Repeated Attempts of Failed Logins cause "lockups"
Puremin0rez opened this issue ยท 2 comments
A player who was causing mischief gets banned, causing them to try to login (possibly with a bot?) about every 5 seconds or so.
Eventually, it seems as if Privileges gets caught up on the massive login attempts and starts stalling the entire server every login attempt.
Of course, they're being denied entry to the server, but it still shows up in console that they're being denied and the failed login still "registers" the PlayerLoginEvent so it appears as if Privileges is trying to grab permissions for unsuccessful logins?
Here's the timings section (using Spigot) after a few seconds of running timings during these login attempts. http://i.imgur.com/EKkaUoz.png
Of course, the quick solution to this is add a IPTables rule in the firewall to stop them from even being processed by the server, but that wouldn't work in a proxy attack and it would be cool if Privileges somehow didn't lockup from unsuccessful logins. Not sure how feasible that is.
Thanks for reading!
@Puremin0rez - Unfortunately, there is no way to reliably fix this issue since other plugins require permission checks in the PlayerLogin and PlayerJoin events. Neither of those two events can be canceled, which means that it's not possible to bypass the event if the player is banned/kicked.
Privileges should not be locking up the server. If it is, it means that the permission attachable that it's calculating is insanely huge - with over a thousand permission nodes I get an average calculation time of 135ms, which is more than 1000% faster than your timings (assuming Privileges is responsible for the entire timing problem in your screenshot).
I do not support issues that arise while using Spigot. If you continue to experience this problem with CraftBukkit, please provide me with your config.yml, groups.yml, users.yml and a full timings report with over 100 joins depicted (if possible).
Ahh, looks like the removal of the connection throttle in CB might have been why this happened.
They added it back now:
Bukkit/CraftBukkit@b12f12f
Thanks for the help anyways.