![]() Unfortunately, a wrench was thrown in our gears and we soon had a serious problem on our hands.īecause Toontown Offline is a singleplayer game by nature, we’ve never had to deal with security issues before. We aren’t Toontown Rewritten or Corporate Clash with hundreds and thousands of players- we are Toontown Offline. If there’s a district reset, yeah, it’s a big deal and we try to fix it- but it’s not as detrimental to us as it is for other Toontown projects. By opening our Test Server, we were exposing ourselves to the public for the first time. We’ve never had an official, public server before. And only a couple weeks after we opened the Test Server, a few malicious individuals took advantage of that fact and began putting our security to the test.įirst, our game was dumped. In layman's terms, this means our game was reverse-engineered and it’s source code was published online for anyone to download. In the past, many different Toontown projects have had their games dumped, and we are no exception. ![]() However, what made our case special was the nature of Toontown Offline itself. Typically, all Toontown projects have only the client’s code in their executables. Your client is what you see on your screen- a Toon jumping, the gag select screen, those kinds of things. The server on the other hand is typically in charge of keeping everything in check and doing all the important calculations. For us, however, we need to include both the client AND the server code. After all, you wouldn’t be able to host a Mini-Server or run the game in Offline mode without it. So when our game was dumped, that means those who dumped it had access to not only our client code, but server code as well. This made it much, much easier for exploits to be found and abused. The only malicious behavior our team has ever had to deal with is the moderation of our Discord server. What we were presented with this time was something new and foriegn to us. With access to our client and server code, many exploits were performed on our Test Server. Good, because it meant we could patch them up before officially releasing v1.0. Bad, because we didn’t want it to ruin the experiences of our players. At first, we tried some temporary solutions. ![]() Our goal was to make sure nobody was coming into the game, spouting foul language and clogging up the server with bots. After that, we would look at assessing the situation and figuring out a more permanent fix. The temporary solutions failed to work well, and for a good few weeks we were left frantically scratching our heads. Imagine trying to plug up the holes in a broken pool, but every time you succeed, a new hole pops up. As a last-ditch effort, we eventually decided to add a new feature- whitelisting. By adding a whitelist to the game, we could control the flow of people coming into our Test Server, thus preventing exploiters. And ever since we’ve added the whitelist, things have been great. It was unfortunate we had to go this route, as it created an extra barrier of entry for entering the Test Server. Regardless, over 600 people have been whitelisted to date, and we couldn’t be more thankful for your patience regarding it. So now, I bet you’re wondering: What is the permanent solution? Well, I’m glad you asked! Lucky for us, whitelisting didn’t just serve our purposes for this one situation, but it will also serve as a neat feature for server hosters too.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |