[guguuu]

we recently made a hosted server but now when we are starting it this error is coming can u tell me plz how to fix this

[01:58:00] [connection] 190.91.126.42:1244 requests connection cookie.
[01:58:00] [connection] 190.91.126.42:1244 requests connection cookie.
[01:58:00] [connection] 190.91.126.42:1244 requests connection cookie.
[01:58:00] [connection] 186.66.145.32:50299 requests connection cookie.
[01:58:00] [connection] 186.66.145.32:50299 requests connection cookie.
[01:58:00] [connection] 186.66.145.32:50299 requests connection cookie.
[01:58:00] [connection] 190.205.166.44:44057 requests connection cookie.
[01:58:00] [connection] 190.205.166.44:44057 requests connection cookie.
[01:58:00] [connection] 190.205.166.44:44057 requests connection cookie.
[...]

[Bingo]

There's nothing to worry about tho, This prevents spoof connections that's all.

[guguuu]

how can i fix that ?

[Bingo]

Quote:

Originally Posted by guguuu how can i fix that ?

"Fix" ?

That's not an error or anything, This for the safety of your server.

[guguuu]

now what to do bro ?? we bought hosting from www.hostedtab.com here

[Bingo]

Quote:

Originally Posted by guguuu now what to do bro ?? we bought hosting from www.hostedtab.com here

There could be possibility that someone might be trying to flood you but to make sure check whether these IP's are from a active players or a banned ones.

If these are only the IP's causing this then BAN them if they aren't playing in the server.

[guguuu]

these ip are from diff location and we just started and never banned anyone

[Bingo]

Quote:

Originally Posted by guguuu these ip are from diff location and we just started and never banned anyone

Okay i understand that, Check if these IP's are from someone in the active list or NO.

[-Shifty-]

Hi,

My server is currently under attack by many IP addresses with 2-3 attempts before it changes to another IP address. There is no logical order in these addresses since they come from all over the world and are not being used often. The flood sends about 25,000 entries per 30 seconds.

Looks like this (will spare you the whole server log):

Code:

[08:35:07] [connection] 180.53.10.43:5317 requests connection cookie.
[08:35:07] [connection] 180.53.10.43:5317 requests connection cookie.
[08:35:07] [connection] 180.109.142.86:28818 requests connection cookie.
[08:35:07] [connection] 180.109.142.86:28818 requests connection cookie.
[08:35:07] [connection] 180.109.142.86:28818 requests connection cookie.
[08:35:07] [connection] 180.138.182.178:33497 requests connection cookie.
[08:35:07] [connection] 180.138.182.178:33497 requests connection cookie.
[08:35:07] [connection] 180.138.182.178:33497 requests connection cookie.
[08:35:07] [connection] 201.202.58.249:64015 requests connection cookie.
[08:35:07] [connection] 201.202.58.249:64015 requests connection cookie.
[08:35:07] [connection] 201.202.58.249:64015 requests connection cookie.
[08:35:07] [connection] 180.12.133.109:5634 requests connection cookie.
[08:35:07] [connection] 180.12.133.109:5634 requests connection cookie.
[08:35:07] [connection] 180.12.133.109:5634 requests connection cookie.
[08:35:07] [connection] 180.210.149.1:3156 requests connection cookie.
[08:35:07] [connection] 180.210.149.1:3156 requests connection cookie.
[08:35:07] [connection] 180.210.149.1:3156 requests connection cookie.
[08:35:07] [connection] 180.27.186.140:7803 requests connection cookie.
[08:35:07] [connection] 180.27.186.140:7803 requests connection cookie.
[08:35:07] [connection] 180.26.211.50:47748 requests connection cookie.
[08:35:07] [connection] 180.26.211.50:47748 requests connection cookie.
[08:35:07] [connection] 180.26.211.50:47748 requests connection cookie.
[08:35:07] [connection] 186.225.37.101:42100 requests connection cookie.
[08:35:07] [connection] 186.225.37.101:42100 requests connection cookie.
[08:35:07] [connection] 181.48.28.244:49448 requests connection cookie.
[08:35:07] [connection] 181.48.28.244:49448 requests connection cookie.
[08:35:07] [connection] 181.48.28.244:49448 requests connection cookie.
[08:35:07] [connection] 190.138.129.148:60795 requests connection cookie.
[08:35:07] [connection] 190.138.129.148:60795 requests connection cookie.
[08:35:07] [connection] 190.138.129.148:60795 requests connection cookie.
[08:35:07] [connection] 180.171.132.173:16306 requests connection cookie.
[08:35:07] [connection] 180.171.132.173:16306 requests connection cookie.
[08:35:07] [connection] 180.171.132.173:16306 requests connection cookie.
[08:35:07] [connection] 186.66.87.222:58254 requests connection cookie.
[08:35:07] [connection] 186.66.87.222:58254 requests connection cookie.
[08:35:07] [connection] 186.66.87.222:58254 requests connection cookie.
[08:35:07] [connection] 181.59.192.168:23342 requests connection cookie.
[08:35:07] [connection] 181.59.192.168:23342 requests connection cookie.
[08:35:07] [connection] 181.59.192.168:23342 requests connection cookie.
[08:35:07] [connection] 180.75.145.6:38294 requests connection cookie.
[08:35:07] [connection] 180.75.145.6:38294 requests connection cookie.
[08:35:07] [connection] 180.75.145.6:38294 requests connection cookie.
[08:35:07] [connection] 186.132.114.186:45174 requests connection cookie.
[08:35:07] [connection] 186.132.114.186:45174 requests connection cookie.
[08:35:07] [connection] 186.132.114.186:45174 requests connection cookie.
[08:35:07] [connection] 186.76.119.142:55739 requests connection cookie.
[08:35:07] [connection] 186.76.119.142:55739 requests connection cookie.
[08:35:07] [connection] 186.76.119.142:55739 requests connection cookie.
[08:35:07] [connection] 200.206.23.190:27831 requests connection cookie.
[08:35:07] [connection] 200.206.23.190:27831 requests connection cookie.
[08:35:07] [connection] 190.103.103.216:37961 requests connection cookie.
[08:35:07] [connection] 190.103.103.216:37961 requests connection cookie.
[08:35:07] [connection] 190.103.103.216:37961 requests connection cookie.
[08:35:07] [connection] 186.49.243.192:5296 requests connection cookie.
[08:35:07] [connection] 186.49.243.192:5296 requests connection cookie.
[08:35:07] [connection] 186.49.243.192:5296 requests connection cookie.
[08:35:07] [connection] 190.134.120.250:18458 requests connection cookie.
[08:35:07] [connection] 190.134.120.250:18458 requests connection cookie.
[08:35:07] [connection] 190.134.120.250:18458 requests connection cookie.
[08:35:07] [connection] 186.159.155.144:27958 requests connection cookie.
[08:35:07] [connection] 186.159.155.144:27958 requests connection cookie.
[08:35:07] [connection] 186.159.155.144:27958 requests connection cookie.
[08:35:07] [connection] 180.65.90.173:20046 requests connection cookie.
[08:35:07] [connection] 180.65.90.173:20046 requests connection cookie.
[08:35:07] [connection] 180.65.90.173:20046 requests connection cookie.
[08:35:07] [connection] 190.63.12.8:35390 requests connection cookie.
[08:35:07] [connection] 190.63.12.8:35390 requests connection cookie.
[08:35:07] [connection] 190.63.12.8:35390 requests connection cookie.
[08:35:07] [connection] 180.203.42.76:61745 requests connection cookie.
[08:35:07] [connection] 180.203.42.76:61745 requests connection cookie.
[08:35:07] [connection] 180.203.42.76:61745 requests connection cookie.
[08:35:07] [connection] 180.85.28.142:26529 requests connection cookie.
[08:35:07] [connection] 180.85.28.142:26529 requests connection cookie.
[08:35:07] [connection] 180.85.28.142:26529 requests connection cookie.
[08:35:07] [connection] 200.104.118.236:11252 requests connection cookie.
[08:35:07] [connection] 200.104.118.236:11252 requests connection cookie.
[08:35:07] [connection] 200.104.118.236:11252 requests connection cookie.
[08:35:07] [connection] 180.21.203.170:48983 requests connection cookie.
[08:35:07] [connection] 180.21.203.170:48983 requests connection cookie.
[08:35:07] [connection] 180.21.203.170:48983 requests connection cookie.
[08:35:07] [connection] 181.44.79.53:14838 requests connection cookie.
[08:35:07] [connection] 181.44.79.53:14838 requests connection cookie.
[08:35:07] [connection] 181.44.79.53:14838 requests connection cookie.
[08:35:07] [connection] 190.115.28.191:42545 requests connection cookie.
[08:35:07] [connection] 190.115.28.191:42545 requests connection cookie.
[08:35:07] [connection] 190.115.28.191:42545 requests connection cookie.
[08:35:07] [connection] 186.144.166.230:5864 requests connection cookie.
[08:35:07] [connection] 186.144.166.230:5864 requests connection cookie.
[08:35:07] [connection] 186.144.166.230:5864 requests connection cookie.
[08:35:07] [connection] 186.69.253.48:7000 requests connection cookie.
[08:35:07] [connection] 186.69.253.48:7000 requests connection cookie.
[08:35:07] [connection] 186.69.253.48:7000 requests connection cookie.
[08:35:07] [connection] 181.61.97.112:14418 requests connection cookie.
[08:35:07] [connection] 181.61.97.112:14418 requests connection cookie.
[08:35:07] [connection] 181.61.97.112:14418 requests connection cookie.
[08:35:07] [connection] 180.3.113.50:25556 requests connection cookie.
[08:35:07] [connection] 180.3.113.50:25556 requests connection cookie.
[08:35:07] [connection] 180.3.113.50:25556 requests connection cookie.
[08:35:07] [connection] 201.196.190.190:23359 requests connection cookie.
[08:35:07] [connection] 180.54.99.90:39458 requests connection cookie.
[08:35:07] [connection] 190.24.244.24:15908 requests connection cookie.

OVH does not seem to filter this attack so I'd have to do some manual settings. Would it be wise to limit port 7777, if yes, what limit? I personally don't feel it would help since these IPs change every 2-3 connections. High quantity but low speed?

Thank you in advance.

Best Regards,
Shifty

[WarZ]

Quote:

Originally Posted by Cheleber_Pausini Just go to server.cfg and add cookielogging 1 conncookies 1

i believe it's not attack
also update your server plugin/inc.. possible from plugins

[Vince]

Changing the minconnectiontime parameter in server.cfg might help. I believe by default this is set to 0 so there is no delay between connection requests. You can set this to 5 seconds (5000 milliseconds) or so, depending on how often players join and leave. It might help but it probably won't stop the flooding entirely.

Do these requests also trigger OnIncommingConnection? If so you might be able to filter some of them by their port numbers. Genuine clients will almost universally use a random dynamic port in the range 49152 through 65535. If the port number is lower than 49152 you can temporarily block the IP using BlockIpAddress.

[-Shifty-]

Quote:

Originally Posted by WarZ i believe it's not attack also update your server plugin/inc.. possible from plugins

That would make no sense, plugins are up-to-date and ran fine till this morning. Some players are still able to connect but the majority can't. So many incoming connections are not normal behavior. Editing these lines will just stop logging them and doesn't solve the problem whatsoever.

[-Shifty-]

Quote:

Originally Posted by Vince Changing the minconnectiontime parameter in server.cfg might help. I believe by default this is set to 0 so there is no delay between connection requests. You can set this to 5 seconds (5000 milliseconds) or so, depending on how often players join and leave. It might help but it probably won't stop the flooding entirely. Do these requests also trigger OnIncommingConnection? If so you might be able to filter some of them by their port numbers. Genuine clients will almost universally use a random dynamic port in the range 49152 through 65535. If the port number is lower than 49152 you can temporarily block the IP using BlockIpAddress.

Added that line, doesn't seem to do any impact.

It only gives the cookie output, player is not joining if that's what you mean.

[.03]

Seeing the same thing on a server I manage.

Attack involves around 1700 IPs. I've just temporarily blocked the following:

Code:

180.0.0.0/8
181.0.0.0/8
186.0.0.0/8
190.0.0.0/8
200.0.0.0/8
201.0.0.0/8

And then I've added a few exceptions here and there for legit players trying to join. It's not ideal but it's better than the whole server being down. Hopefully they'll get bored soon.

[.03]

It's an attack, doesn't seem to be using a lot of data but involved around 1.7k IPs. I've had to rangeban /8 blocks for now but it's still ongoing.

[bugmenotlol]

hi
Today is there any problem with samp servers ??
the server slots are slow loading and players count are are bugged and also many gamestate and sacnr monitor is also bugged. almost all the servers are bugged...
did u noticed or it happened to only me ??

[.03]

Monitor looks like it's working for me: http://monitor.sacnr.com/server-53484.html

I do know a few people are getting attacked with connection floods today though, could be that. It's been going on for around 6 hours.

[-Shifty-]

Quote:

Originally Posted by .03 Seeing the same thing on a server I manage. Attack involves around 1700 IPs. I've just temporarily blocked the following: Code: 180.0.0.0/8 181.0.0.0/8 186.0.0.0/8 190.0.0.0/8 200.0.0.0/8 201.0.0.0/8 And then I've added a few exceptions here and there for legit players trying to join. It's not ideal but it's better than the whole server being down. Hopefully they'll get bored soon.

Good, this seems to make the server available for the majority of players. I hope they will indeed get bored soon, it is totally useless and annoying.

[iLearner]

You should immediately turn off cookielogging in server.cfg it reduces any kind of lag it might cause.

Now comes the part where they span server chat by the join leave messages; I added a condition on leave and join messages which sends the message only if last connection was 3 or more seconds ago.

The attacks I noticed (when I hopped on IRC) were from Canada.

[DonaldDuck]

Quote:

Originally Posted by guguuu can u tell me how to block ip adress from database

Show us your server.log and server.cfg so we can fix it easily.

PS: it could be better if you delete all account's in DB so it will be fixed.