13:46 <+laxa> well you dont have the official zcatch version but rather a fork of it
13:46 <+laxa> but I backported patches to the zcatch 0.4.8 => https://github.com/Laxa/teeworlds-zcatch
13:46 <+laxa> (zCatch branch)
16:04 <+laxa> Is there any reason for the g_Config.m_Password[0] == '\0' there https://github.com/ddnet/ddnet/blob/master/src/engine/shared/network_server.cpp#L346 ?
16:05 <+laxa> If I remove that condition, servers with passwords arent being spammed again
16:05 <+laxa> I blindly removed the check without reading / understanding the code, so wondering what could be broken or not that way
19:24 <+Learath2> laxa: eeeee or EastByte would know, perhaps even heinrich5991 
19:34 <+Learath2> I have a slight feeling that it has sth to do with us catching the first `NETMSG_INPUT`
21:59 <+eeeee> EastByte added that check in https://github.com/ddnet/ddnet/commit/6ab2a558b30d0764ee142cfef360987126b81f48
22:09 <@EastByte> laxa: The vanilla antispoof thing isn't compatible with tw password auth (people can actually bypass the password auth when you remove that check)
22:11 <+laxa> Thanks, I'll take the risk, it's not like the guy is going to get a shell or anything anyway :)
22:11 <+laxa> I guess it's a worth it trade off considering the actual flooding
22:11 <@EastByte> Or you can just remove the password from the server
22:12 <+laxa> To bypass the password, the attacker would need a moded client
22:12 <+laxa> It's quite unlikely to happen considering the gain