[adri1]

https://www.youtube.com/watch?v=x5zp9Sef77s
Video it is in spanish, but you can appreciate when I block attacker IP in windows firewall

Server attacker (listing on game-mp...): 142.44.145.48:7777


Edit:
Fixed on SA-MP 0.3.7 R2 Client (testing): https://sampforum.blast.hk/showthread.php?tid=641818

[dotSILENT]

I haven't looked deeply into this but I noticed that some servers are abusing the query protocol by sending a shitton of packets, their hostnames are updated "live" (very fast) because they are literally spamming everyone with packets, even after closing the browser. I kept getting packets from this server: 91.121.223.142:7777 for few minutes after closing the browser.
I guess Kye should really consider removing some servers from the hosted tab for their abuses. A major re-write of the query protocol is also needed but I'm pretty sure that isn't going to happen.

This server also does it: 142.44.145.49:7777

[adri1]

Ok, 142.44.145.48:7777 has been removed from game-mp, but the attacker have more servers on hosted tab, he is using 142.44.145.49:7777 now for attacking.

Network address: 142.44.145.0/24
Servers (3) on game-mp on 142.44.145.0 network:

[!R1Ch@rD!]

Quote:

Originally Posted by adri1 Ok, 142.44.145.48:7777 has been removed from game-mp, but the attacker have more servers on hosted tab, he is using 142.44.145.49:7777 now for attacking. Network address: 142.44.145.0 Servers (3) on game-mp on 142.44.145.0 network:

the attacks come only to servers with the same ip range? or because eh seen that they have closed account to host companies for that, or I have over understood that is that or am I wrong?

[adri1]

Quote:

Originally Posted by !R1Ch@rD! the attacks come only to servers with the same ip range? or because eh seen that they have closed account to host companies for that, or I have over understood that is that or am I wrong?

All those servers are hosted on ovh dedicated server, I know who is the hoster (attacker), and I can send more information by pm

[Fpwn]

It is correct that those ip's are from the attacker already perform some tests itself and it works.
Thanks for the information

[Whyd]

I can confirm this attack (false querys)

[adri1]

Why there are two servers with the same IP? wtf

[Hansrutger]

Is it that Sergioo guy again? IP's are similar to what he has.

[adri1]

Quote:

Originally Posted by Hansrutger Is it that Sergioo guy again? IP's are similar to what he has.

Yes he is.



._.

[Fpwn]

confirmed

[Voller]

The internet tab it's working fine! So... buy the internet tab !
https://imgur.com/a/e50fP

[mw3samp]

someone needs to fix this

[dotSILENT]

Quote:

Originally Posted by mw3samp someone needs to fix this

Someone needs to finally ban idiots like these from the hosted tab.
And if you're sure about that sergio guy and have some proof, you should think about taking some legal actions against this kid. Or at least fight him back because I guess he also has a server.
What about making a abuse complaint to OVH?

[mw3samp]

Quote:

Originally Posted by dotSILENT Someone needs to finally ban idiots like these from the hosted tab. And if you're sure about that sergio guy and have some proof, you should think about taking some legal actions against this kid. Or at least fight him back because I guess he also has a server. What about making a abuse complaint to OVH?

well i think in general there should be a way to fix this, from kalcor

[muphasa]

U can't avoid IP Spoofing. The purpose of spoofing is exactly this, change source address so you can't determinate which server is the attacker.

So, the only client side fix is block the malicious server (at least in the current type of spoofing).

If we can confirm that Sergio don't know anything about programming, we assume that he will not able to modify the spoofer's code and change the type of spoofing.

The real solution, but server side, is add a checksum to all packets, so the attacker MUST know the valid checksum to modify the packets.

Anyway, you can always use a modified version of samp master list to avoid this problem, but I think that isn't legal at all (honestly, I don't think SA-MP Team will allow these modifications).

Again, you can download Wireshark and start monitoring your network.

Quote:

Originally Posted by dotSILENT What about making a abuse complaint to OVH?

You can, but dedicated servers aren't monitored at all. OVH will need technical information.

[denNorske]

Twice in a month. This is great :/

If possible file abuse complaints on ovh, if that's any help.

[mw3samp]

My request to mods to please check this topic .

[muphasa]

Quote:

Originally Posted by mw3samp My request to mods to please check this topic .

They already know. I heard that Sergio's game-mp account has been banned.

Anyway, I can check for the attacker's server in few hours.

[mw3samp]

Looks like the same person is ddosing samp forums. Also sa-mp client is crashing for many people.
INTERNET & HOSTED are crashed