Connection flood

Quote:
Originally Posted by Redirect Left
Посмотреть сообщение
so then what does this fix? Because it doesn't stop the server from crashing to the point where you can't connect, even though the process is still running, and the server's network traffic is fine, it can be accessed as normal, so it isn't the server running out of bandwidth.
M pretty sure that's another story cause the query flood never affected the server.
Reply

We've been however experiencing an unusual server restart problem few hours after we updated the server with the test package version, this happened at least 3 times. Not sure if we're the only ones havingthis problem now.
Reply

Nice one.
Reply

Quote:
Originally Posted by Paulice
View Post
FenixZone strikes again!
Could be though. I heard they used to ddos other RP servers to get rid of competence.


Quote:
Originally Posted by Kalcor
View Post
Does OVH allow IP spoofing?

I found the servers responsible for the attack. Spanish (South American) roleplay servers hosted on OVH in Canada. I'm not sure the actual spoofed packets were coming from OVH though.

That explains why the original attack was set up with spoofed South American IP addresses.
OVH claims that when you order a dedicated server or vps, they won't interfere on what you do, since what you do is your problem, but if I'm not wrong, you can report those who use their machines to scam people, perform attacks and stuff.

Check this out: https://www.ovh.com/us/abuse/
Reply


they are responsible of these attacks too
Reply

Quote:
Originally Posted by adri1
View Post

they are responsible of these attacks too
Pretty sure that's another situation, and one that's almost not controllable from here.
Reply

It's not working, i have too many [connection] incoming connection per second.
Reply

Some game-mp accounts get banned. Why?
Reply

Quote:
Originally Posted by adri1
View Post

they are responsible of these attacks too
I don't even see take a screenshot with a tool like gyazo or lightshot omfg its 2017
Reply

Quote:
Originally Posted by adri1
Посмотреть сообщение
it's not my screenshot
Not sure, but I'm reasonably sure that because this only happens in certain regions, that it's a DNS spoof, which they're redirecting the sa-mp list, and returning their own.

Especially considering that it is only a few people that encounter this.
Reply

Quote:
Originally Posted by Kalcor
Посмотреть сообщение
Please note that the original R2-2 server download was withdrawn and replaced with R2-2-1.

- The close proximity of clients sending 'c' and 'r' packets meant Rules List packets were being flood controlled improperly.

Update 0.3.7 R2-2-1 (testing):

- Changes the query flood control to deal with different query types independently.
- Connection cookie logging is disabled by default.

Downloads (testing):

SA-MP 0.3.7 R2-2 Linux Server: http://files.sa-mp.com/samp037svr_R2-2-1.tar.gz
SA-MP 0.3.7 R2-2 Windows Server: http://files.sa-mp.com/samp037_svr_R2-2-1_win32.zip
Thanks Kalcor.
Reply

The best thing to come of this flood shit, is proof Kalcor is still alive, and at least somewhat interested in further patching / fixing SA:MP.
Reply

Quote:
Originally Posted by Spmn
Посмотреть сообщение
Yeah, also thieves who steal wallets in the street respect the law.
I mean that servers who attack are still on game-mp listing...
Reply

As stated before, here is the source code of my plugin for those interested in (someone else released similar plugin with source, so there's no point of hiding it): http://ubi.livs.pl/samp/samp_prot_ver2_s.zip

However there's no point of using it.. Use Kalcor's update first
Reply

Quote:
Originally Posted by Ubi
Посмотреть сообщение
As stated before, here is the source code of my plugin for those interested in (someone else released similar plugin with source, so there's no point of hiding it): http://ubi.livs.pl/samp/samp_prot_ver2_s.zip

However there's no point of using it.. Use Kalcor's update first
i would not recommend anyone to use this plugin. it'll work fine for few hours after that your cpu / ram usage will exceed, Which will cause massive amount of lags in server.
Reply

Well.. It's not possible. It can cause high CPU usage because it disables query limit for some requests, but there are no memory leaks etc. Look at the source. I've just simply nop'ed two "jne" opcodes.
Reply

Quote:
Originally Posted by Ubi
Посмотреть сообщение
Well.. It's not possible. It can cause high CPU usage because it disables query limit for some requests, but there are no memory leaks etc. Look at the source. I've just simply nop'ed two "jne" opcodes.
RAM usage suddenly went 1GB i did restart server didn't work so had to remove the plugin.
Reply

Maybe you combined it with latest Kalcor updates? Make sure your samp binary is "0.3.7 R2-1" (linux) or "0.3.7 R2-1-1" (windows). It may also interfere with plugins like "fixes", "YSF" or any other memory hacking stuff. Anyway, try Kalcor's update first, without my plugin.
Reply

You can use simple anti for incoming connections spam

Код:
new playerC[MAX_PLAYERS];
new playerLastConnect=0, playerLastIP[16]="______", connectTime=0;

public OnPlayerConnect(playerid)
{
	playerC[playerid] = 0;
	return 1;
}

public OnIncomingConnection(playerid, ip_address[], port)
{
	if(!strcmp(ip_address, playerLastIP))
	{
	    if(NetStats_ConnectionStatus(playerid) == 6)
	    {
			playerC[playerid] ++;
			
	        if(playerC[playerid] >= 4)
	        {
				BlockIpAddress(ip_address, 80000);
				printf("IP: %s probably incoming spam", ip_address);
	        	playerC[playerid] = 0;
	        }
	    }
	}
	if(playerLastConnect == playerid && gettime() - connectTime < 2 && !strcmp(ip_address, playerLastIP))
		return BlockIpAddress(ip_address, 70000), printf("IP: %s blocked incoming", ip_address);

	playerLastConnect = playerid;
	connectTime = gettime();
	return format(playerLastIP, 16, ip_address);
}
Reply

This will not work with this spoof attack.
Reply


Forum Jump:


Users browsing this thread: 12 Guest(s)