[Ballu Miaa]

Allright i was out for sometime. Thanks for everyone for replying and taking part in this discussion.

Each Hosting Provider attempts to help their customer by blocking the IP's which been sending the traffic/packets/packages/data to the server through various means and with multiple sources.

So if its a Crime. How to know the Hosting Provider of the attacker? Can we contact the attacker's countries cyber crime branch for this? Yes right? No matter what country! If yes okay am ready to fight back those motherfucking DoSers & DDo'sers. Thanks once again for everyone for being a part of the discussion. I got to understand what all we can do towards the attackers.

Shoutout to 3ventic - Thanks for telling me the difference between a DoS & a DDoS.

Quote:

Originally Posted by Mauzen People should just learn how to protect themselves before calling themselves "admin".

Exactly.

[Mauzen]

Quote:

Originally Posted by Ballu Miaa So if its a Crime. How to know the Hosting Provider of the attacker? Can we contact the attacker's countries cyber crime branch for this? Yes right? No matter what country! If yes okay am ready to fight back those motherfucking DoSers & DDo'sers. Thanks once again for everyone for being a part of the discussion. I got to understand what all we can do towards the attackers.

In general, you get the provider directly from the attackers ip, by tracing it back (e.g. http://www.ip-tracker.org).
However this wont work when the attacker is using a proxy server (simply resetting the own ip wont make a difference, as it still leads to the same provider server). There are different "kinds" of proxy servers. The usual one is a free to use server anybody can log in to and use it. These servers are slow, too slow to allow real attacks, you would just dos the proxy server, probably leading to a closing connection, or maybe even to legal actions from the proxy provider. Firewall settings and dynamic connection limiter scripts can stop these attacks.
Then there are proxy servers running on a machine of the attacker himself. These wont have a speed limit, but tracking that ip youll get the server provider and use that for further steps.
At last there are paid proxy servers, no speed limit, no restrictions, and mostly 99% anonymous. Those are the real danger, as they can actually be used for a real attack. However they are expensive, too expensive for the usual samp attacker, so its unlikely youll meet one of these.
Additionally there are things like bot networks used for ddos attacks. Those are the "elite" of the attack ways. Hundreds or thousands of different computers from different locations attacking a single ip, creating gigabits of traffic each second. Banning all the ips is extremely difficult, and even when blocked theyll cause enough trouble to still block your server. These networks are commonly used to take down big business servers or government websites. But youll either need to build one yourself, using stuff like a virus, or rent one from some hacker (which might lead to costs of tenthousands of dollars per hour). I doubt that any attack related to samp was yet ever done by such a bot network.

So when you got the provider of the attacker, you can contact him (the provider) directly to report abuse of the internet connection, or contact your own provider to deal with that. In both cases send as many logs as possible, the ip together with the time will be the most important information, as the providers can then easily check their own logs and - in the best case - cut the attackers internet connection.
Contacting the cyber crime agency might also be a way, but probably they wont deal with small attacks, as its relatively a lot of work for them. You would need to prosecute the ip owner for commiting/allowing an illegal attack and internet abuse, and this might cost you some money. However in the best case you could request some compensation from the attacker for the downtimes.

[Astralis]

Then you probably annoyed those attackers (ex demoted them from your admin team). ^^

[Ballu Miaa]

Quote:

Originally Posted by Mauzen In general, you get the provider directly from the attackers ip, by tracing it back (e.g. http://www.ip-tracker.org). However this wont work when the attacker is using a proxy server (simply resetting the own ip wont make a difference, as it still leads to the same provider server). There are different "kinds" of proxy servers. The usual one is a free to use server anybody can log in to and use it. These servers are slow, too slow to allow real attacks, you would just dos the proxy server, probably leading to a closing connection, or maybe even to legal actions from the proxy provider. Firewall settings and dynamic connection limiter scripts can stop these attacks. Then there are proxy servers running on a machine of the attacker himself. These wont have a speed limit, but tracking that ip youll get the server provider and use that for further steps. At last there are paid proxy servers, no speed limit, no restrictions, and mostly 99% anonymous. Those are the real danger, as they can actually be used for a real attack. However they are expensive, too expensive for the usual samp attacker, so its unlikely youll meet one of these. Additionally there are things like bot networks used for ddos attacks. Those are the "elite" of the attack ways. Hundreds or thousands of different computers from different locations attacking a single ip, creating gigabits of traffic each second. Banning all the ips is extremely difficult, and even when blocked theyll cause enough trouble to still block your server. These networks are commonly used to take down big business servers or government websites. But youll either need to build one yourself, using stuff like a virus, or rent one from some hacker (which might lead to costs of tenthousands of dollars per hour). I doubt that any attack related to samp was yet ever done by such a bot network. So when you got the provider of the attacker, you can contact him (the provider) directly to report abuse of the internet connection, or contact your own provider to deal with that. In both cases send as many logs as possible, the ip together with the time will be the most important information, as the providers can then easily check their own logs and - in the best case - cut the attackers internet connection. Contacting the cyber crime agency might also be a way, but probably they wont deal with small attacks, as its relatively a lot of work for them. You would need to prosecute the ip owner for commiting/allowing an illegal attack and internet abuse, and this might cost you some money. However in the best case you could request some compensation from the attacker for the downtimes.

Allright i will try to keep all this in my mind next time my server will be attacked by DDoS'ers! Thanks Mauzen for all the knowledge!

Rep+8 done to Every poster! Thanks!

[Riddy]

Quote:

Originally Posted by Mauzen DoS/DDoS really isnt samps matter. Small dos attacks can simply be blocked by a firewall, and for big ddos attacks theres nothing to do at all, you can have a whole array of hardware firewalls, theyll also fail when there are billions of connections every second. There are so many "server owners" around, and as soon as they get attacked they start moaning at samp, because it offers no protection, while there are about no programs at all that offer a built-in firewall. And i wouldnt like to give the complete connection control to the samp server anyways. People should just learn how to protect themselves before calling themselves "admin".

Overall I agree with this, just 'learning how to protect themselves' is a issue. I currently play many types of games, which are multiplayer, what I've noticed is, there has been a increase on DDoSing, hacking and etc, in all games I play just because, the DDoSer/Hacker/Whatever is jealous of the other server, so they DDoS/hack it so, when that game is down, and they got a slight possibility to actually gain players, this is the real big issue. On your statement, if you mean, Dont piss people off, just handle stuff fairly, then you gotta rule some stuff out, but if you mean physically stop a DDoS by doing something, then I doubt they can.

[DRUNKY]

Those DDosers are just some guys who are jealous from those servers who has a large and known community.

[Tenshi]

Quote:

Originally Posted by BillyBoy Those DDosers are just some guys who are jealous from those servers who has a large and known community.

lol ^ i like that




I, my self "Tenshi" Just was ddosed a few months back, then a few weeks ago,
but i spoke to the person responsible and the attacks died off.

Now I have a new-type of person i guess, attacking me.
even with firewall them, its really no help to be honest.

Unless you have a external firewall, its a bit useless to stop an attack while its happening because the normal firewall for a server is IN the server it self. an attack thats flooding and attacking the server makes it impossible to access to it.

Even host providers are lazy and do not want to deal with it, majority they will try to NULL the attackers IP unless it goes over the limit (meaning 100's of IP's and proxy, most of the time hard to block off)

sometimes, worse case, as i feel, the provider NULL's the server's IP making the attacks stop, but by doing so making your sa-mp server offline to the world and your self. (the owner).


I've been in plenty of online gaming community, and I hate to say sa-mp is the only one I've been having issues with for years.

At this very very moment my IP is blocked off from the world [including my self], and there is other servers i rather not say the name in this post , who was just recently ddos.

This entire matter is completely useless and childish. trying to prove their own point in view by attacking a community that the players SUFFER, not the owners (in my opinion).

I can be ddosed and it really wouldn't affect my day, but I know plenty of players who are pissed off and upset, and it does make me upset, too. Because at times you (and me) feel helpless to do anything about it.

We're in a point in technology that we're exceeding power in servers and networking,
yet we're still so naked to the fact that even 1 or 2 silly old PC's with some proxy or another cheap vps/dedi can take down a much bigger dedicated server from half across the world.

Its sad, pathetic and pretty useless.
Everyone loses, even the ddosers, because its not cheap to get servers to attack someone else, no one has that time and resource just to do it for fun, unless someone is spending money from it.

I Feel bad for GamerX, who is constantly getting battered like a rock in the shoreline sea, Partyserver, too, but they are under a very good provider and part of FOCO community now, on top of that I've seen Volt-Hosting (i dont have hosting there) which also have been getting hammed and harassed by DDOS'ers.

Right now i sip on some Arizona Ice Tea 23FL OZ can, while server is down from ddos, and nothing I can really do but read the internet and wait.

its just sad... real real sad.

sorry for the ramble, been a very boring day today (real life stuff not just cuz of the ddos)

[rymax99]

What a botnet is (easy definition) is, someone sends out a piece of software (can be downloaded via mysqlinjection on sites that ask "Do you want java to run" it plants a virus in a folder, and it runs on startup Or, it is a piece of software you download that looks like ordinary software (but is actually what is called a RAT -Remote admin tool) and it gives the person 100 percent control to your computer, it logs your PW's, ability to fuck up your whole PC, anything you can imagine. Well, a lot of computers connected and the person who sent the viruses (RAT as commonly said) selects all the slaves (the infected machines) and sends an outbound attack to one ip. This will lag the slaves connections and of coarse crash/lag the connection the person is trying to DDoS, depending on their bandwith, and how many slaves the bot herder has and how good all their connections are put together.

more info: if the person sending the RAT isn't a noob they can combine it with useful software so it looks 100 percent normal. Even gives you functioning software, and those ones 90 percent of the time have something called a "crypt" which is something that makes it so A/V isn't detected. You can prevent yourself from being rat'd from not running java on any untrusted sites, and not downloading software from untrusted publishers.

The DDoSer does NOT have to be pro by any means! All they have to do really for a simple attack is buy a VPS for like what? 10 dollars a month, one that has a good connection but since they only want it to DDoS RAM won't matter, along with CPU. They just flood the connection with packs, thus being a denial of service attack. Bot nets are impossible to catch (practically) because the packets are being sent from an array of computers and aren't much bandwith from each connection but combined can build up quickly. VPS's are more easy to catch if you get the VPS ip, you can simply report them to the VPS company, or to your local police (although god knows they wont give a fuck)

[Lorenc_]

Seems like it DDoS season, because I am as well lol... I firewall'd the players range ips and it seems to do something

Quote:

Originally Posted by Ballu Miaa Dear Members, Nowadays i see almost every server getting DDos'd. All i hear afterwards its just there is nothing we can do about it. Even after spending hundred of dollars , it wont work when they are heavy attacks. NG-RP itself is closed half of the times as it is being attacked by some DDose'rs. So just for my knowledge ,wisdom and for fuck sake of Anti DDos, i wanted to ask some questions from all the members. Questions i have within my mind are as follows I wanted to know is how actually do these attacks work? Is the attacker , a Programmer or a Noob with a software? Are there any multi-attacks also done? What all we can do about these Ddos attacks? I know some well known communities who are always up and i never sew them getting attacked or something. CrazyBob's , LS-RP , GamerX? Websites can be attacked too right? Any connection can be? If you can answer any of my question please dont hesitate to reply. Help will be greatly appreciated. Regards Ballu Miaa

1. Usually with Python or some web application. I would assume they use sockets or something...
2. The weak ones usually pay $5 for some typical booter under 1GBPS consisting of like 500 shells.
3. Uh. Booters are prostitutes, and botnets are like their pimps. So yeah, botnets use multiple servers to create a strong ddos
4. You can't help it. You simply need to get a host who can filter/migrate the attacks.
5. Yeah, they can.

Could be wrong.

[rymax99]

4. You can't help it. You simply need to get a host who can filter/migrate the attacks.
that.
a host that can filter, and that the firewall doesn't lag the fuck out of the players.

[Ballu Miaa]

Gosh Wish Tenshi! PTP Would have stayed , Its me Tenshi : Char.C[GgT]

I wish these DDoSer's die somehow! What a Rage this is. Dammit. Hope we could do something about it and i will try to do something about!

[101]

Some people in this thread are stupid. The SA:MP team can't do anything, its up-to you. And the ddosers have no skill what so ever, all they get is a $10/mo booter. BuyVM is a good solution for those on budget. $3/mo for a filtered IP is a great deal.

[Tenshi]

Quote:

Originally Posted by Ballu Miaa Gosh Wish Tenshi! PTP Would have stayed , Its me Tenshi : Char.C[GgT] I wish these DDoSer's die somehow! What a Rage this is. Dammit. Hope we could do something about it and i will try to do something about!

awe <3

and PTP is still around, just getting attacked at the moment lol.

"Haters gonna hate"

[drose1]

our server died due to Massive DDOS so Kitten just Gaved Away the Script

[Skyrise]

BBS sends hugs in the form of packets. These packets are mass generated and shot at a server, flooding the network. There are multiple 'attack methods' - the most common are (S)SYN, (S)UDP and Amplified UDP. All these can be created by a script (perl for example) to create those packets. All you need is perl, a script, and a VPS. The (S) stands for spoofed and means that scripts modify the data sent to fake the IP, thus hard to trace.

As 'RealWorldGaming' stated, NFOServers (I referred him) is very good, but can be a bit pricey. Although, we have a dedicated server with them.

At MCRP, we take DoS all the time. Welcome to SA-MP is all I can say. It's hard, because all you have to do is piss off a 10 year-old kid and he'll steal his mom's credit card and buy a $5 booter to hit your server off. (Tr011- He'll then proceed to brag about his 'status' as a big gui, demanding admin from you.) Not possible to stop it indefinitely.

[Ballu Miaa]

Quote:

Originally Posted by Tenshi awe <3 and PTP is still around, just getting attacked at the moment lol. "Haters gonna hate"

Uhh Allright bro! Would try to come back there.

@Skyrise -Allright bro. I would see what i can do! Thanks for the info.

[DJ_Shocker]

Guys don't take this as advertising.
But when we were getting DDOSed by another server because their players got tired of them (seriously, they would come and we'd here all kinds of things about how things were over there)
The owner and some admins from the other server were constantly DDOSing us.
We changed from Volt-Host because they wouldn't do ANYTHING about it and would take several days to respond to tickets.


So what we did was switch to a different company. The first day there, we got DDOSed again and our new provider, JJServers, blocked all 80something IPs that were hitting us. We've had no problems since. Seriously, click the link in my signature and give them a shot. They have phone support, and respond to tickets within 20 minutes. I love them.