computertech/duckhunt
1
1
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
00e129d2f3158f99ccab4844f7d23520b608fdf3
duckhunt/ADMIN_SECURITY.md
ComputerTech312 f3a9c5b611 Security fixes, UI improvements, and game balance updates 
- Fixed critical security vulnerabilities in shop targeting system
- Fixed admin authentication bypass issues
- Fixed auto-rearm feature config path (duck_spawning.rearm_on_duck_shot)
- Updated duck spawn timing to 20-60 minutes for better game balance
- Enhanced inventory display formatting with proper spacing
- Added comprehensive admin security documentation
2025-09-26 19:06:26 +01:00

1.1 KiB
Raw Blame History

Enhanced Admin Configuration

For better security, update your config.json to use hostmask-based admin authentication:

Current (Less Secure) - Nick Only:

{
    "admins": [
        "peorth",
        "computertech", 
        "colby"
    ]
}

Recommended (More Secure) - Hostmask Based:

{
    "admins": [
        {
            "nick": "peorth",
            "hostmask": "peorth!*@trusted.domain.com"
        },
        {
            "nick": "computertech", 
            "hostmask": "computertech!*@*.isp.net"
        },
        {
            "nick": "colby",
            "hostmask": "colby!user@192.168.*.*"
        }
    ]
}

Migration Notes:

  • The bot supports both formats for backward compatibility
  • Nick-only authentication generates security warnings in logs
  • Hostmask patterns use shell-style wildcards (* and ?)
  • Consider using registered nick services for additional security

Security Benefits:

  • Prevents nick spoofing attacks
  • Allows IP/hostname restrictions
  • Provides audit logging of admin access
  • Maintains backward compatibility during migration