Ok so people keep botting my multi-ogar edited server(which is like an agar.io private server), and I noticed that they all use the same user-agent. How can I use ws to detect how many connections are coming from the same user agent so I can block them?
Something like
if (useragentconnections += 3) {
ws.terminate()
}
Unless you require some sort of account login/authentication, there is no foolproof mechanism to identify the same user-agent. Here are some techniques that can be used, each with varying degrees of success:
Cookie the connection with some sort of unique ID. All webSocket connections start with an http request so you can cookie them. If this is from a browser, the cookie will be presented at each new webSocket connection from that user agent and you can identify them. If this is a programmatic webSocket coming from some custom code, then they may not retain the cookie so this would not work.
Look at the IP address and count connections from that IP address. If the user is an individual home user, then this will uniquely identify any users connecting from that home network. If this is a corporate user, then there may be many users on that corporate network that appear to be coming from the same IP address via NAT so you may falsely identify lots of users within the same corporate/business network as having the same IP address.
Require some sort of account login/authentication and have some terms of service. If you identify misuse either automatically or manually, you can then ban that account.
Require some manual "human" intervention in order to get logged onto your server such as a captcha. This is to prevent automatic programmatic logins and require that a human be on the other end.
