Cleanup of Server Access & Nuget Updates

Author: FallenDev

Zolian.GameServer/Zolian.GameServer.csproj

@@ -41,15 +41,15 @@
 	</PropertyGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Chaos-Networking" Version="2.7.6" />
+		<PackageReference Include="Chaos-Networking" Version="2.8.0" />
 		<PackageReference Include="Microsoft.Data.SqlClient" Version="7.0.0-preview2.25289.6" />
 		<PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
 		<PackageReference Include="Microsoft.Extensions.Hosting" Version="10.0.1">
 			<TreatAsUsed>true</TreatAsUsed>
 		</PackageReference>
-		<PackageReference Include="Sentry" Version="5.16.2" />
-		<PackageReference Include="Sentry.Extensions.Logging" Version="5.16.2" />
-		<PackageReference Include="Sentry.Profiling" Version="5.16.2" />
+		<PackageReference Include="Sentry" Version="6.0.0" />
+		<PackageReference Include="Sentry.Extensions.Logging" Version="6.0.0" />
+		<PackageReference Include="Sentry.Profiling" Version="6.0.0" />
 		<PackageReference Include="Serilog.Extensions.Logging" Version="10.0.0" />
 		<PackageReference Include="Serilog.Sinks.Async" Version="2.1.0" />
 		<PackageReference Include="Serilog.Sinks.Console" Version="6.1.1" />

Zolian.Server.Base/Network/Server/BadActor.cs

@@ -5,6 +5,7 @@
 using Newtonsoft.Json;
 using RestSharp;
 using Darkages.Models;
+using ServiceStack.Text;
 
 namespace Darkages.Network.Server;
 
@@ -17,7 +18,7 @@ public class ReportInfo
 
 public static class BadActor
 {
-    private static readonly IMemoryCache IpCache = new MemoryCache(new MemoryCacheOptions());
+    public static readonly IMemoryCache IpCache = new MemoryCache(new MemoryCacheOptions());
 
     // Good actors: cache “clean” for 30 days
     private static readonly TimeSpan CacheDurationGoodActor = TimeSpan.FromDays(30);
@@ -380,5 +381,21 @@ private static bool IsVpnBotUsageType(string? usageType)
         _ => false
     };
 
+    private static readonly HashSet<string> _bannedIPs = [];
+
+    public static bool BannedIpCheck(string ip)
+    {
+        if (ip.IsNullOrEmpty()) return true;
+
+        // Check against known bad actors cache
+        var knownBadActor = BadActor.IpCache.TryGetValue(ip, out _);
+        if (knownBadActor) return true;
+
+        // Add banned player IPs to the _bannedIPs HashSet
+        _bannedIPs.Add("0.0.0.0");
+
+        return _bannedIPs.Contains(ip);
+    }
+
     private static bool IsKeyCodeValid(string? keyCode) => !string.IsNullOrWhiteSpace(keyCode);
 }

Zolian.Server.Base/Network/Server/LobbyServer.cs

@@ -134,6 +134,30 @@ protected override void IndexHandlers()
         ClientHandlers[(byte)ClientOpCode.ServerTableRequest] = OnServerTableRequest;
     }
 
+    protected override bool ShouldAcceptConnection(Socket clientSocket, out string? rejectReason)
+    {
+        rejectReason = null;
+
+        string ipAddress;
+        try
+        {
+            ipAddress = (clientSocket.RemoteEndPoint as IPEndPoint)?.Address.ToString() ?? "unknown";
+        }
+        catch
+        {
+            rejectReason = "Rejecting connection: unable to read RemoteEndPoint.";
+            return false;
+        }
+
+        if (!IsConnectionAllowed(ipAddress))
+        {
+            rejectReason = $"Too many connection attempts - throttled {ipAddress}";
+            return false;
+        }
+
+        return true;
+    }
+
     protected override void OnConnected(Socket clientSocket)
     {
         ServerSetup.ConnectionLogger($"Lobby connection from {clientSocket.RemoteEndPoint as IPEndPoint}");
@@ -149,54 +173,56 @@ protected override void OnConnected(Socket clientSocket)
         client.OnDisconnected += OnDisconnect;
         var safe = false;
 
-        var banned = BannedIpCheck(ipAddress.ToString());
+        // Check for banned IPs
+        var banned = BadActor.BannedIpCheck(ipAddress.ToString());
         if (banned)
         {
-            client.Disconnect();
-            ServerSetup.ConnectionLogger($"Banned connection attempt from {ip}");
+            try
+            {
+                ServerSetup.ConnectionLogger($"Banned connection attempt on Lobby Server from {ip}");
+                client.Disconnect();
+            }
+            catch { }
+
             return;
         }
 
+        // Check against known good actors cache
         foreach (var _ in ServerSetup.Instance.GlobalKnownGoodActorsCache.Values.Where(savedIp => savedIp == ipAddress.ToString()))
             safe = true;
 
         if (!safe)
         {
+            // Check against bad actor service
             var isBadActor = Task.Run(() => BadActor.ClientOnBlackListAsync(ipAddress.ToString())).Result;
 
             if (isBadActor)
             {
                 try
                 {
-                    client.Disconnect();
                     ServerSetup.ConnectionLogger($"Disconnected Bad Actor from {ip}");
+                    client.Disconnect();
                 }
-                catch
-                {
-                    // ignored
-                }
+                catch { }
 
                 return;
             }
-
-            ServerSetup.ConnectionLogger($"Good Actor! {ip}");
         }
 
+        // Register client and check for ID collisions
         if (!ClientRegistry.TryAdd(client))
         {
-            ServerSetup.ConnectionLogger("Two clients ended up with the same id - newest client disconnected");
             try
             {
+                ServerSetup.ConnectionLogger("ID Collision - Lobby Server");
                 client.Disconnect();
             }
-            catch
-            {
-                // ignored
-            }
+            catch { }
 
             return;
         }
 
+        // Add to passed checks cache for Lobby Server
         ServerSetup.Instance.GlobalLobbyConnection.TryAdd(ipAddress, ipAddress);
         client.BeginReceive();
         // 0x7E - Handshake
@@ -209,17 +235,5 @@ private void OnDisconnect(object sender, EventArgs e)
         ClientRegistry.TryRemove(client.Id, out _);
     }
 
-    private readonly HashSet<string> _bannedIPs = [];
-
-    private bool BannedIpCheck(string ip)
-    {
-        if (ip.IsNullOrEmpty()) return true;
-
-        // Add banned player IPs to the _bannedIPs HashSet
-        _bannedIPs.Add("0.0.0.0");
-
-        return _bannedIPs.Contains(ip);
-    }
-
     #endregion
 }

Zolian.Server.Base/Network/Server/LoginServer.cs

@@ -264,7 +264,7 @@ async ValueTask InnerOnLogin(ILoginClient localClient, LoginArgs localArgs)
                     {
                         var ipLocal = IPAddress.Parse(ServerSetup.Instance.InternalAddress);
 
-                        if (GameMastersIPs.Any(ip => localClient.RemoteIp.Equals(IPAddress.Parse(ip))) 
+                        if (GameMastersIPs.Any(ip => localClient.RemoteIp.Equals(IPAddress.Parse(ip)))
                             || IPAddress.IsLoopback(localClient.RemoteIp) || localClient.RemoteIp.Equals(ipLocal))
                         {
                             _ = Login(result, redirect, localClient);
@@ -275,16 +275,16 @@ async ValueTask InnerOnLogin(ILoginClient localClient, LoginArgs localArgs)
                         return;
                     }
                 default:
-                {
-                    if (result.Hacked)
                     {
-                        localClient.SendLoginMessage(LoginMessageType.CharacterDoesntExist, "Bruteforce detected, we've locked the account to protect it; If this is your account, please contact the GM.");
-                        return;
-                    }
+                        if (result.Hacked)
+                        {
+                            localClient.SendLoginMessage(LoginMessageType.CharacterDoesntExist, "Bruteforce detected, we've locked the account to protect it; If this is your account, please contact the GM.");
+                            return;
+                        }
 
-                    _ = Login(result, redirect, localClient);
-                    break;
-                }
+                        _ = Login(result, redirect, localClient);
+                        break;
+                    }
             }
         }
     }
@@ -484,41 +484,52 @@ protected override void OnConnected(Socket clientSocket)
         var client = _clientProvider.CreateClient(clientSocket);
         client.OnDisconnected += OnDisconnect;
 
-        if (!ClientRegistry.TryAdd(client))
+        // Check for banned IPs
+        var banned = BadActor.BannedIpCheck(ipAddress.ToString());
+        if (banned)
         {
-            ServerSetup.ConnectionLogger("Two clients ended up with the same id - newest client disconnected");
             try
             {
+                ServerSetup.ConnectionLogger($"Banned connection attempt on Login Server from {ip}");
                 client.Disconnect();
             }
-            catch
+            catch { }
+
+            return;
+        }
+
+        // Register client and check for ID collisions
+        if (!ClientRegistry.TryAdd(client))
+        {
+            try
             {
-                // ignored
+                ServerSetup.ConnectionLogger("ID Collision - Login Server");
+                client.Disconnect();
             }
+            catch { }
 
             return;
         }
 
+        // Verify connection passed through appropriate port access
         var lobbyCheck = ServerSetup.Instance.GlobalLobbyConnection.TryGetValue(ipAddress, out _);
 
         if (!lobbyCheck)
         {
             try
             {
                 client.Disconnect();
+                ServerSetup.ConnectionLogger("---------Login-Server---------");
+                var comment = $"{ipAddress} has been blocked for violating security protocols through improper port access.";
+                ServerSetup.ConnectionLogger(comment, LogLevel.Warning);
+                Task.Run(() => BadActor.ReportMaliciousEndpoint(ipAddress.ToString(), comment));
             }
-            catch
-            {
-                // ignored
-            }
+            catch { }
 
-            ServerSetup.ConnectionLogger("---------Login-Server---------");
-            var comment = $"{ipAddress} has been blocked for violating security protocols through improper port access.";
-            ServerSetup.ConnectionLogger(comment, LogLevel.Warning);
-            Task.Run(() => BadActor.ReportMaliciousEndpoint(ipAddress.ToString(), comment));
             return;
         }
 
+        // Add to passed checks cache for Login Server
         ServerSetup.Instance.GlobalLoginConnection.TryAdd(ipAddress, ipAddress);
         client.BeginReceive();
         // 0x7E - Handshake

Zolian.Server.Base/Network/Server/ServerSetup.cs

@@ -87,7 +87,6 @@ public class ServerSetup : IServerContext
     public ConcurrentDictionary<long, ConcurrentDictionary<string, KillRecord>> GlobalKillRecordCache { get; set; } = [];
     public ConcurrentDictionary<IPAddress, IPAddress> GlobalLobbyConnection { get; set; } = [];
     public ConcurrentDictionary<IPAddress, IPAddress> GlobalLoginConnection { get; set; } = [];
-    public ConcurrentDictionary<IPAddress, IPAddress> GlobalWorldConnection { get; set; } = [];
     public ConcurrentDictionary<IPAddress, byte> GlobalCreationCount { get; set; } = [];
     public ConcurrentDictionary<IPAddress, byte> GlobalPasswordAttempt { get; set; } = [];
 

Zolian.Server.Base/Network/Server/WorldServer.cs

@@ -3138,22 +3138,34 @@ protected override void OnConnected(Socket clientSocket)
         var client = _clientProvider.CreateClient(clientSocket);
         client.OnDisconnected += OnDisconnect;
 
-        if (!ClientRegistry.TryAdd(client))
+        // Check for banned IPs
+        var banned = BadActor.BannedIpCheck(ipAddress.ToString());
+        if (banned)
         {
-            ServerSetup.ConnectionLogger("Two clients ended up with the same id - newest client disconnected");
-
             try
             {
+                ServerSetup.ConnectionLogger($"Banned connection attempt on World Server from {ip}");
                 client.Disconnect();
             }
-            catch
+            catch { }
+
+            return;
+        }
+
+        // Register client and check for ID collisions
+        if (!ClientRegistry.TryAdd(client))
+        {
+            try
             {
-                // ignored
+                ServerSetup.ConnectionLogger("ID Collision - World Server");
+                client.Disconnect();
             }
+            catch { }
 
             return;
         }
 
+        // Verify connection passed through appropriate port access
         var lobbyCheck = ServerSetup.Instance.GlobalLobbyConnection.TryGetValue(ipAddress, out _);
         var loginCheck = ServerSetup.Instance.GlobalLoginConnection.TryGetValue(ipAddress, out _);
 
@@ -3162,20 +3174,16 @@ protected override void OnConnected(Socket clientSocket)
             try
             {
                 client.Disconnect();
+                ServerSetup.ConnectionLogger("---------World-Server---------");
+                var comment = $"{ipAddress} has been blocked for violating security protocols through improper port access.";
+                ServerSetup.ConnectionLogger(comment, LogLevel.Warning);
+                Task.Run(() => BadActor.ReportMaliciousEndpoint(ipAddress.ToString(), comment));
             }
-            catch
-            {
-                // ignored
-            }
+            catch { }
 
-            ServerSetup.ConnectionLogger("---------World-Server---------");
-            var comment = $"{ipAddress} has been blocked for violating security protocols through improper port access.";
-            ServerSetup.ConnectionLogger(comment, LogLevel.Warning);
-            Task.Run(() => BadActor.ReportMaliciousEndpoint(ipAddress.ToString(), comment));
             return;
         }
 
-        ServerSetup.Instance.GlobalWorldConnection.TryAdd(ipAddress, ipAddress);
         client.BeginReceive();
     }
 

Zolian.Server.Base/Zolian.Server.Base.csproj

@@ -42,15 +42,15 @@
 	</PropertyGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Chaos-Networking" Version="2.7.6" />
+		<PackageReference Include="Chaos-Networking" Version="2.8.0" />
 		<PackageReference Include="Dapper.StrongName" Version="2.1.66" />
 		<PackageReference Include="Microsoft.Data.SqlClient" Version="7.0.0-preview2.25289.6" />
 		<PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
 		<PackageReference Include="Newtonsoft.Json" Version="13.0.4" />
 		<PackageReference Include="RestSharp" Version="113.0.0" />
-		<PackageReference Include="Sentry" Version="5.16.2" />
-		<PackageReference Include="Sentry.Extensions.Logging" Version="5.16.2" />
-		<PackageReference Include="Sentry.Profiling" Version="5.16.2" />
+		<PackageReference Include="Sentry" Version="6.0.0" />
+		<PackageReference Include="Sentry.Extensions.Logging" Version="6.0.0" />
+		<PackageReference Include="Sentry.Profiling" Version="6.0.0" />
 		<PackageReference Include="Serilog.Sinks.File" Version="7.0.0" />
 		<PackageReference Include="ServiceStack" Version="10.0.4" />
 		<PackageReference Include="ServiceStack.Text" Version="10.0.4" />

ZolianTest/ZolianTest.csproj

@@ -19,14 +19,14 @@
 	</PropertyGroup>
 
 	<ItemGroup>
-		<PackageReference Include="Chaos-Networking" Version="2.7.6" />
+		<PackageReference Include="Chaos-Networking" Version="2.8.0" />
 		<PackageReference Include="Microsoft.Data.SqlClient" Version="7.0.0-preview2.25289.6" />
 		<PackageReference Include="Microsoft.DependencyValidation.Analyzers" Version="0.11.0" />
 		<PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.0.1" />
 		<PackageReference Include="NUnit" Version="4.4.0" />
-		<PackageReference Include="Sentry" Version="5.16.2" />
-		<PackageReference Include="Sentry.Extensions.Logging" Version="5.16.2" />
-		<PackageReference Include="Sentry.Profiling" Version="5.16.2" />
+		<PackageReference Include="Sentry" Version="6.0.0" />
+		<PackageReference Include="Sentry.Extensions.Logging" Version="6.0.0" />
+		<PackageReference Include="Sentry.Profiling" Version="6.0.0" />
 		<PackageReference Include="ServiceStack" Version="10.0.4" />
 		<PackageReference Include="ServiceStack.Text" Version="10.0.4" />
 	</ItemGroup>