1. The forums are scheduled for deletion on or after December 31, 2024 (JST). Please back up or archive any data you find important to you. If you do not have an account, you cannot login or create an account.

2.1 TSWVote 2.3

Allows in-game voting using the tserverweb.com platform.

  1. Ancientgods

    Plugin Developer Zero Day Plugin Author

    Joined:
    Sep 15, 2013
    Messages:
    712
    Better encrypt that dll then because otherwise people will just decompile it and read the questions...

    Orr.. did you mean send it from tserverweb to the server? That might be a better idea actually
     
  2. Simon311

    Simon311 TShock Contributor; Moderator
    TShock Contributor Plugin Developer

    Joined:
    Feb 23, 2013
    Messages:
    337
    Captcha would only slow people down, it will not close any vulnerabilities.
    Let's see, say I give fake IPs. Captcha is about 3 seconds to enter.
    That means, I could get 1200 likes within an hour.
    It is only secure to vote from the website. Just accept it =/.
     
  3. Wight

    Wight Administrator
    TShock Admin TShock Mod Plugin Developer Zero Day Plugin Author

    Joined:
    May 20, 2012
    Messages:
    1,598
    Plugin voting will be insecure. However, if everyone plays nice, then it works.
    All this requires is extra vote moderation.
    Abuse the plugin? Have your votes reverted.
    Abuse it again? Have your votes reset to 0.
    Etc.
    You could even end up just preventing them from ever using the site to advertise their server again if it came to it.

    There will always be some sneaky bastard who tries to slowly use proxies to boost his/her votes. Just make sure you keep a nice updated list of proxies and cross-check them against it. Use IP blacklists, etc.
     
  4. Simon311

    Simon311 TShock Contributor; Moderator
    TShock Contributor Plugin Developer

    Joined:
    Feb 23, 2013
    Messages:
    337
    • Like Like x 3
  5. Ancientgods

    Plugin Developer Zero Day Plugin Author

    Joined:
    Sep 15, 2013
    Messages:
    712
    Dang it now you made me vote for your server :p
     
  6. XGhozt

    Plugin Developer

    Joined:
    May 12, 2012
    Messages:
    171
    I had not thought of that before. It's not difficult to block iframes, I'll give it a shot when I get a chance.

    Edit: done
     
  7. XGhozt

    Plugin Developer

    Joined:
    May 12, 2012
    Messages:
    171
    I think I mentioned this before somewhere. I am actually checking the vote IP against several public blacklists. It blocks several hundred votes a day. That, and I had to add some checks to prevent search spiders from indexing the page and placing a vote. lol?
     
    • Like Like x 1
  8. Simon311

    Simon311 TShock Contributor; Moderator
    TShock Contributor Plugin Developer

    Joined:
    Feb 23, 2013
    Messages:
    337
    Usually people use tokens to prevent CSRF.
     
  9. Wolfje

    TShock Mod Zero Day Plugin Author

    Joined:
    Jul 2, 2013
    Messages:
    191

    The best way would be to pull the questions remotely out of TServerWeb.
     
  10. XGhozt

    Plugin Developer

    Joined:
    May 12, 2012
    Messages:
    171
    Something fun I did:
    [​IMG]
     
    • Like Like x 2
  11. OFF

    OFF
    Account Probation Banned Rating Banned

    Joined:
    Nov 28, 2013
    Messages:
    208
    So doing that right now.
     
    • Like Like x 1
  12. XGhozt

    Plugin Developer

    Joined:
    May 12, 2012
    Messages:
    171
    Hahaha, I just logged into Teeria and tried it. That was awesome, I chuckled.
     
    • Like Like x 1
  13. pink_panther

    pink_panther Level 9

    Joined:
    Oct 14, 2013
    Messages:
    370

    Still, without the web based captcha, people could just use your source to make a voting plugin that still just forces users to send the vote command on join.

    In fact, its what ill do if you don't put in a captcha.

    what terraria-servesr.com does is good. requires little to no effort to just go to the site and complete the captcha, also limits usernames and IPs to vote only once a day.
     
    • Like Like x 2
  14. Simon311

    Simon311 TShock Contributor; Moderator
    TShock Contributor Plugin Developer

    Joined:
    Feb 23, 2013
    Messages:
    337
    Stop the captcha spam already.
    XGhozt clearly stated he is not gonna do captcha, at least at the moment.
     
    • Like Like x 1
  15. XGhozt

    Plugin Developer

    Joined:
    May 12, 2012
    Messages:
    171
    Alright, it seems too many people are cheating or automating the process. We will be implementing a CAPTCHA system in the next few weeks. :(
     
  16. Wight

    Wight Administrator
    TShock Admin TShock Mod Plugin Developer Zero Day Plugin Author

    Joined:
    May 20, 2012
    Messages:
    1,598
    Alternatively remove all votes from the servers that are cheating/automating and let them know why
     
  17. XGhozt

    Plugin Developer

    Joined:
    May 12, 2012
    Messages:
    171
    While that sounds doable, I don't have the time to manage that and it will be difficult to automatically detect.
     
  18. Wight

    Wight Administrator
    TShock Admin TShock Mod Plugin Developer Zero Day Plugin Author

    Joined:
    May 20, 2012
    Messages:
    1,598
    Fair enough
     
  19. XGhozt

    Plugin Developer

    Joined:
    May 12, 2012
    Messages:
    171
    The in-game CAPTCHA code development is done. We are doing final testing and will release this week.
     
    • Like Like x 1
  20. Loganizer

    Plugin Developer

    Joined:
    Dec 2, 2012
    Messages:
    212
    • Like Like x 1