New exploit causing major disconnects!
#1

Recently I've been dealing with an issue that can't be fixed via the script side, what basically happens is the server gets flooded with incomming connections, the server than freezes for about 5-10 seconds and a couple seconds later almost 100+ players disconnect at once, NOT CRASH, it shows as if they "quit" the server (Reason <id>:1)

There are no bandwidth spikes, no extra CPU or ram usage, just the SA-MP server gets affected by this. The dedicated server is running Windows 2008.

Basically it looks like this
Code:
(6:25:08 AM) xSF-1: [Quit] pea(129) has left the server. [89/200]
(6:25:08 AM) xSF-2: [Quit] artbm(89) has left the server. [81/200]
(6:25:09 AM) xSF-5: [Quit] Franz90(126) has left the server. [77/200]
(6:25:09 AM) xSF-4: [Crash] Ris_Kar(15) has timed out. [80/200]
(6:25:09 AM) xSF-3: [Quit] yuval_5651(164) has left the server. [78/200]
(6:25:09 AM) xSF-1: [Quit] Sha_Nesaa(121) has left the server. [84/200]
(6:25:10 AM) xSF-2: [Quit] iheb137(29) has left the server. [76/200]
(6:25:11 AM) xSF-5: [Quit] Vadim_Popkov(19) has left the server. [72/200]
(6:25:11 AM) xSF-4: [Quit] Vital_Volgin(10) has left the server. [75/200]
(6:25:11 AM) xSF-3: [Quit] Shamil_Imamutinov(38) has left the server. [73/200]
(6:25:11 AM) xSF-1: [Quit] Nyuhach(133) has left the server. [79/200]
(6:25:12 AM) xSF-2: [Quit] Hendra_Khoo(119) has left the server. [71/200]
(6:25:14 AM) xSF-5: [Quit] salahlekiller(48) has left the server. [67/200]
(6:25:14 AM) xSF-4: [Quit] INtake(55) has left the server. [70/200]
(6:25:14 AM) xSF-3: [Quit] roajh(2) has left the server. [68/200]
(6:25:14 AM) xSF-1: [Quit] John_Fuu(34) has left the server. [74/200]
(6:25:14 AM) xSF-2: [Quit] Drago_X(28) has left the server. [66/200]
(6:25:15 AM) xSF-5: [Quit] caesarn8(109) has left the server. [62/200]
(6:25:15 AM) xSF-4: [Quit] ZXC_8875(64) has left the server. [65/200]
(6:25:15 AM) xSF-3: [Quit] TSkillerz(128) has left the server. [63/200]
(6:25:15 AM) xSF-1: [Quit] baver2121(81) has left the server. [69/200]
(6:25:16 AM) xSF-5: [Quit] dexklz_136(155) has left the server. [60/200]
(6:25:16 AM) xSF-3: [Quit] barabashka(124) has left the server. [61/200]
etc..

soon after this happens:
[
Code:
20:54:03] Incoming connection: 197.162.78.121:15877
[20:54:05] Kicking 89.254.135.155 because they didn't logon to the game.
[20:54:10] Incoming connection: 190.107.109.215:62147
[20:54:22] Incoming connection: 46.116.232.115:53701
[20:54:25] Incoming connection: 176.202.104.12:55379
[20:54:25] Incoming connection: 217.55.207.139:1080
[20:54:26] Incoming connection: 186.151.16.239:58915
[20:54:27] Incoming connection: 94.29.209.159:57243
[20:54:31] Incoming connection: 176.205.206.231:57463
[20:54:31] Incoming connection: 89.254.135.155:3084
[20:54:32] Incoming connection: 41.218.171.29:64994
[20:54:33] Kicking 197.162.78.121 because they didn't logon to the game.
[20:54:36] Incoming connection: 212.127.128.51:52917
[20:54:38] Incoming connection: 46.47.70.20:4342
[20:54:40] Kicking 190.107.109.215 because they didn't logon to the game.
[20:54:42] Incoming connection: 186.151.16.239:58919
[20:54:42] Incoming connection: 186.149.12.235:51554
[20:54:44] Incoming connection: 84.54.188.150:58251
[20:54:44] Incoming connection: 41.42.160.0:27869
[20:54:45] Incoming connection: 197.38.90.119:1052
[20:54:46] Incoming connection: 188.129.212.117:1993
[20:54:47] Incoming connection: 88.236.48.165:25067
[20:54:47] Incoming connection: 87.114.51.198:57112
[20:54:49] Incoming connection: 99.112.18.188:60801
[20:54:52] Incoming connection: 186.172.198.35:50075
[20:54:55] Kicking 176.202.104.12 because they didn't logon to the game.
[20:54:55] Kicking 217.55.207.139 because they didn't logon to the game.
[20:54:57] Incoming connection: 68.194.44.30:62600
[20:54:57] Kicking 94.29.209.159 because they didn't logon to the game.
[20:54:58] Incoming connection: 77.81.49.144:55764
[20:55:00] Incoming connection: 77.81.49.144:54536
[20:55:01] Kicking 176.205.206.231 because they didn't logon to the game.
[20:55:01] Incoming connection: 41.44.56.15:2452
[20:55:01] Kicking 89.254.135.155 because they didn't logon to the game.
[20:55:02] Kicking 41.218.171.29 because they didn't logon to the game.
[20:55:03] Incoming connection: 87.79.140.167:54171
[20:55:05] Incoming connection: 186.151.16.239:58993
[20:55:06] Kicking 212.127.128.51 because they didn't logon to the game.
[20:55:07] Incoming connection: 109.92.11.129:28256
[20:55:08] Kicking 46.47.70.20 because they didn't logon to the game.
[20:55:09] Incoming connection: 190.107.109.215:61156
[20:55:09] Incoming connection: 91.148.141.175:2434
[20:55:11] Incoming connection: 94.29.209.159:65140
[20:55:12] Kicking 186.151.16.239 because they didn't logon to the game.
[20:55:20] Kicking 186.149.12.235 because they didn't logon to the game.
[20:55:20] [chat] [frasali17WWWWWWWW]: yy]
[20:55:20] Incoming connection: 37.241.14.41:53069
[20:55:20] Incoming connection: 94.29.209.159:56521
[20:55:20] Kicking 99.112.18.188 because they didn't logon to the game.
[20:55:21] Incoming connection: 91.148.141.107:64239
[20:55:21] Incoming connection: 197.223.136.176:54157
[20:55:22] Incoming connection: 87.114.51.198:57121
[20:55:23] Invalid client connecting from 89.254.135.155
After a few minutes the server returns to its normal state, however this is causing a heavy hit on my playerbase, can the developers please look into this!
Reply
#2

https://www.projecthoneypot.org/ip_77.81.49.144
https://www.projecthoneypot.org/ip_88.236.48.165


you're being attacked by mail servers, try and blacklist the IP's
Reply
#3

Quote:
Originally Posted by Mitchy
View Post
https://www.projecthoneypot.org/ip_77.81.49.144
https://www.projecthoneypot.org/ip_88.236.48.165


you're being attacked by mail servers, try and blacklist the IP's
please don't reply to this thread anymore.
Reply
#4

This needs some attention!
Reply
#5

Its getting attention. Thank you
Reply
#6

Quote:
Originally Posted by kaisersouse
View Post
Its getting attention. Thank you
But it's been going on for so long and nothing is being done about it.. at the least kye should notify us that this is being worked on..
Reply
#7

Unless you've hacked into Kyes personal security system and you are watching him sit in his underwear on the couch eating Doritos and watching Dr Phil....you should probably avoid making assumptions about what he's actually doing.

I just told you its getting attention. That is your indication that Kye knows and is working on it.

Thanks
Reply
#8

Good to hear, there is also another issue when sending a packet larger than 577 characters, the server haults for a couple of seconds than 3/4 of the players on the server crashes, this only affects windows servers I believe.

Some details:
Required content length (UDP message): 577 characters (any symbols/letters/numbers/etc) can be used.
Required bandwidth rate: 137.5 KB/s

P.S: I will be more than happy to give you details on any of the two issues on request.
Reply
#9

Details are good so long as they don't help people figure out how to use the exploits. There is team@sa-mp.com that you can send stuff too. If you PM me your email, I'll make sure Kye gets it so he knows whose email to look out for.

Disclaimer: there is no guarantee you'll get a reply. Thats just how it works. I assure you however that your mail won't be binned and I further assure you that the team, and the players, will be grateful
Reply
#10

This is BEYOND annoying right now, I emailed the SA-MP team (no response, didnt expect one anyway), messaged a few beta testers and did everything in my power to solve this..

Is no other server experiencing this??
Reply
#11

If you are getting flooded with connections from the same IP, you should limit the number of connections to your server port (UDP) per IP. Windows Firewall can't do this afaik, but something like iptables can.
Reply
#12

Its not from the same IP, I could've easily blocked that..
Reply
#13

Had the same problem try using y_flooding it didn't not help but in some cases it does
Reply
#14

Unfortunately that wouldn't work, because the "incoming connection" players dont actually join the server
Reply
#15

Well just ban the ip's
Reply
#16

Quote:
Originally Posted by Ha$H_Sexyboy
View Post
Well just ban the ip's
READ THE THREAD FIRST.
Reply
#17

not the same ip didn't notice that
Reply
#18

Black Wolf, some of the guys with low rep would like to see an answer here as well. Usually the guys with 100+ rep wont help you as they're too stuck up, and rude. Your best bet is to keep on trying to fix the problem.
Reply
#19

Best thing to do is wait for a SA-MP 0.3x R1-3 or R2. (Or SA-MP 0.4?)
Reply
#20

Why is this isssue still not fixed? Very disappointing..
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)