Question Stealing is like a DOS attack

Home Alone · Apr 1, 2021

I went live with the shop addon and enabled the steal function. Some users created a bot that when it found someone with a high amount of credits it kept stealing from them in rapid fashion until all of their credits were gone. The result of this was a DOS like attack on the server that kept resulting in Nginx gateway errors. When I investigated I saw hundreds of these mysql processes running at once:

# User@Host: newlsa[newlsa] @ [192.168.0.72]
# Thread_id: 19575537 Schema: newlsa QC_hit: No
# Query_time: 1.211768 Lock_time: 0.000010 Rows_sent: 5 Rows_examined: 391458
# Rows_affected: 0 Bytes_sent: 36818
SET timestamp=1616974924;
SELECT xf_user.*
FROM xf_user

WHERE (xf_user.is_banned = 0) AND (xf_user.user_state = 'valid')
ORDER BY xf_user.dbtech_credits_credits DESC

LIMIT 5;
# Time: 210328 18:42:05
# User@Host: newlsa[newlsa] @ [192.168.0.72]
# Thread_id: 19575593 Schema: newlsa QC_hit: No
# Query_time: 1.268547 Lock_time: 0.000009 Rows_sent: 5 Rows_examined: 391458
# Rows_affected: 0 Bytes_sent: 36818
SET timestamp=1616974925;
SELECT xf_user.*
FROM xf_user

WHERE (xf_user.is_banned = 0) AND (xf_user.user_state = 'valid')
ORDER BY xf_user.dbtech_credits_credits DESC

LIMIT 5;

I had to shut the webservers down to allow the MySQL server to catch up.

Is there a way to throttle the steal function? Is there a way to limit the number of steal attempts allowed in one day?

Fillip H. · Apr 1, 2021

That query is from the rich list, it has nothing to do with the steal feature. There's no throttling feature at this time, so I would recommend banning those members instead.

Home Alone · Apr 1, 2021

So the rich list updates every time someone steals? They were using clickbots.

Fillip H. · Apr 1, 2021

No, but the rich list loads whenever you click the currency link to get the pop-up.

DragonByte Technologies · Apr 9, 2021

Hello @Home Alone,

We hope your ticket regarding DragonByte Shop has been addressed to your satisfaction. This ticket has now been scheduled to be closed.

If your ticket has not been resolved, you can reply to this thread at any point in the next 7 days in order to reopen the ticket, afterwards this thread will be closed.

Please do not reply to this thread if your ticket has been resolved.

Thank you.

- DragonByte Technologies, Ltd.

DragonByte Technologies · Apr 16, 2021

Hello @Home Alone,

As we have not heard back from you, your ticket regarding DragonByte Shop has now been closed.

If your ticket has not been resolved, please feel free to start a new support ticket and link back to this ticket.

If you have time, please leave a review on XenForo.com's Resource Manager.

Thank you.

- DragonByte Technologies, Ltd.

Question Stealing is like a DOS attack

Home Alone

Fillip H.

Home Alone

Fillip H.

DragonByte Technologies

Company Information

DragonByte Technologies

Company Information

Similar threads

DragonByte Shop

We value your privacy