25.08.2017, 14:43
This attack is just combination of two OLD(!) attacks.
1. Connection flood (old incoming flood)
2. Query flood
As stated before, the first one was fixed in previous versions. You should add "cookielogging 0" to your config file. But there is still "query flood" problem. You can join the server, even if it's unavailable in browser.
Possible solutions for "query flood":
1. Country block - easy to bypass, but should fix the problem by now.
2. Query cache mechanism (introduced in OVH Game - don't know if it's working or not) - there are methods to introduce it with additional filtering software and some redirections.
3. Increase maximum queries per second in samp server or let owners change it (kalcor needed here, or simple reverse engineering) - there are risks of self-ddos/huge network output.
4. If you have BGP access or good relations with your provider, you can check where the attack comes from and announce selective blackhole. This means affect on legit customers but 100% filtering.
5. Remove your server from hosted tab - stupid but it works.
You should also inspect packets and see if there's something which can help you filter it (in some packets it is small difference and I'm not going to explain.. you know why). That's all..
1. Connection flood (old incoming flood)
2. Query flood
As stated before, the first one was fixed in previous versions. You should add "cookielogging 0" to your config file. But there is still "query flood" problem. You can join the server, even if it's unavailable in browser.
Possible solutions for "query flood":
1. Country block - easy to bypass, but should fix the problem by now.
2. Query cache mechanism (introduced in OVH Game - don't know if it's working or not) - there are methods to introduce it with additional filtering software and some redirections.
3. Increase maximum queries per second in samp server or let owners change it (kalcor needed here, or simple reverse engineering) - there are risks of self-ddos/huge network output.
4. If you have BGP access or good relations with your provider, you can check where the attack comes from and announce selective blackhole. This means affect on legit customers but 100% filtering.
5. Remove your server from hosted tab - stupid but it works.
You should also inspect packets and see if there's something which can help you filter it (in some packets it is small difference and I'm not going to explain.. you know why). That's all..