Hey guys,
i don´t like this guys attitude by attacking other servers and then selling his cheap protection to them.
So i had a quick look at it
My assumption:
Its pretty simple the client is sending a GET request on client start to a webserver (its also the gameserver).
The script gets the request IP and whitelists it in the packet filter.
To bypass this just get the webserver ip with e.g. wireshark at client start.
Now you can do a simple GET request to that address and your ip is whitelisted.
--> This creates a even more critical attack surface. If the webserver is not reachable anymore no player can log in
--> If you have a botnet/proxies you can whitelist their ips with a GET request and do your stuff again (if you do not have much power )
Everything was tested on a server who bought the "protection"