I use your wonderful decision SmartFoxServer2X in my mobile applications for many years, but lately Ive been worried by DDOS attacks, which can block server in a few minutes.
Examining the behavior of those who attack I have two improving proposals.
1. The first thing that Ive noticed. There are situations or conditions in which sessions of attackers are not finished in case of data packet uploading.
When Ive tried to send data to server port using command
netcat localhost 9933 <ddos.jpg
Ive noticed that session is created, but not completed (size<0 bytes)
Exception: java.lang.IllegalArgumentException
[SocketReader] sessions.DefaultSessionManager - Session created: ...
Message: Illegal request size: -654319616 bytes
>>session life XX seconds
At the same time if the package length is more than 0, a session is completed (size>0 bytes)
[SocketReader] sessions.DefaultSessionManager - Session created: ...
[SocketReader] sessions.DefaultSessionManager - Session removed: ...
Exception: java.lang.IllegalArgumentException
Message: Incoming request size too large: 1144193792, Current limit: 500000
My proposal is that in case of request size<0 the Session should be also removed. By adding a line of code the server will start protect itself.
2. An additional API from SmartFoxServer is necessary for me. Ive developed a minimum solution for detection of attacking IP. Ive been quided by transmitted traffic volume to server, dropped incoming packets, IpGeoLocator, I can distinguish session of attackers from the session of standard user.
It would be very good and useful to have access to the events of SmartFoxServer.
Option to subscribe to
++droppedIncomingPackets //Event.
//These events are useful.
.addEventListener("sessionAdded", eventHandler); //Session created
.addEventListener("sessionLost", eventHandler); //Session removed
Without these event listeners I have to scan with interval timing.
It would be appreciated to have such possibilities, that SmartFox2X could protect itself without third-party solutions.