Login

sniper-termit

Доброго времени суток, нам необходима помощь в отражении ddos атаки от некоторых умельцев.
Начну сразу с проблемы:
Ночью в этот понедельник на нас пустили атаку такого вида

Код:

[2012-10-08 19:32:13] [join] Alberto_Falcone_DSGh has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_Dji7 has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DEps has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DAJI has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DzmP has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_D2Xf has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DGrt has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DAST has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_D8Nl has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DS8V has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_Do5K has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DOUQ has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DKQJ has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_Dna5 has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DPFE has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DWpi has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DvxB has joined the server (63:95.58.107.49)

Т.е за 1 секунду около 100 подключений по UDP.
Все бы ничего, но на утро никто из игроков зайти на сервер не смог. После коннекта не начиналась загрузка.
http://hostingkartinok.com/show-imag...f5d826523a0ac2

Мы начали допиливать iptables на предмет ограничения коннектов, но все было безуспешно.

Во время этого началась добавочная порция:

Код:

[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49
[2012-10-08 19:32:13] Invalid client connecting from 95.58.107.49

В добавок к этому, мы получили еще один подарок.

Код:

[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:08:40] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:10:53] Warning: /rcon command exploit from: 3:95.58.107.49:62153

И еще одним видом решили добить лог, который начал стремительно расти в размерах, и очень сильно грузить систему.

Код:

[2012-10-08 21:10:53] Warning: PlayerDialogResponse PlayerId: 3 dialog ID doesn't match last sent dialog ID
[2012-10-08 21:10:53] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:10:53] Warning: PlayerDialogResponse PlayerId: 3 dialog ID doesn't match last sent dialog ID
[2012-10-08 21:10:53] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:10:53] Warning: PlayerDialogResponse PlayerId: 3 dialog ID doesn't match last sent dialog ID
[2012-10-08 21:10:53] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:10:53] Warning: PlayerDialogResponse PlayerId: 3 dialog ID doesn't match last sent dialog ID
[2012-10-08 21:10:53] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:10:53] Warning: PlayerDialogResponse PlayerId: 3 dialog ID doesn't match last sent dialog ID
[2012-10-08 21:10:53] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:10:53] Warning: PlayerDialogResponse PlayerId: 3 dialog ID doesn't match last sent dialog ID
[2012-10-08 21:10:53] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:10:53] Warning: PlayerDialogResponse PlayerId: 3 dialog ID doesn't match last sent dialog ID
[2012-10-08 21:10:53] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:10:53] Warning: PlayerDialogResponse PlayerId: 3 dialog ID doesn't match last sent dialog ID
[2012-10-08 21:10:53] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:10:53] Warning: PlayerDialogResponse PlayerId: 3 dialog ID doesn't match last sent dialog ID
[2012-10-08 21:10:53] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:10:53] Warning: PlayerDialogResponse PlayerId: 3 dialog ID doesn't match last sent dialog ID
[2012-10-08 21:10:53] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:10:53] Warning: PlayerDialogResponse PlayerId: 3 dialog ID doesn't match last sent dialog ID
[2012-10-08 21:10:53] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:10:53] Warning: PlayerDialogResponse PlayerId: 3 dialog ID doesn't match last sent dialog ID
[2012-10-08 21:10:53] Warning: /rcon command exploit from: 3:95.58.107.49:62153
[2012-10-08 21:10:53] Warning: PlayerDialogResponse PlayerId: 3 dialog ID doesn't

Ограничение в 10 новых коннектов за 30 секунд не помогло. Ограничение 3-х одновременных коннектов не помогло. Ограничение пакетов не помогло.

В подарок к этому, начали ложить апач на веб сервере большим числом коннектов с паблик прокси.

Код:

18.244.253.97 - - [08/Oct/2012:19:58:34 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
202.106.16.36 - - [08/Oct/2012:19:58:34 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
204.15.145.142 - - [08/Oct/2012:19:58:34 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
204.15.145.104 - - [08/Oct/2012:19:58:34 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
180.137.45.86 - - [08/Oct/2012:19:58:34 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
89.218.94.163 - - [08/Oct/2012:19:58:34 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
203.83.188.26 - - [08/Oct/2012:19:58:34 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
204.15.145.71 - - [08/Oct/2012:19:58:34 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
219.234.82.54 - - [08/Oct/2012:19:58:34 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
190.66.0.83 - - [08/Oct/2012:19:58:34 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
122.102.45.86 - - [08/Oct/2012:19:58:34 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
111.94.145.231 - - [08/Oct/2012:19:58:34 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
175.136.234.10 - - [08/Oct/2012:19:58:34 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
195.200.199.98 - - [08/Oct/2012:19:58:34 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
200.40.46.62 - - [08/Oct/2012:19:58:29 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
222.89.55.123 - - [08/Oct/2012:19:58:29 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
177.19.248.42 - - [08/Oct/2012:19:58:30 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
180.235.66.76 - - [08/Oct/2012:19:58:30 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
46.164.138.54 - - [08/Oct/2012:19:58:35 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
41.78.103.42 - - [08/Oct/2012:19:58:29 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
173.247.249.19 - - [08/Oct/2012:19:58:29 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
198.27.114.24 - - [08/Oct/2012:19:58:30 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
118.96.153.64 - - [08/Oct/2012:19:58:30 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
189.127.141.3 - - [08/Oct/2012:19:58:30 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
198.27.119.86 - - [08/Oct/2012:19:58:29 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
219.234.82.55 - - [08/Oct/2012:19:58:30 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
187.0.222.167 - - [08/Oct/2012:19:58:29 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
[08.10.2012 21:29:16] - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
89.218.94.163 - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
118.144.94.25 - - [08/Oct/2012:20:14:50 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
219.159.198.57 - - [08/Oct/2012:20:14:50 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
92.255.185.161 - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
219.234.82.75 - - [08/Oct/2012:20:14:50 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
80.87.147.132 - - [08/Oct/2012:20:14:40 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
213.168.125.60 - - [08/Oct/2012:20:14:50 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
190.116.87.4 - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
183.91.72.10 - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
46.225.241.134 - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
173.45.228.73 - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
31.47.250.238 - - [08/Oct/2012:20:14:50 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
96.44.145.175 - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
119.186.160.86 - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
177.66.210.65 - - [08/Oct/2012:20:14:50 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
94.41.29.30 - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
122.72.33.138 - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
201.200.162.46 - - [08/Oct/2012:20:14:50 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
175.103.58.55 - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
84.38.68.107 - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
198.27.114.24 - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
110.153.9.242 - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
93.186.66.144 - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
27.124.82.18 - - [08/Oct/2012:20:14:42 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 206 "-" "-"
72.64.146.136 - - [08/Oct/2012:20:14:49 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
176.9.209.113 - - [08/Oct/2012:20:14:50 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"
95.31.254.227 - - [08/Oct/2012:20:14:50 +0400] "POST /viewtopic.php?f=35&t=2089 HTTP/1.0" 503 2231 "-" "-"

Боты понимают куки, и продолжают свою деятельность даже при проверке через nginx. За одну секунду приходит около 300-500 GET/POST запросов, и апач уходит отдыхать, забирая с собой все остальные демоны.
Игровой сервер и веб сервер стоят в разных ДЦ, но данным личностям это особо не мешает.
Судя по полученной информации, атака была заказная, и блокировка казахстанского IP адреса длительного эффекта не принесет.
Прошу помощи у понимающего в данной области человека. Готов заплатить людям, которые готовы помочь.

Stepashka · 09.10.2012, 05:11

Судя по вашим логам, сервер ваш ложат с одного и того же адреса, вам не приходило в голову его перманентно забанить?

sniper-termit · 09.10.2012, 11:29

я уже написал, что это особого эффекта не принесло, так как он продолжил свое дело через VPN после бана нескольких его IP адресов.

На этот раз атака была такого вида

Код:

[2012-10-09 09:47:38] Invalid client connecting from 199.255.209.211
[2012-10-09 09:47:38] Invalid client connecting from 199.255.209.211
[2012-10-09 09:47:38] Invalid client connecting from 199.255.209.211
[2012-10-09 09:47:38] Invalid client connecting from 199.255.209.211
[2012-10-09 09:47:38] Invalid client connecting from 199.255.209.211
[2012-10-09 09:47:38] Invalid client connecting from 199.255.209.211
[2012-10-09 09:47:38] Invalid client connecting from 199.255.209.211
[2012-10-09 09:47:38] Invalid client connecting from 199.255.209.211
[2012-10-09 09:47:38] Invalid client connecting from 199.255.209.211
[2012-10-09 09:47:38] Invalid client connecting from 199.255.209.211
[2012-10-09 09:47:38] Invalid client connecting from 199.255.209.211
[2012-10-09 09:47:38] Invalid client connecting from 199.255.209.211

Около 2к строк за одну секунду.

Stepashka · 09.10.2012, 11:33

А вы естественно не в курсе кто это?
И второй вопрос, про фаерволы слышали?

-Stranger- · 09.10.2012, 11:41

Ну для начала, это не DDoS, а DoS атака. Защита от DoS пишется одним правилом в FW.
Как в iptable не скажу, но смысл будет понятен.

Код:

chain=forward action=drop protocol=udp dst-address=192.168.0.100 in-interface=WAN-main-PPPoE dst-port=7777 connection-limit=5,32

По всей видимости что-то нетак делаете. А вообще на iptable существуют кучу оболочек, через которые очень легко добавлять сложные правила.

sniper-termit · 09.10.2012, 11:54

ddos идет на форум, на сервер dos.
лимит коннектов уже ставил, это не помогло.

Quote:

А вы естественно не в курсе кто это?
И второй вопрос, про фаерволы слышали?

Конечно не слышал, как я по вашему ставил лимит коннектов/пакетов? Это не помогло.

Stepashka · 09.10.2012, 12:02

Quote:

Originally Posted by sniper-termit

Конечно не слышал, как я по вашему ставил лимит коннектов/пакетов? Это не помогло.

ну значит так "хорошо" ставили раз не помогло

sniper-termit · 09.10.2012, 12:27

Так хорошо ставил, что при проверке все работало, при ддосе это не повлияло? Может атакующий использует что-то другое?

Vandersexxx · 09.10.2012, 12:46

Quote:

Originally Posted by sniper-termit

Код:

[2012-10-08 19:32:13] [join] Alberto_Falcone_DSGh has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_Dji7 has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DEps has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DAJI has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DzmP has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_D2Xf has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DGrt has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DAST has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_D8Nl has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DS8V has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_Do5K has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DOUQ has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DKQJ has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_Dna5 has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DPFE has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DWpi has joined the server (63:95.58.107.49)
[2012-10-08 19:32:13] [join] Alberto_Falcone_DvxB has joined the server (63:95.58.107.49)

https://sampforum.blast.hk/showthread.php?tid=149674
или

Код:

function OnPlayerConnect(playerid)
{
    static ip[2][16];
    GetPlayerIp(playerid,ip[0],16);
    for(new i, m = GetMaxPlayers(), x; i != m; i++)
    {
        if(!IsPlayerConnected(i) || i == playerid) continue;
        GetPlayerIp(i,ip[1],16);
        if(!strcmp(ip[0],ip[1],true)) x++;
        if(x > 2) return Kick(i);
    }
    return true;
}

sniper-termit · 09.10.2012, 12:53

Можно будет попробовать, но что если они применят другие виды атак?

Login
Username:
Password:	Lost Password?
	Remember me