Connection flood - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: Connection flood (/showthread.php?tid=639868)

---

Re: Connection flood - Sumit4 - 26.08.2017

I saw some servers which are working normally like UIF that means these servers have any strong protection against these attacks?

---

Re: Connection flood - Shaheen - 26.08.2017

Same Words i have to say about my server.
Contact me via pm and we will have a peace talk..

---

Re: Connection flood - RDM - 26.08.2017

Protection for this attack! https://sampforum.blast.hk/showthread.php?tid=639962

add these rules in Hardware firewall and block 95 % fake packets !

---

Re: Connection flood - Christofski - 26.08.2017

this is useless to anyone using a VPS unfortunately and I do not feel like switching out to a dedicated machine just for one sa-mp serv

---

Re: Connection flood - RDM - 26.08.2017

It is not useless if the company you hire adds similar rules in the hardware firewall !!

I could help you if you were on a network within my reach!

---

Re: Connection flood - PrettyDiamond - 26.08.2017

I tested it and this doesnt works for me, and i think doesnt works for anyone. Stop to difuse lies here. You cannt test itself because you dont get attacked by this kind of attack. So delete your unusefull postings and you do a lot good for us victims.

---

Re: Connection flood - PrettyDiamond - 26.08.2017

I have a dedicated machine with debian 9 and all securitys for spoof attacks, so this isnt a problem only of VPS owners.

---

Re: Connection flood - Christofski - 26.08.2017

I am with OVH and am in contact with them, PM me some more details, I have rules set in my firewall currently.

---

Re: Connection flood - RDM - 26.08.2017

Hello my servers are on the attack ..

My hardaware firewall is barring fake packages!

My hosted tab server: 167.114.201.74:7777


I am making significant improvements in my rules,
I am migrating to iptables and soon I will update them in my github!

---

Re: Connection flood - 1nspire - 26.08.2017

The attacker should be dumb as hell to share a solution with you even if you donate him a fortune, because obviously, this solution will be shared publicly here, quit whining, sit on your ass and let the kiddo spend mom and dad's money and enjoy while it lasts. Actually, why not create a GoFundMe for him?

The flood itself isn't big of a deal and can barely do shit, except making your server query slow, stop panicking and praising 'Lord Mr. Flooder', I bet he's around here, laughing his ass off on cringe comments, which 80% of this thread consist of.

---

Re: Connection flood - RDM - 26.08.2017

You did not understand my locking logic,
The attack is spoofed, the attacker only sends a packet of each query and cookie connection, after he does not send more with the same ip!

So I drop all 1 pack of all the customers!


Please see new version in my github! :https://github.com/Edresson/SAMP-Fir...er/Firewall.sh


In my github has a simple script that simulates the attacker attack to test, I created the same in 3 minutes!
It's very simple to fake udp packages!

---

Re: Connection flood - Battlezone - 26.08.2017

The 'not a big deal you're talking about dropped my players avg from 90 to 40, and not only mine but other popular servers as well, how about that?
Stop shit talking, yor reply is useless and not at all helpful, keep your irony for yourself

---

Re: Connection flood - 1nspire - 26.08.2017

I'm pretty sure the 'no big deal' I'm talking about didn't drop your average player-base from 90 to 40, or even if it did - that means you haven't informed your players about what's going on the same way Kalcor doesn't inform us what's going on, having said that, I do NOT see any changes in the playerbase of popular serves, another funny thing is that you cannot just say your average playerbase dropped with more than 50% for 48 hours, that's something you calculate monthly, not daily, so excuse mua.

https://gyazo.com/85abd6696d7d766d003ccb4cd6a9977c
I don't clearly see a major drop in your player-base, don't know where you took all these numbers from.

If you consider my post shit-talking (obviously against the ehm... attacker?) then you should go learn the definition of shit-talking, I was actually trying to calm people down and not let them fund the one who's ruining shit, my reply is less useless and more helpful than other replies that advice you to ban millions of IPs from all around the world in order to "save your server" for a single day before they start using new ranges, smart.

__
EDIT: Your Discord invite link is expired, no actual announcements on your forums nor the webpage about the issue, you could either start communicating with your players or expect even bigger drops of your player-base, go with the first option and quit blaming people over SA-MP forums.

---

Re: Connection flood - Kaperstone - 26.08.2017

Did anyone receive a demand from the flooders?

---

Re: Connection flood - Crystallize - 26.08.2017

The best solution for now is turning your server off till all of this is solved

---

Re: Connection flood - iLearner - 26.08.2017

I disagree. If you have a vps just change port and Create a default server on current port and tell your users to go there.

(why our posts are being deleted)

---

Re: Connection flood - 10MIN - 26.08.2017

cuber found the tool that the attackers use, but his post got delleted...

---

Re: Connection flood - Crystallize - 26.08.2017

I have no idea its so annyoing 99% of my posts are gone.What do you mean with ports?

---

10MIN - Sew_Sumi - 26.08.2017

Because posting shit like that sends it out to more people that don't know about it, and more attacks happen...

After all, same with the hacks and all that shit... Do you think it's a good thing to simply post out "Oh it's XXX" and blatantly inform everyone of what it is that's causing it, without any thinking that others will download and start attacking other peoples servers?

---

Re: Connection flood - RDM - 26.08.2017

The attackers have a script for port 7777 if you use another els will have greater difficulty! If you use a different port they will have to clone the packages again!

If we all use ports one very different from the other makes it impossible to do them!

---