[Nicow]

Quote:

Originally Posted by d0 You can set server console variables in the server console, server.cfg and RCON. So it will be possible to set this variable with SendRconCommand

So, you can change maxplayers with rcon command ?

[Jon_De]

When it will be fixed? Topic started at 19.05.2014!

[Lordzy]

Quote:

Originally Posted by Jon_De When it will be fixed? Topic started at 19.05.2014!

Give them some time to optimize things and make it clean. Like it's already stated, SA-MP isn't responsible completely for such attacks. It can be common with any versions and it depends on the network layer of your server. I believe that SA-MP team has got a life too beyond SA-MP, so waiting would be necessary.

[Nicow]

d0 didn't answered me so i think it's no

[Jon_De]

Can anyone know where the attack is carried out? (Data center or country? Not every data center allow ip spoofing)

[scott1]

i was maybe rude, but its to see if someone response, if someone care and read, but no one response.

This is totaly useless http://pastebin.com/b92UsCUe

http://forum.sa-mp.com/showthread.ph...08#post3091908

Max

[Jon_De]

Quote:

2) During the attacks I tried to think of something to block each IP connecting to the server. The following scripts recognizes a massive incoming connections coming in packs, and then blocking their IP address. As the BlockIpAddress() function doesn't kicking the IP from the player slot, and it's still in use, the script is saving a list of the IPs it blocked in a file, and then loading them when the server starts. So, the purpose of the script is collecting attacker used IPs and blocking them AT START OF THE SERVER, or collect them when it's still running. Additionally with the script, i've added a file containing a quite large collection of attacker IPs (250k+). You can use it with the script. Note that loading the IPs at start may take time, and the server will be 'off' until it's loading the IPs (probably for 15min+-). However, the script is printing loading messages after each block of 10% of the IPs. The script however, became less useful when we figured out that the IPs may be responding but they aren't real. You're free to try the script. Note that I blocked IPs with the new function and not with samp.ban option. a large samp.ban file size caused my server a lot of troubles such as long lags. Download: https://www.sendspace.com/file/x4fnh1 / http://www54.zippyshare.com/v/24562439/file.html

Lol. He can take any ip. It is not really ip, it is spoofed ip

[Amit_B]

Quote:

Originally Posted by scott1 i was maybe rude, but its to see if someone response, if someone care and read, but no one response. This is totaly useless http://pastebin.com/b92UsCUe http://forum.sa-mp.com/showthread.ph...08#post3091908 Max

Blocking anyone who's connecting to the server as you've shown in your script won't solve your problem. It will only... block anyone who's connecting to your server.

I've seen much of SA-MP team responses, and as they told you, that's not an easy case and can be fixed by click. We have to be patient until the next update.

Quote:

Originally Posted by Jon_De Lol. He can take any ip. It is not really ip, it is spoofed ip

I know. We didn't knew that at start.

[Jon_De]

Kye, can you make ip checking before connecting like this?:

Client connects (IP for example 3.3.3.3) ->
Server generates password (for example: 1234) ->
Server sends password to client (1234 to client with ip 3.3.3.3) ->
If it is real ip, client gets password and sends password to server. If ip spoofed, client can't to get a password ->
Server checks password. If all true, client can reserve a slot.

Sorry for my english

[Nicow]

Yeah this is what we're saying since the beginning.
I made some search in these ips to ban cidr range with iptables
I saw ips from universities in spain, usa, canada
I saw japanese ips
I EVEN saw ips from USAISC, this is insane

But no problem, samp will be updated .. next year

OH EDIT:

2.144.0.0/14 Iran Cell Service and Communication Company

Tell me it's not spoofing

[Nicow]

Please, release that update even if it's a beta release
NSG server doesn't look like its being attacked

[Infinity]

Quote:

Originally Posted by Nicow Please, release that update even if it's a beta release NSG server doesn't look like its being attacked

It will be released when it's ready, just like you've been told multiple times already.

[Nicow]

Yeah, when it's ready, try to understand us
And it's being tested on a server which is not receiving that kind of attacks. cf uptime - Amazing


EDIT:
We tried to block all countries except the one of our players and it worked.
Now the attacker is using french IPs to flood, nice spoofing, this is fucking annoying


[17:58:05] Incoming connection: 109.222.247.29:62189
[17:58:05] Incoming connection: 82.243.150.150:57930
[17:58:05] Incoming connection: 92.181.225.17:53225
[17:58:05] Incoming connection: 78.120.76.83:53130
[17:58:05] Incoming connection: 92.173.31.131:61052
[17:58:06] Incoming connection: 78.227.98.241:58783
[17:58:06] Incoming connection: 78.235.139.227:50102
[17:58:06] Incoming connection: 86.203.45.24:58312
[17:58:06] Incoming connection: 109.239.153.235:61918
[17:58:06] Incoming connection: 92.156.171.69:58642
[17:58:06] Incoming connection: 82.64.14.40:56612
[17:58:06] Incoming connection: 88.219.182.70:57565
[17:58:07] Incoming connection: 176.140.122.168:55470
[17:58:08] Incoming connection: 109.21.153.157:52380
[17:58:08] Incoming connection: 176.135.242.150:56214
[17:58:10] Incoming connection: 109.218.213.21:51005
[17:58:11] Incoming connection: 82.242.227.230:55309
[17:58:14] Incoming connection: 78.238.133.159:50542
[17:58:14] Incoming connection: 2.6.198.233:55981
[17:58:14] Incoming connection: 92.179.163.171:60076
[17:58:14] Incoming connection: 109.16.66.67:54861
[17:58:14] Incoming connection: 109.135.62.101:55818

[Amit_B]

Quote:

Originally Posted by Nicow Yeah, when it's ready, try to understand us And it's being tested on a server which is not receiving that kind of attacks. cf uptime - Amazing EDIT: We tried to block all countries except the one of our players and it worked. Now the attacker is using french IPs to flood, nice spoofing, this is fucking annoying [17:58:05] Incoming connection: 109.222.247.29:62189 [17:58:05] Incoming connection: 82.243.150.150:57930 [17:58:05] Incoming connection: 92.181.225.17:53225 [17:58:05] Incoming connection: 78.120.76.83:53130 [17:58:05] Incoming connection: 92.173.31.131:61052 [17:58:06] Incoming connection: 78.227.98.241:58783 [17:58:06] Incoming connection: 78.235.139.227:50102 [17:58:06] Incoming connection: 86.203.45.24:58312 [17:58:06] Incoming connection: 109.239.153.235:61918 [17:58:06] Incoming connection: 92.156.171.69:58642 [17:58:06] Incoming connection: 82.64.14.40:56612 [17:58:06] Incoming connection: 88.219.182.70:57565 [17:58:07] Incoming connection: 176.140.122.168:55470 [17:58:08] Incoming connection: 109.21.153.157:52380 [17:58:08] Incoming connection: 176.135.242.150:56214 [17:58:10] Incoming connection: 109.218.213.21:51005 [17:58:11] Incoming connection: 82.242.227.230:55309 [17:58:14] Incoming connection: 78.238.133.159:50542 [17:58:14] Incoming connection: 2.6.198.233:55981 [17:58:14] Incoming connection: 92.179.163.171:60076 [17:58:14] Incoming connection: 109.16.66.67:54861 [17:58:14] Incoming connection: 109.135.62.101:55818

That's how it is. The attacker uses random IP address. He will continue to attack using french IPs too, but with much less attacks than the original attack, as most of the IP ranges on your server are blocked.

[Nicow]

Quote:

Originally Posted by Amit_B That's how it is. The attacker uses random IP address. He will continue to attack using french IPs too, but with much less attacks than the original attack, as most of the IP ranges on your server are blocked.

Yeah this is crazy, but it's enough to make "server is full".

[Virelox]

Look
https://www.youtube.com/watch?v=AIeN2hZ6-MM

[Colgate]

I'm suffering the same attacks, we need some solution from SA-MP team, multiple server are suffering it.