Constant bot attacks
#1

Hi,

Since a few days our sa-mp server is attacked by bots. They rapidly join and spam a specific server IP + website (a Russian Roleplay sa-mp server) via the chat.

The bots sometimes appear to join with invalid IP's (255.255.255.255). The server reports invalid clients connecting. The server never reports the bots leaving the server, although they have after an hour.

Here is a part of the server log (unrelated stuff removed);

[14:51:22] [join] sampgta.ru_JMnU2x9Z has joined the server (164:255.255.255.255)
[14:51:23] Incoming connection: 213.87.241.118:28013
[14:51:24] [chat] [sampgta.ru_mzwGZ87X]: заходите сюда 77 220 180 235 7777 классный сервак!
[14:51:24] [chat] [sampgta.ru_mzwGZ87X]: заходите сюда 77 220 180 235 7777 классный сервак!
[14:51:24] [chat] [sampgta.ru_mzwGZ87X]: заходите сюда 77 220 180 235 7777 классный сервак!
[14:51:24] Invalid client connecting from 213.87.241.118
[14:51:24] [join] sampgta.ru_9Tu0ncT6 has joined the server (347:255.255.255.255)

[15:50:48] Invalid client connecting from 213.87.241.118
[15:50:48] [join] sampgta.ru_j6AQ5ZL8 has joined the server (137:213.87.241.11
[15:50:48] [chat] [sampgta.ru_yTD8Xa6R]: ЗАХОДИТЕ ВСЕ НА ОТЛИЧНЫЙ САЙТ SAMPGTA.RU!!! ЗАХОДИТЕ ВСЕ НА ОТЛИЧНЫЙ САЙТ SAMPGTA.RU!!!
[15:50:48] [chat] [sampgta.ru_yTD8Xa6R]: ЗАХОДИТЕ ВСЕ НА ОТЛИЧНЫЙ САЙТ SAMPGTA.RU!!! ЗАХОДИТЕ ВСЕ НА ОТЛИЧНЫЙ САЙТ SAMPGTA.RU!!!
[15:50:48] [chat] [sampgta.ru_yTD8Xa6R]: ЗАХОДИТЕ ВСЕ НА ОТЛИЧНЫЙ САЙТ SAMPGTA.RU!!! ЗАХОДИТЕ ВСЕ НА ОТЛИЧНЫЙ САЙТ SAMPGTA.RU!!!


Anything we can do about it?
Reply
#2

You can ban the IP if it joins more then once per second.
Or, if the spam message is always the same, you can ban whoever types exactly that message.
Reply
#3

Autoban all players with an url in their name/chat, or at least mute them if kicking does not work.

You can also try contacting your hoster to get the real IP and ask them to ban it.
Reply
#4

Quote:
Originally Posted by IAmNeverBored
Посмотреть сообщение
Hi,
[15:50:48] [join] sampgta.ru_j6AQ5ZL8 has joined the server (137:213.87.241.11
[15:50:48] [chat] [sampgta.ru_yTD8Xa6R]: ЗАХОДИТЕ ВСЕ НА ОТЛИЧНЫЙ САЙТ SAMPGTA.RU!!! ЗАХОДИТЕ ВСЕ НА ОТЛИЧНЫЙ САЙТ SAMPGTA.RU!!!
[15:50:48] [chat] [sampgta.ru_yTD8Xa6R]: ЗАХОДИТЕ ВСЕ НА ОТЛИЧНЫЙ САЙТ SAMPGTA.RU!!! ЗАХОДИТЕ ВСЕ НА ОТЛИЧНЫЙ САЙТ SAMPGTA.RU!!!
[15:50:48] [chat] [sampgta.ru_yTD8Xa6R]: ЗАХОДИТЕ ВСЕ НА ОТЛИЧНЫЙ САЙТ SAMPGTA.RU!!! ЗАХОДИТЕ ВСЕ НА ОТЛИЧНЫЙ САЙТ SAMPGTA.RU!!!
Reply
#5

IF kicking not working, try to kick with /rcon kick( after /rcon login [pass] )
Reply
#6

I found that the IP is 255.255.255.255, which is obviously a fake address/packet.
As you can see in the log, there is also the real IP address.
Simply block them and you can stop some of the attack.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)