[LocMax]

So yesterday some guy came into my server and he said he'll crash it, second after it crashed.
I couldn't start it back up instantly after it went down, the ping was like 3000 but it's not a DDoS.


Silence.pwd:
my bot net <3
Today at 02:05:38 PM

Silence157:
Why has banned me from Forums new ? now I'll take down the server you forever to be , every day will now take down the server you.
Today at 02:09:38 PM

He claims he used this:
http://i.imgur.com/oBBeL4A.png

However, we don't experience lag anywhere else other than in the server. No lag in putty, no lag in PHP but only in the server.
So it's some kind of bot attack but we just can't figure out what kind of it.
We have an IP limiter which allows specific amount of connections from single IP: Currently it's at OnPlayerConnect, in next update I moved it to OnIncomingConnection.
We also have some other protections against bots that worked before but it looks like it won't work on this one.

Код:

[12:32:43] [chat] [Silence.pwd]: I will bring down the server now.
[12:32:43] [part] [AGF]Red[PMA] has left the server (18:1)
[12:32:44] [chat] [Silence.pwd]: I will bring down the server now.
[12:32:45] [part] Silence.pwd has left the server (2:1)
[12:32:46] [part] Jezzy has left the server (6:1)
[12:32:49] RCON (In-Game): Player #3 (Vandetta_) has logged in.
[12:33:00] [part] [GAr]PGkiller has left the server (15:0)
[12:33:00] [part] Yashas has left the server (50:0)
[12:33:00] [part] [AG]Sterben has left the server (28:0)
[12:33:00] [part] KOPASUS has left the server (37:0)
[12:33:00] [part] [UBF]Aswanth has left the server (5:0)
[12:33:00] [part] [AG]Zedd has left the server (1:0)
[12:33:00] [part] Messerschmitt has left the server (4:0)
[12:33:00] [part] [AG]Sh4dowX[DF] has left the server (7:0)
[12:33:00] [part] [GAr]RJunandia[BEGO] has left the server (11:0)
[12:33:00] [part] [SHCF]Isardi has left the server (12:0)
[12:33:00] [part] Johnatan_Jefferson has left the server (16:0)
[12:33:00] [part] [M.O.A]Memothepro has left the server (17:0)
[12:33:00] [part] KA05 has left the server (20:0)
[12:33:00] [part] [AG]Mr.Dot has left the server (21:0)
[12:33:00] [part] Jeremy_Scotch has left the server (24:0)
[12:33:00] [part] [GAr]CreedScythe has left the server (25:0)
[12:33:00] [part] 9459 has left the server (26:0)
[12:33:00] [part] Diveron has left the server (27:0)
[12:33:00] [part] [AB]Gedder has left the server (32:0)
[12:33:00] [part] Mark_Darcy has left the server (33:0)
[12:33:00] [part] Jons_Brain has left the server (36:0)
[12:33:00] [part] Vanua_Bob has left the server (39:0)
[12:33:00] [part] GalaxyRiderZ has left the server (46:0)
[12:33:00] [part] chau has left the server (47:0)
[12:33:00] [part] Tony_Milton has left the server (49:0)
[12:33:00] [part] [GAr]Shooter has left the server (51:0)
[12:33:00] [part] [MSF]Daniel213 has left the server (52:0)
[12:33:00] [part] Adel_Turer has left the server (59:0)
[12:33:00] [part] boboiboy has left the server (31:0)
[12:33:00] [part] [GAr]IntelGent has left the server (40:0)
[12:33:00] [part] [AG]MatrixT has left the server (41:0)
[12:33:01] [part] [SF]xHaMza has left the server (0:0)
[12:33:01] [part] Boomnable_45 has left the server (10:0)
[12:33:01] [part] Valentinas_Tukas has left the server (22:0)
[12:33:01] [part] Vlad_Semenchuk has left the server (48:0)
[12:33:02] [chat] [[UBF]Pr0kKiLlEr]: m9j
[12:33:03] [chat] [[TSK]Jokerbaba]: m9j
[12:33:03] [chat] [[TSK]Jokerbaba]: m9j
[12:33:04] [part] Vandetta_ has left the server (3:0)
[12:33:06] [part] AimP has left the server (19:0)
[12:33:07] [connection] 180.191.*.*:41071 requests connection cookie.
[12:33:08] [part] [AG]Luka_Carek[MSF] has left the server (43:0)
[12:33:09] [part] Kin_Bandit has left the server (44:0)
[12:33:09] [part] [AG]Smoove[DF] has left the server (35:0)
[12:33:10] [part] NoobzFTW has left the server (29:0)
[12:33:10] [chat] [[TSK]Jokerbaba]: m9j
[12:33:11] [connection] 120.174.*.*:55648 requests connection cookie.
[12:33:11] [part] Vanoss[PMA] has left the server (9:0)
[12:33:13] [part] [UBF]Pr0kKiLlEr has left the server (8:0)
[12:33:15] [part] KINGAWAIS has left the server (34:0)
[12:33:20] [part] NaGiBaToR_007 has left the server (14:0)
[12:33:20] [part] [TSK]Jokerbaba has left the server (13:0)
[12:33:20] Incoming connection: 94.54.*.*:55561 id: 0
[12:33:21] [connection] 151.0.*.*:54062 requests connection cookie.
[12:33:29] [connection] 188.244.*.*:1542 requests connection cookie.
[12:33:43] [connection] 95.70.*.*:51539 requests connection cookie.
[12:33:54] [connection] 87.225.*.*:63514 requests connection cookie.
[12:33:57] [connection] 117.201.*.*:10017 requests connection cookie.
[12:34:05] Incoming connection: 117.201.*.*:10018 id: 0
[12:34:13] [connection] 79.141.*.*:63049 requests connection cookie.
[12:34:13] [connection] 178.191.*.*:54472 requests connection cookie.
[12:34:13] [connection] 78.0.*.*:61531 requests connection cookie.
[12:34:13] [connection] 36.71.*.*:10284 requests connection cookie.
[12:34:13] [connection] 114.79.*.*:64396 requests connection cookie.
[12:34:13] [connection] 89.82.*.*:58850 requests connection cookie.
[12:34:13] [connection] 95.70.*.*:51772 requests connection cookie.
[12:34:13] [connection] 113.212.*.*:2437 requests connection cookie.
[12:34:13] [connection] 103.255.*.*:27702 requests connection cookie.
[12:34:13] [connection] 188.162.*.*:55861 requests connection cookie.
[12:34:13] [connection] 178.191.*.*:54472 requests connection cookie.
[12:34:13] [connection] 36.71.*.*:10284 requests connection cookie.
[12:34:13] [connection] 95.70.*.*:51772 requests connection cookie.
[12:34:13] [connection] 113.212.*.*:2437 requests connection cookie.
[12:34:13] [connection] 103.255.*.*:27703 requests connection cookie.
[12:34:13] [connection] 188.162.*.*:55861 requests connection cookie.
[12:34:13] [connection] 178.191.*.*:54472 requests connection cookie.
[12:34:13] [connection] 95.70.*.*:51772 requests connection cookie.
[12:34:13] [connection] 113.212.*.*:2437 requests connection cookie.
[12:34:13] [connection] 103.255.*.*:27703 requests connection cookie.
[12:34:13] [connection] 188.162.*.*:55861 requests connection cookie.
[12:34:13] [connection] 113.212.*.*:2437 requests connection cookie.
[12:34:14] [connection] 103.255.*.*:27703 requests connection cookie.

Any ideas?

[LocMax]

New one..

Silence.programer: I said that my attack would forever
Today at 06:34:06 PM
Silence.programer: You will not have peace call of duty.
Today at 06:35:05 PM

Код:

[17:24:55] [warning] dropping a split packet from client
[17:24:56] [warning] dropping a split packet from client
[17:24:57] [warning] dropping a split packet from client
[17:24:58] [warning] dropping a split packet from client
[17:24:59] [warning] dropping a split packet from client
[17:26:12] Packet was modified, sent by id: 42, ip: 187.2.*.*:61579
[17:26:19] Packet was modified, sent by id: 42, ip: 187.2.*.*:61579
[17:26:19] Packet was modified, sent by id: 42, ip: 187.2.*.*:61579
[17:26:23] [warning] dropping a split packet from client
[17:26:23] [warning] dropping a split packet from client

Even though packets are there when someone lags, these warnings raise before the crash happens.

[connork]

Use a firewall to block these packets, or keep players online.

[Evocator]

We had the same problem around 2 months ago, a guy came in and said he can crash the server, two seconds later it did. I contacted my host and this was their reply:

Quote:

i was missing libmysqlclient-dev it corrupted probs the reason

Then, everything went fine.

probs thats not your problem, but i wish it could help (since we were facing the same issue).

[ColonelBurton]

Quote:

Originally Posted by Ralfie We had the same problem around 2 months ago, a guy came in and said he can crash the server, two seconds later it did. I contacted my host and this was their reply: Then, everything went fine. probs thats not your problem, but i wish it could help (since we were facing the same issue).

He did it more than once?
He crashed it already 6 times in the latest 24 hours...

[LocMax]

I added him on skype, he wants VIP level 3

[18:22] Silence is dead: I have one bot net 256 zombie online
[18:23] LocMax: and then those zombies connect to server in same time?
[18:23] Silence is dead: Yes I can take down anyone.

@connork - We're not sure if it's an attacker or innocent player though
@Ralfie - We'll try to reinstall the libmysql stuff, thanks for pointing it out.

[SrIzZaN]

Quote:

Originally Posted by LocMax I added him on skype, he wants VIP level 3 [18:22] Silence is dead: I have one bot net 256 zombie online [18:23] LocMax: and then those zombies connect to server in same time? [18:23] Silence is dead: Yes I can take down anyone. @connork - We're not sure if it's an attacker or innocent player though @Ralfie - We'll try to reinstall the libmysql stuff, thanks for pointing it out.

And you Will give him VIP level 3??

[Evocator]

Quote:

Originally Posted by ColonelBurton He did it more than once? He crashed it already 6 times in the latest 24 hours...

He managed to do that from time to time (around 3x). He was nicked "AJAX" when he joined.

[ColonelBurton]

Quote:

Originally Posted by Ralfie He managed to do that from time to time (around 3x). He was nicked "AJAX" when he joined.

can i know his ip/country, if it was the same person...

[Evocator]

Quote:

Originally Posted by ColonelBurton can i know his ip/country, if it was the same person...

I still have the logs, but who are you...