AuthorMessage
Lord_Zero
Ametuar
Posts: 122

To detect all known mainchat flooders, the following parameters need to be defined by server:
user_allowed_messages = number of messages allowed from a user in a specific period of time
all_allowed_messages = number of messages allowed from all users in a specific period of time
bots_max_delta = number of time units between 2 reconnects from 2 different users which will still categorize those users as possible flooders
message_rate = number of messages sent in a specific period of time
connection_delta = connection_time1-connection_time0
last_connection_time = last time a connect request was received from a specific IP
bot_connection_delta = user1_last_connection_time - user2_last_connection_time
times_checked = a constant specifying the minimum number of times the server needs to check consecutive connection_delta values.
The following statistics the server needs to keep for all IPs at least (connection_delta*(times_checked+1)) time units:
IP_number
connection_delta1
connection_delta2
....
connection_deltaN         - where N = times_checked
last_connection_time
flooder_detected - set to 1 if last disconnect was because the user was kicked for flooding
If flood was detected, the server must not delete any statistics until flood_stop_time+(connection_delta*(times_checked+1)).
Flood is detected on the following events:
1. a user sends a number of messages greater than user_allowed_messages
2. a user has all connection_delta values less than bots_max_delta and tries to send a message on mainchat before bots_max_delta*2 expires since last reconnect. To be more tolerant, 2 consecutive messages may be checked, and in that case first message will be added to connection_delta array.
3. message_rate > all_allowed_messages
4. bot_connection_delta<=bots_max_delta (calculated from last chatters) and message_rate < bots_max_delta*2.
5. users try to send messages when the server is busy broadcasting messages times_checked consecutive times.
6. a user tries to speak without getting nicklist.
To improve global mainchat flood detection, double the message_rate with each new chatter who has bot_connection_delta<=bots_max_delta or flooder_detected=1 and divide it by 2 if bot_connection_delta>bots_max_delta.
For an implementation in assembly language see the HeXHub Project.