24

I own a chat room and some users use a program Winsock Packet Editor, "WPE PRO".

With it they manage to bypass chat rules, like they can't be muted or kicked, and they can send messages fast bypassing the limit of the chat.

I was wondering if there is a way to end this?

About the software from the developer website:

Winsock Packet Editor (WPE) Pro is a packet sniffing/editing tool which is generally used to hack multiplayer games. WPE Pro allows modification of data at TCP level. Using WPE Pro one can select a running process from the memory and modify the data sent by it before it reaches the destination. It can record packets from specific processes, then analyze the information. You can setup filters to modify the packets or even send them when you want in different intervals. WPE Pro could also be a useful tool for testing thick client applications or web applications which use applets to establish socket connections on non http ports.

Update:
Its called 123flashchat, its Java/Flash, unfortunately the company abandoned the project, no updates or fixes any more. and the issue is not kicking the user, there is a ban on the ip, but a user can change the ip and return and start spamming messages fast

Jacco
  • 7,402
  • 4
  • 32
  • 53
Salim Aljayousi
  • 373
  • 2
  • 3
  • 36
    If traffic is coming from the client then assume it is unsafe. Your server is not supposed to act as a hub. – MonkeyZeus Apr 03 '16 at 20:45
  • 8
    This would probably depend on the protocol, but generally you just want to re-enforce the rules on the server, as well as the client. Don't let the server accept bad data, or messages from muted clients. Don't trust the client to keep track of these things, the server needs to do that too. – daboross Apr 03 '16 at 22:38
  • 2
    In one sentence: the fix is to make it so anything they do with WPE won't affect other users. – user253751 Apr 03 '16 at 23:31
  • 18
    2 seconds of Google: http://wiki.123flashchat.com/index.php/How_to_prevent_the_attacks_from_Hacking_tools_such_as_Wpe_pro%3F – Damon Apr 04 '16 at 10:36
  • 4
    @Damon it's extremely disappointing to see that this just required a google search for *"123flashchat wpe"* and see that link as the first result. – d0nut Apr 04 '16 at 19:48

3 Answers3

92

If what you describe is true, your chat room is designed badly.

The view of the server and what packets it receives should be forwarded to other users should be independent from whatever packets are coming in or going out.

Manipulating the traffic on a client should only interfere with that client's view of the chat room, never with other clients.

If you designed that differently, you are trusting on the clients to behave correctly.

You should never do that.

Misbehaving clients (those not behaving according to your rules) may create even bigger problems for you than people not being kicked. Here are a few examples of things that may happen without proper input validation:

  • Users may impersonate other users, leading to massive trust and confidentiality breaches
  • Users may gain rights they otherwise wouldn't have, being able to hold your service for ransom

Side note here:

There are many web clients for IRC that are easy to deploy and many IRC networks that let you host channels for free. Have your pick and rely on a thorough platform for chats.

Dietrich Epp
  • 2,578
  • 1
  • 11
  • 9
Tobi Nary
  • 14,302
  • 8
  • 43
  • 58
50

The short answer: use better chat room software.

Your question is lacking details about what kind of chat room program you're using. I am going to assume that it's either a simple client-server model, or a direct peer-to-peer. Either way, you have a sender who types and sends a message, and a receiver (either another client, or a centralized server). From your description it sounds like you're relying on the software on the sender's computer to "enforce the rules" - and the receiver will happily display any messages it receives. Unfortunately this means there's nothing you can do to stop users from intercepting and modifying the packets with a proxy / packet editor like Winsock Packet Editor (WPE).

What you need is a chat program where the receiver enforces the rules, ie the receiver will drop any packets from muted / kicked users, messages that come in too fast, etc.

It sounds like you're using a badly-designed chat room program, I would find a better one.

Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
  • Its called 123flashchat, its Java/Flash, unfortunately the company abandoned the project, no updates or fixes any more. and the issue is not kicking the user, there is a ban on the ip, but a user can change the ip and return and start spamming messages fast – Salim Aljayousi Apr 02 '16 at 23:28
  • 25
    Yeah, sounds like a poorly thought out protocol that then got abandoned. Sorry :-( – Mike Ounsworth Apr 02 '16 at 23:42
  • 4
    @SalimAljayousi Well, now you know why it was abandoned :P – Navin Apr 04 '16 at 13:56
25

Your question is lacking detailed description of what's going on. Therefore, it's impossible to solve the problem you described. However, it might be helpful to point out a different one.

If what you described is true, that isn't your problem. Your problem is a much bigger one. Namely that you trust the user.

Never trust the user!

I assume that you tell the client that it shouldn't send anything any more if its user has been kicked out. This obviously doesn't work because the client can just ignore this. You can't enforce your policies upon others by telling them to comply except if you're a state and can lock people up if they misbehave or have some other way of repressing others (like making sure you installed malicious software the user can't control on their machine – Sony Music style).

Have a mistrusting server!

Make sure not to accept anything from a kicked user on the server or you need to tell peers not to accept anything from kicked user. Telling those you fight against not to do something can't work. You need to tell the ones you work with what to do.

UTF-8
  • 2,300
  • 1
  • 9
  • 24