[kaisersouse]

I'm starting this thread to archive any good tools, info, or methods for effectively managing your clients. This involves threat protection, threat removal, guidelines on treating players the way they should be treated*, etc.

*This part of it is purely my opinion. Its your server so needless to say you can be a dick in it if you want

If you have links to any good resources (online/offline tools, documentation, etc) post them here. Please do NOT pimp yours (or someone elses) anti-cheat FS. I may put a section for that later but right now I want to collect data on server management at the level BEFORE the actual game server executable.


Changes will be below this line:
-------------------------------------------------------------------------------------------------

*IP address tools*

Raw list of worldwide IP address allocations: ftp://ftp.ripe.net/ripe/stats/delegated-ripencc-20080529 <--You are interested in the ipv4 addresses

Same list, sorted by country: http://madoshi.net/samp/ipaddresses.txt

Another IP list that lets you select a country and see the IP ranges: http://www.proxyserverprivacy.com/ipaddress_range.php

Find location based on IP address: http://www.geobytes.com/IpLocator.htm

Block entire countries: http://www.blockacountry.com/ <-- creates output for blocking at the HTTP level. Use the IP info in the output in samp.ban or whatever firewall you are running.

Very flexible Location->IP resource: http://ip.ludost.net/ (Thanks KingJ)

Another "ban by country" http://www.ipdeny.com/ipblocks/


*Linux firewall resources*
APF (Advanced Policy Firewall). Works with iptables. My favorite. http://rfxnetworks.com/apf.php
http://iptables.rlworkman.net/iptables-tutorial.html Guide to iptables


*Server maintenance and management resources*


*Security write-ups and articles*
Reserved

[KingJ]

http://ip.ludost.net/ is a useful Country to IP resource, not only that but it allows you to block other types of IP addresses, e.g bogon ones that you should never see.

Perhaps the most useful thing about it though, is the ability to output in many different formats, for example it can output iptables commands for Linux firewalling, saving you the aggro of writing them yourself

[Wash]

Cool, I think this is very useful for server owners, especially for the non-experienced

[KingJ]

Oh, and a bit of essential terminology regarding attacks

• DoS - Denial of Service, where a single computer does something to cause your server to be inaccessible. This is either done via exploit programs for SA-MP or by a single server on the internet with a lot of bandwidth. A DoS is easy to identify and block as there is just one attacker.
• DDoS - Distributed Denial of Service. Similar to a DoS but much worse. In this case, the attackers are distributed, all over the internet in many cases. By using the combined power of residential internet connections, it is easily possible to overload a server. These are almost impossible to prevent due to their distributed nature. The actual attacking computers are also being used illegally, they have been infected with code and are now a member of a botnet. The controller then issues commands to the botnet to attack certain servers. This also makes it very hard to identify the attackers. It is common to see hundreds or thousands of infected 'zombie' computers participating in a botnet. Make sure you keep your system up to date, use a good AntiVirus and regulary check for updates to windows (update here or turn on automatic updates) to ensure your computer does not become part of a botnet and participate in illegal activity.
• Packet Flood - A method of attack, the server is sent a continuous stream of packets, which overload the server or use so much bandwidth that the server starts experiencing 'packet loss' where it can't handle legitimate packets because it's connection has reached capacity. This can happen even it 100mbit connections and a packet flood is the underlying attack method behind DoS and DDoS attacks.

Well, hope that helps. I see so much misuse of the terms and i'm guessing some people don't actual know what they mean.

[Spik3]

oh thanks very much this will be helpful!

[hoodline]

Quote:

Originally Posted by KingJ DoS - Denial of Service, where a single computer does something to cause your server to be inaccessible. This is either done via exploit programs for SA-MP or by a single server on the internet with a lot of bandwidth. A DoS is easy to identify and block as there is just one attacker.

i can understand why people do this to get back at someone for like a few minutes or w/e

Quote:

Originally Posted by KingJ DDoS - Distributed Denial of Service. Similar to a DoS but much worse. In this case, the attackers are distributed, all over the internet in many cases. By using the combined power of residential internet connections, it is easily possible to overload a server. These are almost impossible to prevent due to their distributed nature. The actual attacking computers are also being used illegally, they have been infected with code and are now a member of a botnet. The controller then issues commands to the botnet to attack certain servers. This also makes it very hard to identify the attackers. It is common to see hundreds or thousands of infected 'zombie' computers participating in a botnet. Make sure you keep your system up to date, use a good AntiVirus and regulary check for updates to windows (update here or turn on automatic updates) to ensure your computer does not become part of a botnet and participate in illegal activity. Packet Flood - A method of attack, the server is sent a continuous stream of packets, which overload the server or use so much bandwidth that the server starts experiencing 'packet loss' where it can't handle legitimate packets because it's connection has reached capacity. This can happen even it 100mbit connections and a packet flood is the underlying attack method behind DoS and DDoS attacks. Well, hope that helps. I see so much misuse of the terms and i'm guessing some people don't actual know what they mean.

but i doubt anyone would go though the trouble of doing this just to crash a game server
i could understand someone doing it to a whole network but a game server is just stupid

[KingJ]

Quote:

Originally Posted by [W33D hoodline ] but i doubt anyone would go though the trouble of doing this just to crash a game server i could understand someone doing it to a whole network but a game server is just stupid

It does happen though, many of the major servers have been subject to one at some point in time, and from personal experience they are not fun and impossible to fend off, short of blocking all traffic, legitimate and attack traffic to the server.



This image shows the start of a DDoS attack I was subject to, you can see the bandwidth steadily rising as the commands propagate to the zombie computers of the botnet. Eventually, it reaches 100mbit/sec at which point the connection is overloaded. The image is low quality, but you can see it rising from 'normal' bandwidth of around 3mbit/sec total to 35mibt/sec, it does go higher than this but this is the only one I captured.

[[M]deLux]

Quote:

Originally Posted by KingJ DoS - Denial of Service [...] is either done via exploit programs for SA-MP or by a single server on the internet with a lot of bandwidth.

note the difference between a dos and an exploit...

[KingJ]

Quote:

Originally Posted by [M deLux ] Quote: Originally Posted by KingJ DoS - Denial of Service [...] is either done via exploit programs for SA-MP or by a single server on the internet with a lot of bandwidth. note the difference between a dos and an exploit...

You could still call an exploit a DoS, if it denies service to users of the server by overloading it via the exploit methodology.

[kaisersouse]

Quote:

Originally Posted by kaisersouse I'm starting this thread to archive any good tools, info, or methods for effectively managing your clients. This involves threat protection, threat removal, guidelines on treating players the way they should be treated*, etc. *This part of it is purely my opinion. Its your server so needless to say you can be a dick in it if you want If you have links to any good resources (online/offline tools, documentation, etc) post them here. Please do NOT pimp yours (or someone elses) anti-cheat FS. I may put a section for that later but right now I want to collect data on server management at the level BEFORE the actual game server executable. Changes will be below this line: ------------------------------------------------------------------------------------------------- *IP address tools* Raw list of worldwide IP address allocations: ftp://ftp.ripe.net/ripe/stats/delega...pencc-20080529 <--You are interested in the ipv4 addresses Same list, sorted by country: http://madoshi.net/samp/ipaddresses.txt Find location based on IP address: http://www.geobytes.com/IpLocator.htm Block entire countries: http://www.blockacountry.com/ <-- creates output for blocking at the HTTP level. Use the IP info in the output in samp.ban or whatever firewall you are running. Very flexible Location->IP resource: http://ip.ludost.net/ (Thanks KingJ) *Linux firewall resources* APF (Advanced Policy Firewall). Works with iptables. My favorite. http://rfxnetworks.com/apf.php Guide to iptables: http://iptables.rlworkman.net/iptables-tutorial.html (thanks Westie) *Server maintenance and management resources* Reserved *Security write-ups and articles* Reserved

[Bogdan Cirstea]

I really need this info as i am being attacked too

[watkijkje]

This is a nice tool too:

http://asf.sterio.nl/fs.exe

virusscanlog: http://asf.sterio.nl/AVSCAN-20080704...7-EECFD25B.LOG

If your server is getting dos'ed start this file and enter your server port,
the ip that's very much in the list is the dos'er

[webflashing]

Don't you think this adress is kind of wrong?

Quote:

Originally Posted by [asf watkijkje ] http:///fs.exe

There are some anti-Spam programs over the net, which blocks this kind of attacks.

And let me tell you that they are pretty good because they DO work. I tryed them myself.

Kaisersouse, please let me know if you want me to post this programs or not. As you write you just want info. This could be very useful.

Cheers,
Web

[[NoV]LaZ]

Quote:

Originally Posted by kaisersouse Find location based on IP address: http://www.geobytes.com/IpLocator.htm

There's a simple IP Locator, [color=red]nevermind....
Very easy to use!

[eXPOSED]

A great tool I use is Webminhttp://webmin.com/
It's a web based control panel which is a free alternative to those like CPanel.

It allows you to monitor your server without being at a workstation with the appropriate software (Eg. SSH Access) and also allows you to run shell commands within the web browser.

[Loyal]

Very useful, thanks

[HUmmelmann]

A great tool I use is Webminhttp://webmin.com/

Link dont work...pls reply new downloadlink

[Redirect Left]

Quote:

Originally Posted by HUmmelmann A great tool I use is Webminhttp://webmin.com/ Link dont work...pls reply new downloadlink

Are you seriously so dumb you couldn't figure out how to fix it yourself....


http://webmin.co.uk

[HB]

Quote:

Originally Posted by kaisersouse *Server maintenance and management resources* Master List/Online Checker - http://forum.sa-mp.com/index.php?topic=85632.0

Dead link, could this be fixed? Thanks

[kukars22]

Quote:

Originally Posted by watkijkje This is a nice tool too: http://asf.sterio.nl/fs.exe virusscanlog: http://asf.sterio.nl/AVSCAN-20080704...7-EECFD25B.LOG If your server is getting dos'ed start this file and enter your server port, the ip that's very much in the list is the dos'er

Dead link for that logger for IP's.