In my game in the WIP section, First Recon, I host a server and any client can connect to it. It’s a fairly straight forward system.
I was wondering about how to stop clients that are not real from joining the server.
Currently I do a few sort of handshake checks. When the client connects, he sends his clients version number (major.minor.patch) in the form of a string. Then he sends his username. If that information is received in under 2 seconds of the established connection, then the client is allowed into the server and will spawn on everyone elses screen.
Since I released my game I’ve noticed on more than a few occasions people creating sockets manually to my server, or creating a socket and supplying incorrect data (resulting in a DC of the socket).
I some-what planned for this, and coded these things:
-
The server asks the client to hash a bunch of variables to in integer and send to the server every couple of seconds. If this data is not sent, or is incorrect it results in a DC.
-
The server requires you to send specific packets at a specific frequency (like movement). If you send outside of this frequency range, it results in a DC.
Is this enough of an initial security? I’ve never really dove into these kinds of topics. I know there isn’t a playerbase for my game, and it shouldn’t “matter” at the moment. However, I am still curious about the topic.
After I integrate an account system into the game, I’ll add an additional layer of security using a login-salt.