dextroy

Ok fine, thanks for the support, with all the information i think i can make a plausible solution. @melron I did read all of your post, i appreciate the information and the lesson. But about what you said in the beginning: the code may have breaches? Yeah, it might, but it's still essentially a 3rd party programming sending information it's NOT supposed to be sent to the server, so it is hacking, you just prefer to interprete as codes and lines, which is essentially what everything on the internet is. As for paying, then what's the point of having a "Free" Forum with a Help section if you lot don't wanna help whatsoever? Why the heck are you "mods" or whatever role you have are so dissatisfied having to reply what's supposed to be a "Free" forum? I get not wanting to help, maybe thinking the question is simple for you, but if you don't want to, then skip. If you want to be paid, then talk to the Forum owners to make this a paid section. But why do you lot feel the need to come here to say "you're wrong, you know nothing, what you use is shit, i'm superior, bla bla"? Ya'll need to chill, so much arrogance from you lot over a question. For whoever it fits: If you're so dissatisfied with a question but still feel the need to come out and say things like that, here's a tip: the problem ain't with me. Feel free to close the thread. Peace

Alright, in the meantime i was testing l2phx with my previous code. And it also seems like my protection worked. I used it's injection to learn Super Haste and got this: So i'll use your code that fits plus the one i added previously. I guess this should fix this particular issue. Additionally, would you know how i could make it create a simple log file, or add it's messages to the server log? This way i can keep up with players that are trying to exploit the server easily, because as of it is, there's no logs being generated, just kicking out.

There's still an issue, possibly with the e->e due to the java version. Can i replace that with something else?

Ok, so the RequestAquireSkill.java. I'll send below what i did and the full code aswell: The first line is the 'If' you've suggested, but as you can see, there's an incompatibility with that "Lambda expression". What can i replace it with? The second if is the skill_id verification i implemented, and it appears to be working on skill masters (i tested with < 1500 and it didn't allow me to learn the skill) Here's the full code: /* * L2jFrozen Project - www.l2jfrozen.com * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2, or (at your option) * any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * 02111-1307, USA. * * http://www.gnu.org/copyleft/gpl.html */ package com.l2jfrozen.gameserver.network.clientpackets; import org.apache.log4j.Logger; import com.l2jfrozen.Config; import com.l2jfrozen.gameserver.datatables.SkillTable; import com.l2jfrozen.gameserver.datatables.sql.SkillSpellbookTable; import com.l2jfrozen.gameserver.datatables.sql.SkillTreeTable; import com.l2jfrozen.gameserver.model.L2PledgeSkillLearn; import com.l2jfrozen.gameserver.model.L2ShortCut; import com.l2jfrozen.gameserver.model.L2Skill; import com.l2jfrozen.gameserver.model.L2SkillLearn; import com.l2jfrozen.gameserver.model.actor.instance.L2FishermanInstance; import com.l2jfrozen.gameserver.model.actor.instance.L2FolkInstance; import com.l2jfrozen.gameserver.model.actor.instance.L2ItemInstance; import com.l2jfrozen.gameserver.model.actor.instance.L2NpcInstance; import com.l2jfrozen.gameserver.model.actor.instance.L2PcInstance; import com.l2jfrozen.gameserver.model.actor.instance.L2VillageMasterInstance; import com.l2jfrozen.gameserver.network.SystemMessageId; import com.l2jfrozen.gameserver.network.serverpackets.ExStorageMaxCount; import com.l2jfrozen.gameserver.network.serverpackets.PledgeSkillList; import com.l2jfrozen.gameserver.network.serverpackets.ShortCutRegister; import com.l2jfrozen.gameserver.network.serverpackets.StatusUpdate; import com.l2jfrozen.gameserver.network.serverpackets.SystemMessage; import com.l2jfrozen.gameserver.util.IllegalPlayerAction; import com.l2jfrozen.gameserver.util.Util; public class RequestAquireSkill extends L2GameClientPacket { private static Logger LOGGER = Logger.getLogger(RequestAquireSkill.class); private int _id; private int _level; private int _skillType; @Override protected void readImpl() { _id = readD(); _level = readD(); _skillType = readD(); } @Override protected void runImpl() { final L2PcInstance player = getClient().getActiveChar(); if (player == null) return; final L2FolkInstance trainer = player.getLastFolkNPC(); if (trainer == null) return; final int npcid = trainer.getNpcId(); if (!player.isInsideRadius(trainer, L2NpcInstance.INTERACTION_DISTANCE, false, false) && !player.isGM()) return; if (!Config.ALT_GAME_SKILL_LEARN) { player.setSkillLearningClassId(player.getClassId()); } if (player.getSkillLevel(_id) >= _level) // already knows the skill with this level return; if(SkillTreeTable.getInstance().getAllowedSkills(player.getClassId()).stream().noneMatch(e->e.getId == _skillId)) return; // test block sills 1500+ if ((_id) > 1500) { player.sendMessage("You are trying to learn an illegal skill"); Util.handleIllegalPlayerAction(player, "Player " + player.getName() + " tried to learn skill that he can't!!!", IllegalPlayerAction.PUNISH_KICK); // illegal skill return; } final L2Skill skill = SkillTable.getInstance().getInfo(_id, _level); int counts = 0; int _requiredSp = 10000000; if (_skillType == 0) { final L2SkillLearn[] skills = SkillTreeTable.getInstance().getAvailableSkills(player, player.getSkillLearningClassId()); for (final L2SkillLearn s : skills) { final L2Skill sk = SkillTable.getInstance().getInfo(s.getId(), s.getLevel()); if (sk == null || sk != skill || !sk.getCanLearn(player.getSkillLearningClassId()) || !sk.canTeachBy(npcid)) { continue; } counts++; _requiredSp = SkillTreeTable.getInstance().getSkillCost(player, skill); } if (counts == 0 && !Config.ALT_GAME_SKILL_LEARN) { player.sendMessage("You are trying to learn skill that u can't.."); Util.handleIllegalPlayerAction(player, "Player " + player.getName() + " tried to learn skill that he can't!!!", IllegalPlayerAction.PUNISH_KICK); return; } if (player.getSp() >= _requiredSp) { int spbId = -1; // divine inspiration require book for each level if (Config.DIVINE_SP_BOOK_NEEDED && skill.getId() == L2Skill.SKILL_DIVINE_INSPIRATION) { spbId = SkillSpellbookTable.getInstance().getBookForSkill(skill, _level); } else if (Config.SP_BOOK_NEEDED && skill.getLevel() == 1) { spbId = SkillSpellbookTable.getInstance().getBookForSkill(skill); } // spellbook required if (spbId > -1) { final L2ItemInstance spb = player.getInventory().getItemByItemId(spbId); if (spb == null) { // Haven't spellbook player.sendPacket(new SystemMessage(SystemMessageId.ITEM_MISSING_TO_LEARN_SKILL)); return; } // ok player.destroyItem("Consume", spb, trainer, true); } } else { final SystemMessage sm = new SystemMessage(SystemMessageId.NOT_ENOUGH_SP_TO_LEARN_SKILL); player.sendPacket(sm); return; } } else if (_skillType == 1) { int costid = 0; int costcount = 0; // Skill Learn bug Fix final L2SkillLearn[] skillsc = SkillTreeTable.getInstance().getAvailableSkills(player); for (final L2SkillLearn s : skillsc) { final L2Skill sk = SkillTable.getInstance().getInfo(s.getId(), s.getLevel()); if (sk == null || sk != skill) { continue; } counts++; costid = s.getIdCost(); costcount = s.getCostCount(); _requiredSp = s.getSpCost(); } if (counts == 0) { player.sendMessage("You are trying to learn skill that u can't.."); Util.handleIllegalPlayerAction(player, "Player " + player.getName() + " tried to learn skill that he can't!!!", IllegalPlayerAction.PUNISH_KICK); return; } if (player.getSp() >= _requiredSp) { if (!player.destroyItemByItemId("Consume", costid, costcount, trainer, false)) { // Haven't spellbook player.sendPacket(new SystemMessage(SystemMessageId.ITEM_MISSING_TO_LEARN_SKILL)); return; } final SystemMessage sm = new SystemMessage(SystemMessageId.DISSAPEARED_ITEM); sm.addNumber(costcount); sm.addItemName(costid); sendPacket(sm); } else { final SystemMessage sm = new SystemMessage(SystemMessageId.NOT_ENOUGH_SP_TO_LEARN_SKILL); player.sendPacket(sm); return; } } else if (_skillType == 2) // pledgeskills TODO: Find appropriate system messages. { if (!player.isClanLeader()) { // TODO: Find and add system msg player.sendMessage("This feature is available only for the clan leader"); return; } int itemId = 0; int repCost = 100000000; // Skill Learn bug Fix final L2PledgeSkillLearn[] skills = SkillTreeTable.getInstance().getAvailablePledgeSkills(player); for (final L2PledgeSkillLearn s : skills) { final L2Skill sk = SkillTable.getInstance().getInfo(s.getId(), s.getLevel()); if (sk == null || sk != skill) { continue; } counts++; itemId = s.getItemId(); repCost = s.getRepCost(); } if (counts == 0) { player.sendMessage("You are trying to learn skill that u can't.."); Util.handleIllegalPlayerAction(player, "Player " + player.getName() + " tried to learn skill that he can't!!!", IllegalPlayerAction.PUNISH_KICK); return; } if (player.getClan().getReputationScore() >= repCost) { if (Config.LIFE_CRYSTAL_NEEDED) { if (!player.destroyItemByItemId("Consume", itemId, 1, trainer, false)) { // Haven't spellbook player.sendPacket(new SystemMessage(SystemMessageId.ITEM_MISSING_TO_LEARN_SKILL)); return; } final SystemMessage sm = new SystemMessage(SystemMessageId.DISSAPEARED_ITEM); sm.addItemName(itemId); sm.addNumber(1); sendPacket(sm); } } else { final SystemMessage sm = new SystemMessage(SystemMessageId.ACQUIRE_SKILL_FAILED_BAD_CLAN_REP_SCORE); player.sendPacket(sm); return; } player.getClan().setReputationScore(player.getClan().getReputationScore() - repCost, true); player.getClan().addNewSkill(skill); if (Config.DEBUG) { LOGGER.debug("Learned pledge skill " + _id + " for " + _requiredSp + " SP."); } final SystemMessage cr = new SystemMessage(SystemMessageId.S1_DEDUCTED_FROM_CLAN_REP); cr.addNumber(repCost); player.sendPacket(cr); final SystemMessage sm = new SystemMessage(SystemMessageId.CLAN_SKILL_S1_ADDED); sm.addSkillName(_id); player.sendPacket(sm); player.getClan().broadcastToOnlineMembers(new PledgeSkillList(player.getClan())); for (final L2PcInstance member : player.getClan().getOnlineMembers("")) { member.sendSkillList(); } if (trainer instanceof L2VillageMasterInstance) { ((L2VillageMasterInstance) trainer).showPledgeSkillList(player); } return; } else { LOGGER.warn("Recived Wrong Packet Data in Aquired Skill - unk1:" + _skillType); return; } player.addSkill(skill, true); if (Config.DEBUG) { LOGGER.debug("Learned skill " + _id + " for " + _requiredSp + " SP."); } player.setSp(player.getSp() - _requiredSp); final StatusUpdate su = new StatusUpdate(player.getObjectId()); su.addAttribute(StatusUpdate.SP, player.getSp()); player.sendPacket(su); final SystemMessage sp = new SystemMessage(SystemMessageId.SP_DECREASED_S1); sp.addNumber(_requiredSp); sendPacket(sp); final SystemMessage sm = new SystemMessage(SystemMessageId.LEARNED_SKILL_S1); sm.addSkillName(_id); player.sendPacket(sm); // update all the shortcuts to this skill if (_level > 1) { final L2ShortCut[] allShortCuts = player.getAllShortCuts(); for (final L2ShortCut sc : allShortCuts) { if (sc.getId() == _id && sc.getType() == L2ShortCut.TYPE_SKILL) { final L2ShortCut newsc = new L2ShortCut(sc.getSlot(), sc.getPage(), sc.getType(), sc.getId(), _level, 1); player.sendPacket(new ShortCutRegister(newsc)); player.registerShortCut(newsc); } } } if (trainer instanceof L2FishermanInstance) { ((L2FishermanInstance) trainer).showSkillList(player); } else { trainer.showSkillList(player, player.getSkillLearningClassId()); } if (_id >= 1368 && _id <= 1372) // if skill is expand sendpacket :) { final ExStorageMaxCount esmc = new ExStorageMaxCount(player); player.sendPacket(esmc); } player.sendSkillList(); } @Override public String getType() { return "[C] 6C RequestAquireSkill"; } } I'll Google it myself, but i'll just ask: do know a link to any tutorial on how to use this hack? This way i can use it myself to test if the fix worked.

In order for me to understand, isn't the "Allowed Skills" list the skill tree sql table? If so, as i mentioned the skill tree only marks skills up to 1430. I don't get how they'd see any different. Here, i found the get allowed skills on the following java files: Would it be on the L2PcInstance then? Here's the bit marked: /** * check player skills and remove unlegit ones (excludes hero, noblesse and cursed weapon skills). */ public void checkAllowedSkills() { boolean foundskill = false; if (!isGM()) { Collection<L2SkillLearn> skillTree = SkillTreeTable.getInstance().getAllowedSkills(getClassId()); // loop through all skills of player for (final L2Skill skill : getAllSkills()) { final int skillid = skill.getId(); // int skilllevel = skill.getLevel(); foundskill = false; // loop through all skills in players skilltree for (final L2SkillLearn temp : skillTree) { // if the skill was found and the level is possible to obtain for his class everything is ok if (temp.getId() == skillid) { foundskill = true; } } // exclude noble skills if (isNoble() && skillid >= 325 && skillid <= 397) { foundskill = true; } if (isNoble() && skillid >= 1323 && skillid <= 1327) { foundskill = true; } // exclude hero skills if (isHero() && skillid >= 395 && skillid <= 396) { foundskill = true; } if (isHero() && skillid >= 1374 && skillid <= 1376) { foundskill = true; } // exclude cursed weapon skills if (isCursedWeaponEquiped() && skillid == CursedWeaponsManager.getInstance().getCursedWeapon(_cursedWeaponEquipedId).getSkillId()) { foundskill = true; } // exclude clan skills if (getClan() != null && skillid >= 370 && skillid <= 391) { foundskill = true; } // exclude seal of ruler / build siege hq if (getClan() != null && (skillid == 246 || skillid == 247)) if (getClan().getLeaderId() == getObjectId()) { foundskill = true; } // exclude fishing skills and common skills + dwarfen craft if (skillid >= 1312 && skillid <= 1322) { foundskill = true; } if (skillid >= 1368 && skillid <= 1373) { foundskill = true; } // exclude sa / enchant bonus / penality etc. skills if (skillid >= 3000 && skillid < 7000) { removeSkill(skill); LOGGER.warn("Character " + getName() + " of Account " + getAccountName() + " got skill " + skill.getName() + ".. Removed!"/* + IllegalPlayerAction.PUNISH_KICK */); foundskill = true; } // exclude Skills from AllowedSkills in options.properties if (Config.ALLOWED_SKILLS_LIST.contains(skillid)) { foundskill = true; } // exclude Donator character if (isDonator()) { foundskill = true; } // exclude Aio character if (isAio()) { foundskill = true; } // remove skill and do a lil LOGGER message if (!foundskill) { removeSkill(skill); if (Config.DEBUG) { // sendMessage("Skill " + skill.getName() + " removed and gm informed!"); LOGGER.warn("Character " + getName() + " of Account " + getAccountName() + " got skill " + skill.getName() + ".. Removed!"/* + IllegalPlayerAction.PUNISH_KICK */); } } } // Update skill list sendSkillList(); skillTree = null; } } How would i insert your code there? I tried but got some errors, so, i'm sending the source code and trying to understand the code's logic.

I appreciate that, but being honest i still couldn't understand what my next steps should be. Tracing the code could literally be looking into every single .java file, and as i said, i'm not a programmer/developer. That's why i've been asking as least for a countermeasure, if someone is sending illegal packets that i can't track (i don't know how or it'd require too much programming knowlege), wouldn't a block on it's effects at least partially solve the issue? I still don't know where to look at. If you could pinpoint something like: "You can add some code lines on WhateverFile.java and it will verify the skills" and somewhat of what the code would look like, then i can attempt a solution here. But i'm not at advanced knowledge with java. Tracing everything, check packets, hacking, those are not things i'm experenced at, so i just honestly don't know where to start looking. With the information i'm receiving. Zake told me to look on RequestAquireSkill.java and i was able to put an extra code line there. But i don't know if that's enough or where else i could put an extra verification.

Ok, but what should i be looking into then? What java file? I'm trying to understand within my knowledge, which is not that advanced, so i ask for some patience. I did what i said about skills > 1500 on RequestAquireSkill.java. Is that enough? And is there a way i can verify/block what that phx sends? I'm not experienced with hack systems, so i don't know exactly how it's done. Where would i put that verification, considering the server is multiskill and it should allow all classes skills (skills under 1500)? And i don't know exactly where to put the method i asked for, that's why i'm here, i don't know which java file or how to code as i'm not an experienced developer/programmer.

I understand, but i'm not sure if i can cover every single possibility of "how he did it" as there were no specific logs generated. The normal learn skill process on my server calls for the database skill tree on class masters, and the db skill tree only displays skills under 1500, which are the regular skill classes. If he used a class master to learn the skill, the new line i added on my previous post should already block them from learning. But if he did some other way, i can't figure out 'cause there were no logs. And i think i can assume it's not addSkill command 'cause only GM/ADM access level can call for those. And i'm assuming it's nothing of the sort, because if it was, he could've cause more damage than simply learning monster/items skills.

If you have any suggestions i'm happy to listen and try. I did find somewhat of a fix of my own already. I entered the clientpack RequestAquireSkill.java and added the simple line: if ((_id) > 1500) return; I tested the code the other way around <1500 and it didn't allow me to learn any skills. So, If the hacker was using the skill masters packets to learn skills this should block them already. But if it's some other way, they can still get around. That's why i wanted a way to kick/ban players who have those skills learned on their character, because if it is something else, then a countermeasure to block characters with illegal skills would work for all situations. I just don't know which java file and what code could do that automatic verification.

I do understand that finding exactly how the hacker did would be the best solution, but i'm not a programmer. I wouldn't know how to do that bypass track, and that would involve having to wait for another player to come in again and use the same or a similar hacking tool and then looking all over the code to possibly fix multiple things. Here's the error log i got when the guy started hacking: He also learned STR as a skill and had it maxed, that's probably why the server couldn't identify the limitation. There are no other logs about learning the skills or detected illegal activity on the gameserver. I don't have a professional server nor want to, it's just a fun side project, i know L2JFrozen has it's limitations and i've covered most i found over the months i've worked, that's why the guy that hacked wasn't able to completely ruin the server and compromise other accounts. I just want a way to immediately block the account if such thing happen again. Like: if the guy has one of the illegal skills learned, the character automatically gets kicked or banned. That would solve the root? No, but that would not allow them to exploit any skill related bug anymore. As for the learning skills process, it's not stack sub, not autolearn, just class masters, as i replied to Zake on a previous post, there are these lines on one of the config files: # Alternative skill learn rules: # - all classes can learn all skills # - skills of another class costs x2 SP # - skills of another race costs x2 SP # - skills of fighters/mages costs x3 SP AltGameSkillLearn = True With this active the player get to the class master/magister and learn their skills. Stack sub is not activated. They just can learn any class skill on any class master. If you need any other information to help understand the issue, i'll gladly provide, but i just want a countermeasure to block if such thing happens again. Yes man, i know those have safer and better coding, but i'm not throwing away all my work to learn how to code every single change i did on another type of java server from scratch. Especially since it's just a fun server. If you can assist with this version, great, i'd thank you. Otherwise i don't see the point in coming to do posts like this.

Like you even tried. Please. Trying to spam multiple times to get that post number of urs up and some sort of "reputation". The details are there, the source code is there, what i asked is there. You keep evading the question and boasting. You probably just get other people's work and try to re-sell to others from what i see in your profile. If you knew anything you'd have asked for the specific code lines long ago. Here's some news for you: you're at the Help section of the forum. If you got nothing to add, move along. Bye.

And then you're not providing any sort of support, only flooding.

If he had access to my database directly he would've given himself the best items in the game, he could've made himself a GameMaster, but no, he was farming for items with monster skills. Or could've done much worse by erasing it. Plus i keep daily backups. So yeah, if my server got attacked directly on the database, i could give 0 f*cks. And if that happened, THEN i'd be looking for database protection. THEN your comment would make any sense. Not now. For NOW i asked a way to instantly block players that could use the same hack. See the difference? Really, what's wrong with YOU? Clearly you don't want to help, only want to find ways to boast and criticize to make yourself feel superior. If you have nothing to add, move on to another thread and let someone else assist.

Yes, but whatever way it is, i'm not asking to know what the hacker did. I'm asking for a countermeasure. Which would be the automatic ban or kick, or whatever when a player with those skills learned log in the game, or whichever type of verification.

Again, it's not a server-side mistake. You talk about checking my source, the source code i already posted on my previous reply if that would help it's there. The L2JFrozen one, it's the same thing: http://subversion.assembla.com/svn/L2jFrozenInterlude/trunk/gameserver Someone used some type of hack bypass to inject themselves with those skills. How? I don't know, i'm not a hacker. And again, i'm not even asking to find the root of the issue. If there's a way to add an extra layer of security that wouldn't be complicated like a gameguard, or a simple way to find it, what a bonus. But I'm asking for a simple solution in the form of a code: If a non GM player have those skills learned on their character skill list, they get banned. It's easier to unban later (if it was some sort of mistake) than allowing them exploit for whatever time until i find them exploting and manually ban. That shouldn't be something so complicated. Which would possibly look something like the line from the code on my first post: if (skillid >= 3000 && skillid < 7000) { foundskill = true; } I just don't know where i'd add it or how to code it to make it automatic.

Yes.

Already did. 3132 3599 3603 3629 4108 4136 4173 4303 4304 4318 4341 4409 4410 4412 4413 4680 7029

Well, it's one of the latest L2JFrozen rev as i stated on my initial post. I got it a while ago so i don't remember exactly, possibly the 1132 version. It's Interlude. I've got a clear revision without customizations active so i could make the changes i wanted myself. And i did make a few, but no changes regarding the learn skill process itself, so it's the same as any L2JFrozen Interlude revision. If there are parts of my source code you'd like to see that could help, i'd gladly post them, but clearly you don't expect me to come here and post the entirety of my source code when asking for help on an specific issue, right? Anyway, here's an equivalent of the source code, taken directly from l2frozen website: http://subversion.assembla.com/svn/L2jFrozenInterlude/trunk/gameserver/head-src/com/l2jfrozen/gameserver/model/actor/instance/L2PcInstance.java I posted the L2PcInstance but the directory is there, and the others are pretty much alike. If you know where in there i could look to fix this, then the help would be appreciated.

No auto skill learned, it's learned thru the normal class masters. There's this option on the L2JFrozen rev i use: # Alternative skill learn rules: # - all classes can learn all skills # - skills of another class costs x2 SP # - skills of another race costs x2 SP # - skills of fighters/mages costs x3 SP AltGameSkillLearn = True This allow characters to go to any master/magister, as long as they have the level/sp and it's on the class skill tree, they can learn. But Super Haste/Valakas Buff/Zariche passive buffs and others aren't on the database list, so they would certainly not appear on any class master without some sort of hacking (and i've already checked them all). Well, "believing" in you doesn't exactly help me sort the issue, does it? Do you have any information you can provide to assist? Otherwise it just feels like you came here to boast for no reason other than trying to be arrogant.

It's not a bug. It's someone hacking, there's a big difference. And if it's been up and running for months, clearly "the rest" is not an issue.

I don't disagree, but the thing is, i don't keep up with L2 hacks, was never interested in them, i always played legit, so i don't truly understand how the bypass is done. And i've had my server up for a few months, this was clearly not a mistake and an intentional hack. If you have any suggestions as to how i could detect the source of the problem and how i could protect my server i'm happy to try/look up, but having a check for those skills on players and having an automatic ban seems like an easier solution. Keep in mind i'm not really a programmer/developer, i'm more of an enthusiast, so i can understand the logic behind it and edit codes, but i don't know how to code it from scratch myself. That's why i'm asking for some support here.

Hello, i need some help if anyone know: I have a multiskill server (L2JFrozen rev) and I've recently had some hacker enter my server and he was able to learn monster passive skills/active skills and some skills that aren't in any character skill tree, like valakas buff, super haste, etc. Since it happened i activated the AllowedSkills function (plus also activating it on the Protected folder CheckSkillsOnEnter), and added on the list only the character skills on the list (1-500 and 1000-1500), however, the function doesn't seem to be working. Is there a way a can put a verification on L2PcInstance or some other java instance to automatically ban player/delete skills between 3000-7000 or something like that? My source code already has something like this (i'll be posting below), but it doesn't seem to be working (i tested with another character and nothing happened to it). /** * check player skills and remove unlegit ones (excludes hero, noblesse and cursed weapon skills). */ public void checkAllowedSkills() { boolean foundskill = false; if (!isGM()) { Collection<L2SkillLearn> skillTree = SkillTreeTable.getInstance().getAllowedSkills(getClassId()); // loop through all skills of player for (final L2Skill skill : getAllSkills()) { final int skillid = skill.getId(); // int skilllevel = skill.getLevel(); foundskill = false; // loop through all skills in players skilltree for (final L2SkillLearn temp : skillTree) { // if the skill was found and the level is possible to obtain for his class everything is ok if (temp.getId() == skillid) { foundskill = true; } } // exclude noble skills if (isNoble() && skillid >= 325 && skillid <= 397) { foundskill = true; } if (isNoble() && skillid >= 1323 && skillid <= 1327) { foundskill = true; } // exclude hero skills if (isHero() && skillid >= 395 && skillid <= 396) { foundskill = true; } if (isHero() && skillid >= 1374 && skillid <= 1376) { foundskill = true; } // exclude cursed weapon skills if (isCursedWeaponEquiped() && skillid == CursedWeaponsManager.getInstance().getCursedWeapon(_cursedWeaponEquipedId).getSkillId()) { foundskill = true; } // exclude clan skills if (getClan() != null && skillid >= 370 && skillid <= 391) { foundskill = true; } // exclude seal of ruler / build siege hq if (getClan() != null && (skillid == 246 || skillid == 247)) if (getClan().getLeaderId() == getObjectId()) { foundskill = true; } // exclude fishing skills and common skills + dwarfen craft if (skillid >= 1312 && skillid <= 1322) { foundskill = true; } if (skillid >= 1368 && skillid <= 1373) { foundskill = true; } // exclude sa / enchant bonus / penality etc. skills if (skillid >= 3000 && skillid < 7000) { foundskill = true; } // exclude Skills from AllowedSkills in options.properties if (Config.ALLOWED_SKILLS_LIST.contains(skillid)) { foundskill = true; } // exclude Donator character if (isDonator()) { foundskill = true; } // exclude Aio character if (isAio()) { foundskill = true; } // remove skill and do a lil LOGGER message if (!foundskill) { removeSkill(skill); if (Config.DEBUG) { // sendMessage("Skill " + skill.getName() + " removed and gm informed!"); LOGGER.warn("Character " + getName() + " of Account " + getAccountName() + " got skill " + skill.getName() + ".. Removed!"/* + IllegalPlayerAction.PUNISH_KICK */); } } } // Update skill list sendSkillList(); skillTree = null; } }

I know, but i made my server as a hobby of mine, so i don't really have goals to make it professional or huge, that's why i didn't want to check aCIS or L2-Off 'cause they're often bit more complex. I had l2j C3-C5 servers long time ago. I got back to it last year and i just wanted to make a decent stable with the unique features i wanted on other servers and never could find. And in order to check all packets exclusive to Polearm users would probably require alot of time studying the datapack and java knowledge that i don't really have atm. So for now, i'd say that works fine for me. Thanks alot! I really wouldn't have figured this one out alone. @wongerlt I have no problem seeing or walking in places with lots of monsters, i can even just let them attack me and could walk and heal with no lag, the issue only happened when attacking with a polearm multiple of them. And nah, it was not exclusive to the dinos, any place with lots of monster to aggro (Antharas Lair, Cruma Tower, etc) and attacking them with a polearm would result in those multiple packets that lagged the client. But the suggestion Tryskell gave me did the trick!

Hmm, i'm not sure i understood everything, but i did a search on the datapack and found this line on NetcoreConfig.java From what i saw on your vid you changed from 12 to 80, right? So, do i change those send/read lines to read more packets? Or would it be a more complicated solution? I will test changing those 2 to 80 as you suggested and get back here with the results soon. As for L2PHX i don't know about it, but i can try and see what log it generates then post it here. I'll do those 2 tests as soon as i get free and get back to you. @AlmostGood Yeah, from the discussions with Tryskell i could figure it's something server sided, i'm just trying to find where exactly can i fix it so that it can read the packets properly. @BruT Not any particular big mod changes like adding an enterily new system that could compromise. There's some TVT and some other event stuff that came with l2jfrozen rev, but i got a clean datapack to work with (i got it over a year ago, worked a while, picked up again now), so i don't use those custom stuff, if there are such mods as you mentioned, probably came in the rev i got but it's not something that i use. But as for some changes, yeah, i did a few changes in the datapack to modify/add features that i wanted in the server, but none that would compromise the packets queue as far as i'm concerned, since most of the changes were simple if/elses in between the codes. As i mentioned before, i'm not really a programmer, i'm more of a enthusiast that likes to test things out. But since i did make alot of changes to make the server as i envisioned it, i don't want to get a new datapack or change it, i'm trying at least a work around that lag issue which is the only thing that actually compromises the gameplay for Fighter classes at the moment. Edit: @Tryskell changing the MAX_SEND_PER_PASS did the trick!! The animations are working smoothly with 80/80, i tested it up to 100 and it also went well! I left it currently as: public int MMO_MAX_SEND_PER_PASS = 100; // default 12 public int MMO_MAX_READ_PER_PASS = 100; // default 12 Just so i know, are there any risks related to leaving those 2 higher? Should i set the Read back to 12? I just tried changing both to see if it would work, and apparently it did. I just don't know if it represents any risks to the server leaving them so high.

Oh, i misread and opened the wrong file the 2nd time i was checking here, lol, i opened my L2Attackable from model and not AI when checking it for the 2nd time, sorry haha. Yeah, i got the isDead() line on the L2AttackableAI.java already. Same as i posted, so i'm assuming it's not that. And nope, no lag on the 2nd client, everything seems smooth. I click to walk on the 1st client, it doesn't move there, but it moves instantly on the spectator character on the 2nd client. I've never used L2PHX so i'll have to get some info on how to see the packets there, i don't even have a clue how to start there, i'm still a rookie with programming stuff, i'm more of an enthusiast so please have some patience with me. On a second note, I was thinking if there would be some way to possibly reduce packets that are not really necessary when using Polearm. I'm assuming using Polearm with fast atk speed generates multiple system logs of the attack, which floods the client with multiple packets and results in heavy lag. You think that if i find those message packets and remove them for polearm users could work? Or maybe put a ms interval (Idk is that's possible)? I don't know how the code would be, but a logic like this: if (player.isUsingPolearm()) return; else player.sendPacket(new SystemMessage(SystemMessageId.HIT)); On the L2Attackable.java (model) there's this line for OverHit, so it gave me that idea i just mentioned: if (attacker instanceof L2PcInstance) { final L2PcInstance player = (L2PcInstance) attacker; if (isOverhit() && attacker == getOverhitAttacker()) { player.sendPacket(new SystemMessage(SystemMessageId.OVER_HIT)); exp += calculateOverhitExp(exp); } Would you know a way to limit these packets under these circumstances?