[V415]

So we've managed to stop an attacker that has been from flooding us by having users log in and use /enter

Now we are having them flood the server with incoming connection from fake IP addresses.

Any idea how we can block the latest attempt by these guys to stop the flooding?

[Abhishek.]

go check the fs max ips by samp in your fs folder or maybe range ban those guys

[V415]

We've tried the maxips FS , we're looking at ryders include.

It's not possible to block by range with this many fake IP's coming in

[27/05/2013 21:41:30] Incoming connection: 178.141.118.22:33176
[27/05/2013 21:41:30] Incoming connection: 222.127.54.22:33621
[27/05/2013 21:41:30] Incoming connection: 92.55.48.30:37985
[27/05/2013 21:41:30] Incoming connection: 84.202.60.222:7365
[27/05/2013 21:41:30] Incoming connection: 201.218.40.119:59346
[27/05/2013 21:41:30] Incoming connection: 75.88.80.69:1239
[27/05/2013 21:41:30] Incoming connection: 186.129.9.173:18519
[27/05/2013 21:41:30] Incoming connection: 177.207.129.191:31108
[27/05/2013 21:41:31] Incoming connection: 94.100.238.203:52967
[27/05/2013 21:41:31] Incoming connection: 92.113.175.233:10438
[27/05/2013 21:41:31] Incoming connection: 197.205.5.242:8055
[27/05/2013 21:41:31] Incoming connection: 2.239.130.41:36332
[27/05/2013 21:41:31] Incoming connection: 46.116.134.98:41029
[27/05/2013 21:41:31] Incoming connection: 187.6.3.128:27947
[27/05/2013 21:41:31] Incoming connection: 5.166.124.198:23679
[27/05/2013 21:41:31] Incoming connection: 118.69.91.112:18596
[27/05/2013 21:41:31] Incoming connection: 139.192.203.47:20782
[27/05/2013 21:41:31] Incoming connection: 112.204.203.63:45221
[27/05/2013 21:41:31] Incoming connection: 78.84.8.16:26464
[27/05/2013 21:41:32] Incoming connection: 41.178.216.105:48421
[27/05/2013 21:41:32] Incoming connection: 181.64.86.192:59808
[27/05/2013 21:41:32] Incoming connection: 95.57.9.212:24274
[27/05/2013 21:41:32] Incoming connection: 112.203.35.61:38021
[27/05/2013 21:41:32] Incoming connection: 41.239.110.207:23545
[27/05/2013 21:41:32] Incoming connection: 177.3.56.184:49860
[27/05/2013 21:41:32] Incoming connection: 78.96.229.109:29863
[27/05/2013 21:41:32] Incoming connection: 83.149.44.189:30318
[27/05/2013 21:41:32] Incoming connection: 95.107.227.54:56607
[27/05/2013 21:41:32] Incoming connection: 139.228.36.184:44006
[27/05/2013 21:41:32] Incoming connection: 109.105.215.87:51114
[27/05/2013 21:41:32] Incoming connection: 92.112.118.169:54506
[27/05/2013 21:41:32] Incoming connection: 186.145.196.53:56483
[27/05/2013 21:41:32] Incoming connection: 121.54.34.31:8992
[27/05/2013 21:41:32] Incoming connection: 87.110.140.85:2405
[27/05/2013 21:41:32] Incoming connection: 189.170.90.191:13736
[27/05/2013 21:41:32] Incoming connection: 177.3.56.144:26845
[27/05/2013 21:41:33] Incoming connection: 31.47.11.70:46204
[27/05/2013 21:41:33] Incoming connection: 177.203.95.102:47586
[27/05/2013 21:41:33] Incoming connection: 84.202.115.72:57913
[27/05/2013 21:41:33] Incoming connection: 178.127.196.76:57898
[27/05/2013 21:41:33] Incoming connection: 177.133.186.10:55121
[27/05/2013 21:41:33] Incoming connection: 112.207.22.132:59902
[27/05/2013 21:41:33] Incoming connection: 190.31.86.87:15939
[27/05/2013 21:41:33] Incoming connection: 201.15.218.175:61829
[27/05/2013 21:41:33] Incoming connection: 41.237.50.184:43134

[Abhishek.]

wait so hes changeing ips per second maybe hes masking his ip well try tracking the location still it could be that they all are from a same company or well maybe make a system if some ip joins your server and dosent spawns in 10 seconds then block the ips connection

ah after traceing all ips shows the same result

Код:

//i have only randomly picked 2 and they were the same so i think all are same
[Querying whois.arin.net]
[Redirected to whois.ripe.net:43]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-...5.68673041% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '92.55.0.0 - 92.55.63.255'

inetnum:        92.55.0.0 - 92.55.63.255
org:            ORG-CCM1-RIPE
netname:        RU-MARKITT-20080306
descr:          OOO Izhevsk.NET
country:        RU
admin-c:        AVE3-RIPE
tech-c:         MI380-RIPE
status:         ALLOCATED PA
mnt-by:         RIPE-NCC-HM-MNT
mnt-lower:      MARK-ITT-MNT
mnt-routes:     MARK-ITT-MNT
source:         RIPE # Filtered

organisation:   ORG-CCM1-RIPE
org-name:       OOO Izhevsk.NET
org-type:       LIR
address:        OOO "Izhevsk.NET"
                Alexander V. Ermolaev
                pob 9150 (preferred)
                426011 Izhevsk
                RUSSIAN FEDERATION
phone:          +73412918006
fax-no:         +73412918004
admin-c:        AY70-RIPE
admin-c:        AVE3-RIPE
admin-c:        WAS7-RIPE
mnt-ref:        MARK-ITT-MNT
mnt-ref:        RIPE-NCC-HM-MNT
mnt-by:         RIPE-NCC-HM-MNT
source:         RIPE # Filtered

role:           CC MARK-ITT
address:        46, ul. Likhvintseva, Izhevsk 426000 Russia
remarks:        trouble:      Points of contact for MARK-ITT Network Operations
                ----------------------------------------------------------
                Routing and peering issues: noc@mark-itt.net
                SPAM issues:                abuse@mark-itt.net
                Network security issues:    security@mark-itt.net
                Mail and News issues:       postmaster@mark-itt.net
                Customer support:           abon@mark-itt.net
                General information:        info@mark-itt.net
                ----------------------------------------------------------
admin-c:        AEAE1-RIPE
tech-c:         AEAE1-RIPE
tech-c:         RD841-RIPE
tech-c:         AY70-RIPE
tech-c:         WAS7-RIPE
nic-hdl:        MI380-RIPE
mnt-by:         MARK-ITT-MNT
source:         RIPE # Filtered

person:         Alexander V. Ermolaev
address:        pob4085, Izhevsk RU426011, Russia
phone:          +7 3412 918033
fax-no:         +7 3412 918004
nic-hdl:        AVE3-RIPE
mnt-by:         MARK-ITT-MNT
source:         RIPE # Filtered

% Information related to '92.55.0.0/18AS3226'

route:          92.55.0.0/18
descr:          MARK-ITT
origin:         AS3226
mnt-by:         MARK-ITT-MNT
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.60.2 (WHOIS4)

and they are from Izhevsk.NET/ why dont range ban all of this company's servers/location or the country

[ESGaming]

You could country ban russia lol.

[CmZxC]

Quote:

Originally Posted by ESGaming You could country ban russia lol.

How stupid this may sound, this could be your only way out.

[tboysamp]

am Belkin_Cortez am not flooding your server lets see the video

[Lorenc_]

You should contact a SA-MP team member about this. They'll help you patch it. I don't want to reveal the function because it's always been discreet but yeah. Ask them.

1. Jump on IRC
2. /join #sa-mp
3. nudge a moderator, don't spam, because they won't help.

[V415]

Thanks Lorenc, will have my scripting team give it a try

And sure enough they said there is no special function, any thoughts?

[V415]

-removed