Skip to main content
Android
iOS
macOS
Web
Windows
Electron
Flutter
React Native
React JS
Unity
Unreal Engine
Unreal (Blueprint)

Prevent and address cyber attacks and disruptions

Room bombing refers to one or more users maliciously disrupting the order of a channel. It usually occurs in chat rooms, and other multi-user interactive scenarios. Some common patterns of room bombing and disruptive behavior include:

  • Intercepting a token and joining a channel illegally, or utilizing the long validity period of a token to join the channel repeatedly.

  • Continuously making noise or sending illegal audio or video content.

  • Hijacking the signaling messages sent from the application server to the client to disrupt the client's microphone updates and room management.

  • Joining a channel when the network is down and reconnecting.

This page describes a series of measures to deal with room bombing and disruptive behavior to help maintain room order and improve business security.

Basic security solutions

This section introduces basic measures to safeguard the security of your client and server in multi-user interaction scenarios.

Use the latest SDK version

To ensure you have the latest security updates, best practice is to upgrade to the latest version of the Video SDK. Visit the SDKs page and download the latest version of the Android Video SDK.

Use token authentication

To ensure communication security, Agora strongly recommends use of token authentication in your app. Token authentication not only ensures that only authorized users can join a channel, but also controls the user's streaming privileges. To use token authentication, integrate token generation into your business server, and enable token verification on the Agora server. Refer to Secure authentication with tokens for details.

Set an appropriate validity period for tokens and permissions

To prevent unauthorized users from joining a channel by taking advantage of long token validity, use the following token generation parameters to set a suitable validity period:

  • tokenExpirationInSeconds:Sets the validity timestamp of the token. The default and maximum validity period of a token is 24 hours. Best practice is to set the validity period of a token as short as possible while meeting business needs.

  • privilegeExpirationInSeconds: Sets the effective timestamp of the permission. After the permission expires, the user is removed from the channel, and illegal users cannot use the token to log in to the channel again.

Update tokens regularly

When a token is about to expire, the SDK triggers the onTokenPrivilegeWillExpire callback. When you receive this callback, obtain a fresh token from the token server, and call renewToken to pass the newly generated token to the SDK.

info
  • Agora recommends setting the validity period of tokenExpirationInSeconds and privilegeExpirationInSeconds to be the same.

  • Ensure the secrecy of your app ID and app certificate. Agora recommends storing the app ID and app certificate securely on the app server. If you suspect leakage, Switch to a new primary certificate.

  • When updating the app certificate, best practice is to choose a time when the number of online users is at a minimum to avoid large-scale user login failure.

Use Co-host token authentication

Typically, using token authentication and strengthening the security performance of token authentication is sufficient to meet the needs of most real-time interaction scenarios. For scenarios where the audience needs to frequently go on and off the microphone, Agora provides authentication of users for publishing streams in a channel. This is known as Co-host token authentication.

Note

Before using this feature, make sure you have enabled Co-host token authentication in Agora Console.

To use co-host token authentication, set the user role using the role parameter when generating a token, and set the expiration time of all privileges using privilegeExpirationInSeconds. For different scenarios and user roles, refer to the following table to implement your authentication logic:

Characters and scenariosAuthentication steps
Host joins the channel to send streams
  1. Request a token with the role set to kRolePublisher. This token gives the host permission to send streams.
  2. Call setClientRole to set the role as the host.
  3. Call joinChannel to pass in a token with streaming privileges to join the channel.
Audience members join the channel
  1. Request a token with the role set to kRoleSubscriber. This token does not permit the user to send streams
  2. Since a user's role when joining a channel is by default audience, it is sufficient to call joinChannel directly and pass in a token to join the channel.
Audience gets the mic after joining the channel
  1. Request a token with the role set to kRolePublisher to give the user permission to send streams.
  2. Call renewToken to update the new token on the Agora server.
  3. Call setClientRole to switch the role to host.
info

If your business scenario requires more refined streaming permission control, refer to the Co-host token authentication guide.

After implementing co-host authentication, use it together with your business logic to verify that the user's ID is legitimate and that they are authorized to broadcast streams.

Response plan

This section describes the response measures after a room bombing and disruption occurs. Agora recommends that you implement the preventive measures in the basic security plan before taking the following steps.

Locate illegal users

Regularly call the Agora RESTful API http://api.sd-rtn.com/dev/v1/channel/user/{appid}/{channelName}/{hosts_only} on the app server to query the Agora server's online channel user list, and compare it with the list of users maintained on the app server to find illegal users. The API call frequency is capped at 20 times per second.

Handle illegal users

After you identify an illegal user, stop their room bombing and disruptive behavior to restore order to the room. Use one or more of the following methods to stop the disruptive activity:

Ban illegal users from posting streams

Use the following methods to achieve this:

  • The app server sends a message to the user's client asking the client to call muteLocalAudioStream and set muted to true to cancel publishing the audio stream.

  • The app server sends a message to the user's client requesting the client to call setClientRole to set the user's role as audience, and cancel their streaming privileges.

Kick illegal users out of the channel

The app server calls http://api.sd-rtn.com/dev/v1/kicking-rule. For the privileges parameter in the join_channel request packet body, set the cname, and uid fields to kick illegal users out of the channel.

The Agora server kicks the illegal users based on the values in the cname and uid fields as follows:

  • If you fill in cname without uid, no one can join the channel corresponding to that cname in the app.
  • If you fill in uid without cname, the uid cannot join any channel in the app.
  • If you fill in cname and uid, the uid cannot join the channel corresponding to the cname in the app.

Reference

This section contains content that completes the information on this page, or points you to documentation that explains other aspects to this product.

Interactive Live Streaming