2015.03.22

FarCry 4 screenshot dreamland tiger multi arrow bow

A little more on Far Cry now that I've reached the end.
Annoyances

FarCry 4 screenshot Kyrat airport plane

But really, those are all pretty minor, great game.
The saga of the bomb car

FarCry 4 screenshot C4 truck remote charge meme strategy

C4 has been fun since Metal Gear Solid. Vehicles have been fun since GTAIII. Yet, in my gaming experience the two have never had a roll in the hay.


At first, all seemed to be lost. The charges would just slide off any vehicle in motion. Sure there's MIRV potential, but how many outposts have just the right cliff?

But then I discovered (what may have already been explained in dialogue) that c4 attached while crouching would stick to anything. Cool!

C4 the truck:


C4 the helicopter:


C4 for healing:

Endgame

The game length is pretty good - the main quest feels kind of short, completionist gets kind of tedious - so just about right. Missions get considerably easier and less stealth-dependent as you get the better equipment.

FarCry 4 screenshot bird acid trip bow dream

The toughest part of the game, for me, was defeating the final Shangri-La boss.
Map editor

FarCry 4 screenshot map editor

I did not realize until I was finished with the main game that there is a map editor. Whoa, adult legos! (No, not adult legos).

It is cool, it lets you make some extremely detailed maps. For a console the interface pretty superb, although it could use a snap-to system. The only real issue, and it's a big one, is the limited control of enemy spawn (how/when). The 'ai budget' only allows a dozen or so dudes on a fairly large map space (+/- with vehicles and wildlife) so maps have to be fairly linear.

The MO in the main game is to drop everybody without letting anyone get to an alarm box. In user-generated maps if you do this you're missing out on 4/5 of the fun. So you kind of have to design missions that people will feel are cheap so that an alarm gets triggered.

I had quite a lot of fun making maps. One of them was Rainbow Road-inspired. If you blew up your vehicle halfway through, no worries, I supplied a tuk tuk:

A bit more mayhem from the main game


Wingsuit woo.


It's a shame the main quest was not co-op-able, but the side quests are great for teamwork. Hostage rescue in particular.


Escort missions are great for doing some demolition, even better is if you have air cover:


...


Most of the racing (Kyrati Films) missions are alike, some infuriating. One of them employs both the wingsuit and hovercraft.


So that's about it for Far Cry, Tuesday I'll be riding on a Claptastic Voyage.
Kafka

He decided to chomp a cognac box.




2015.03.22

A few months ago Steve and I noted that our respective sites were getting tons of hits from Samara Oblast, an obscure(?) territory in Russia. Russian search engine maybe? Cybercriminals? Proxy for the American or Chinese or Syrian electronic armies? Who really cares? Only port 80 should be open and doing nothing fancy

But since this kilroy thing has gotten pretty lengthy I was scoping the possibility of doing some sort of 'top content' thing based on hits. So I pulled my server logs and was looking through them to see how hard it'd be to parse.
Attack surface

Missile command screenshot

Source.

Well this is fun:
91.200.13.119 "GET /kilroy/archive/2008/04/index.html HTTP/1.0"...
91.200.13.119 "GET /kilroy/2008/01/leader-board-r.html HTTP/1.0"...
91.200.13.119 "GET /kilroy/2008/01/index.php HTTP/1.0"...
91.200.13.119 "GET /2008/01/index.php HTTP/1.0"...
91.200.13.119 "GET /kilroy/2008/01/index.php HTTP/1.0"...
91.200.13.119 "GET /2008/01/index.php HTTP/1.0"...
91.200.13.119 "GET /kilroy/2008/01/index.php HTTP/1.0"...
91.200.13.119 "GET /2008/01/index.php HTTP/1.0"...
How am I going to count hits for 2008/01/index.php when there is no anything.php?

Eight sequential hits from the same person, within 10 seconds. That's what I call quick on the mouse. Whois says it's from Ukraine. I'm going to stop me right here, this is my first time actually looking at http traffic, this is old hat to 80% of the world. Okay, let's continue.
Maybe they're just guessing about site map, but probably they're looking to have some fun with php.

Another interesting one:
POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65
%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F
%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62
%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61
%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64
%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66
%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64
%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1
Looking to do injection or overflow or something? Not really my wheelhouse, but it was kind of a fun digression.
Classifier

So I wrote some code to classify site traffic into one of the following categories:
Some of it was pretty easy, bots tend to declare themselves in the user agent string and hit robots.txt first. Malicious stuff sends PUTs and looks for files that aren't .html/.jpg/etc. And, of course, sequential traffic from the same IP can be classified together. This is important because an attack might hit numerous legit links but it's not visit traffic.
Data

Logs go back about a year. Here's some excel because easy.

Classification of web site hits

I get indexed about twice as much as I get visited. There have been more than 20,000 malicious http requests.

Web site bot hits histogram

Google, Baidu, and Majestic 12 (a distributed indexing project) turned up most. But there are quite a few bots out there.

So the top visited content, the main reason for this whole endeavor:

Pages
Images
Labels - which are now just links to search
Data skew: some content has been around longer. On the other hand, the logs are only from about a year back.

When I get some more fun-coding time I'll see about putting this in the sidebar.