then I will follow it by how I think this feature should be implemented.
When the bot attack started to come, it caused things to become unstable, especially the hub and its wrapper. I first tried switching fastlogin to "switch" mode, so the bots couldn't join. This both helped and made things worse. It helped because the bots no longer clogged up the database―I actually needed to delete over 5000 rows of bots from the database. It made things worse because they still joined the hub, and when they joined they immediately disconnected, causing hundreds of lines per second in console crashing it and its wrapper. I lowered the max player count of the hub to 10, made it more stable but it eventually crashed. Now it's at 5. It's not fun to get into the server when the hub's max player count is 5. Last night I disabled authme and fastlogin and set the server to online mode. It did the trick, but by doing that I closed off half of my player-base.
These bots are ones that anyone can download pretty easily and attack any server with fastlogin. In this case, however, this person gained access to a unique IP address for every single bot. It is very difficult to deal with distributed attacks like these.
My proposed solution:
If a configurable amount of cracked players join in a configurable amount of milliseconds, set the server to premium only for a configurable amount of seconds. If it happens again, it would double the time. For example, if 50 players join in 1500 milliseconds, set the server to premium for 600 seconds. If it happens again, it would double the time to 1200 seconds.
When in premium mode, FastLogin should have minimal database usage to prevent overloading the server, since hundreds of bots are trying to join every second. All it should do is log which accounts successfully join as premium as it would normally do, to keep the account secure.
By setting the server to premium for a period of time, it will prevent all bots from joining except for those that bought leaked Minecraft accounts on the black market. Those on the black market are almost impossible to prevent since they are premium, but the average person cannot gain access to them.
If this feature gets added, it also makes sense for you to add a command that sets the server to prevent for a configurable amount of seconds.
Also why do you request that the proxy is set to offline mode? In the event where the plugin isn't loaded, it could cause vulnerabilities. Also, a few of my bungee plugins have features that break when it is in offline mode.