[djshadowxm81]

So is there any difference in the bad packets from legitimate traffic? Because if there is filtering packets at a firewall level could work. But if not, is there away we can fix this and ad some sort of checksum?

[Romz]

good

[iLearner]

with new version my npc's dont connect (linux)

[wallee]

Quote:

Originally Posted by iLearner with new version my npc's dont connect (linux)

Isn't FCNPC a memory hacking plugin?

[iLearner]

Quote:

Originally Posted by wallee Isn't FCNPC a memory hacking plugin?

oh damn! yes!

Ziggi please!

[Redirect Left]

Still getting cookie mass requests, and eventually the server crashing, but process still running, if this is related to the issue people are having?

Can't quite tell if the update even worked, as the server log just says R2 loaded instead of R2-2

[RoberteDl]

Quote:

Originally Posted by Redirect Left Still getting cookie mass requests, and eventually the server crashing, but process still running, if this is related to the issue people are having? Can't quite tell if the update even worked, as the server log just says R2 loaded instead of R2-2

This functioning perfectly, verify that you have updated the files correctly.

[Ghazal]

Quote:

Originally Posted by Redirect Left Still getting cookie mass requests, and eventually the server crashing, but process still running, if this is related to the issue people are having? Can't quite tell if the update even worked, as the server log just says R2 loaded instead of R2-2

It only fixes the server querying, it does not prevent their requests.

[criticalerror]

Quote:

Originally Posted by Kalcor I've been working on a temporary fix. Anything better than this would require a client/server update, which would take a lot longer to get out to players. I want to be clear again that nothing added to the SA-MP server code can stop network attacks. There's a point where your host will fold from too many packets, no matter whether you're running a SA-MP server, an IRC server, a MUD, linx, a usenet mirror, color terminal, bitchx etc. Feedback is requested. Update 0.3.7 R2-2 (testing): - Changes the query flood control to deal with different query types independently. - Connection cookie logging is disabled by default. Downloads (testing): SA-MP 0.3.7 R2-2 Linux Server: http://files.sa-mp.com/samp037svr_R2-2.tar.gz SA-MP 0.3.7 R2-2 Windows Server: http://files.sa-mp.com/samp037_svr_R2-2_win32.zip

When I run server on this version, in client rules are invisible (linux).

[adri[4]Life]

Quote:

Originally Posted by Kalcor I've been working on a temporary fix. Anything better than this would require a client/server update, which would take a lot longer to get out to players. I want to be clear again that nothing added to the SA-MP server code can stop network attacks. There's a point where your host will fold from too many packets, no matter whether you're running a SA-MP server, an IRC server, a MUD, linx, a usenet mirror, color terminal, bitchx etc. Feedback is requested. Update 0.3.7 R2-2 (testing): - Changes the query flood control to deal with different query types independently. - Connection cookie logging is disabled by default. Downloads (testing): SA-MP 0.3.7 R2-2 Linux Server: http://files.sa-mp.com/samp037svr_R2-2.tar.gz SA-MP 0.3.7 R2-2 Windows Server: http://files.sa-mp.com/samp037_svr_R2-2_win32.zip

Tested, Didn't work |

[Stiles]

Ну наконец-то. Помолимся за новую версию SA-MP. Аминь.

[RDM]

Quote:

Originally Posted by adrianlouise Tested, Didn't work |

Yes it's working! If your network does not support the attack!
Hire a vps with a better link, I'm with 1gbps and I have no problems with the attack!

[dugi]

Quote:

Originally Posted by adrianlouise Tested, Didn't work |

You should provide some more information.

[RDM]

Quote:

Originally Posted by Chaprnks Thank you! I had over 200gb's of server_log.txt from those floods. I'm interested in weather they're actual IP's (like a MASSIVE botnet), or a crafty spoofed IP's.. cause the floods never used a same IP twice (not even after 100,000 IP's).

In the previous version it was enough to add in your server.cfg the following lines:

conncookies 1
cookielogging 0


This will cause the server to not save the cookie connection logs



The attacks are totally spoofed! They will never repeat the same ip!

[Battlezone]

Quote:

Originally Posted by Kalcor I've been working on a temporary fix. Anything better than this would require a client/server update, which would take a lot longer to get out to players. I want to be clear again that nothing added to the SA-MP server code can stop network attacks. There's a point where your host will fold from too many packets, no matter whether you're running a SA-MP server, an IRC server, a MUD, linx, a usenet mirror, color terminal, bitchx etc. Feedback is requested. Update 0.3.7 R2-2 (testing): - Changes the query flood control to deal with different query types independently. - Connection cookie logging is disabled by default. Downloads (testing): SA-MP 0.3.7 R2-2 Linux Server: http://files.sa-mp.com/samp037svr_R2-2.tar.gz SA-MP 0.3.7 R2-2 Windows Server: http://files.sa-mp.com/samp037_svr_R2-2_win32.zip

Works for us.

[iLearner]

Quote:

Originally Posted by RDM Add the following lines to your server.cfg: Conncookies 1 Cookielogging 0 This will cause the server to not save the cookie connection logs

It was disabled by default in latest version.

Works great so far.

[Christofski]

Kalcor coming thru with the goodies, even though i've known about this flood for like 5+ months and it was only selectively used to attack servers for the longest time

[TommyB]

Seems to be working great so far. Good work!

[niCe]

It works fine with my servers. Thank you for releasing this patch!

[Redirect Left]

Quote:

Originally Posted by Ghazal It only fixes the server querying, it does not prevent their requests.

so then what does this fix? Because it doesn't stop the server from crashing to the point where you can't connect, even though the process is still running, and the server's network traffic is fine, it can be accessed as normal, so it isn't the server running out of bandwidth.