[Mellnik]

@Kalcor, have you considered this http://open-game-protocol.org/ ?

[Mark™]

The network lag continues, score takes minutes to update...is this going to be addressed or what ?

[Showzs]

Any fix?

[Kalcor]

I have uploaded a 0.3.7-R3 server

This version adds a variable queryflood which can be used to disable the query flood protection for 'i' and 'p' queries. This will stop the query mechanism shutting down which causes your server not to load in the list.

However, it's not a good idea to leave the flood protection disabled. Only do it when you're subjected to a query flood you know your server can handle.

Although it can be set in the server.cfg, I recommend logging in to the rcon in game. /rcon password then /rcon queryflood 0 to disable the query flood protection. Reenable the queryflood protection with /rcon queryflood 1 or by restarting your server. The option queryflood -1 will disable all query flood protection, even for rules and players packets.

Do not use option logqueries when under the current attack. Logging all queries under the current flood attack can hang the server.

SA-MP 0.3.7-R3 server (linux-i386)
SA-MP 0.3.7-R3 server (Windows)

[Ubi]

I wouldn't recommend setting it to -1 because bouncing "players" packets might generate huge outgoing traffic (reflected). Your provider (e.g. OVH) may block your server due to outgoing attack which we've experienced in the past.

[xo]

@Ubi Have you given the OVH Game firewall a try? It works pretty decent filtering any kind of invalid queries per chosen server type (SA:MP exists in the list), though, sadly they are only existent on SYS/OVH Gaming dedicated servers

[Kshishtof]

Thanks for an update, and as you see, Kalcor cares about security updates. Always will and always does. That's what all of you should be thankful for.

[D1eSeL]

Quote:

Originally Posted by Kalcor I have uploaded a 0.3.7-R3 server This version adds a variable queryflood which can be used to disable the query flood protection for 'i' and 'p' queries. This will stop the query mechanism shutting down which causes your server not to load in the list. However, it's not a good idea to leave the flood protection disabled. Only do it when you're subjected to a query flood you know your server can handle. Although it can be set in the server.cfg, I recommend logging in to the rcon in game. /rcon password then /rcon queryflood 0 to disable the query flood protection. Reenable the queryflood protection with /rcon queryflood 1 or by restarting your server. The option queryflood -1 will disable all query flood protection, even for rules and players packets. Do not use option logqueries when under the current attack. Logging all queries under the current flood attack can hang the server. SA-MP 0.3.7-R3 server (linux-i386) SA-MP 0.3.7-R3 server (Windows)

Server crashes after some time (linux)..

logqueries 0

[Ubi]

Quote:

Originally Posted by xo @Ubi Have you given the OVH Game firewall a try? It works pretty decent filtering any kind of invalid queries per chosen server type (SA:MP exists in the list), though, sadly they are only existent on SYS/OVH Gaming dedicated servers

You didn't get my point. I'm talking about traffic reflection which might lead to server shutdown by OVH (or other provider) system due to high OUTGOING traffic (it has nothing to ovh game and any other input filtering). It seems that you are not familiar with this specific attack and UDP connectionless problems at all.

[Romz]

Quote:

Originally Posted by D1eSeL Server crashes after some time (linux).. logqueries 0

I confirm I have the same problem.

[Kalcor]

My server isn't crashing. It's possible servers are using a memory plugin for R2 server.

Do you know how to get a backtrace?

run the server in gdb

Code:

$ gdb samp03srv
(gdb) run
* wait for crash*
(gdb) bt

Post the log of the bt

[xo]

@Ubi take a look on OVH's docs: https://us.ovhcloud.com/products/security/anti-ddos

They provide custom routines for specific game servers ( including SA:MP ) using their hardware. To analyze both incoming and outgoing packets (high outgoing traffic originally caused by UDP flood by spoofed packets? which are already filtered by their hardware based on the game server type) and their causes and start mitigating them + the packet caching they use

Though, that only exist on the game range of servers.

I got attacked not so long ago on my server for a week by the same method, switching to to a GAME firewall did the job.

Two-way mitigation: a filter on entry and exit
For every type of attack, we've built a specific response closely integrated to the servers and directly integrated within the Tilera hardware. The big innovation is a filter that analyzes the incoming and outgoing traffic to better identify legitimate requests. It's capable of distinguishing real clients connecting to the machine from harmful attacks. Anti-DDoS GAME therefore also plays the role of a cache and a filter for TCP/IP and UDP packets.


A router located next to the machine analyzes packets. This router treats every hosted game as a special case. For example, the router acts as a cache to relieve the router of useless requests.

[Ubi]

Yeah, we (as a hosting company) are using such protection for quite a long time but i'm pointing to something else. Disabling query limiting at all (player packets especially) might result in bouncing huge amount of traffic - even if they're caching some reqs on tileras. This can easily trigger OVH checks and result in server suspension. I'm not going to talk about any DDoS protection anymore, because that was not my intention. This was just friendly warning about possible consequences of setting querylimit to -1.

[Mobtiesgangsa]

i had noticed it from yesterday something wasn't right with the servers i wanted to test, i closed my server noticed some wired unexpected floods.

[RodrigoMSR]

Quote:

Originally Posted by Ubi I wouldn't recommend setting it to -1 because bouncing "players" packets might generate huge outgoing traffic (reflected). Your provider (e.g. OVH) may block your server due to outgoing attack which we've experienced in the past.

So queryflood 0 won't cause my VPS to be suspended on OVH?

[Leoric]

My server crashes as-well (linux).

[ATomas]

Quote:

Originally Posted by xo @Ubi take a look on OVH's docs: https://us.ovhcloud.com/products/security/anti-ddos They provide custom routines for specific game servers ( including SA:MP ) using their hardware. To analyze both incoming and outgoing packets (high outgoing traffic originally caused by UDP flood by spoofed packets? which are already filtered by their hardware based on the game server type) and their causes and start mitigating them + the packet caching they use Though, that only exist on the game range of servers. I got attacked not so long ago on my server for a week by the same method, switching to to a GAME firewall did the job. Two-way mitigation: a filter on entry and exit For every type of attack, we've built a specific response closely integrated to the servers and directly integrated within the Tilera hardware. The big innovation is a filter that analyzes the incoming and outgoing traffic to better identify legitimate requests. It's capable of distinguishing real clients connecting to the machine from harmful attacks. Anti-DDoS GAME therefore also plays the role of a cache and a filter for TCP/IP and UDP packets. A router located next to the machine analyzes packets. This router treats every hosted game as a special case. For example, the router acts as a cache to relieve the router of useless requests.

OVH's AntiDDoS have very bug's. I have been communicating with support for 9 months to fix it. And up to 9 months to get a real result. But not perfect. I didn't want to wait another 9 months, so I leave OVH.

[MustangV10]

Quote:

Originally Posted by Leoric My server crashes as-well (linux).

Did you do what was suggested? What was the result?

Quote:

Originally Posted by Kalcor My server isn't crashing. It's possible servers are using a memory plugin for R2 server. Do you know how to get a backtrace? run the server in gdb Code: $ gdb samp03srv (gdb) run * wait for crash* (gdb) bt Post the log of the bt

[Omega16]

Hello. I am the owner of a small hosting company. At this point we hosts mostly game servers (in general samp server). There was a cookie attack on one of the Samp server (hosted on a vds). The attack was no more than 100 mbps and 30-40.000 pps.

There were a few moments when the server responded with delay in the samp client app, but there were no major problems.

Even if some other client said that this attack has no effect on their services, I would like to create some rules in the firewall (even iptables would be OK) so the packets wont reach the end servers.

[Kalcor]

I need a server crash report