Connection flood

I've heard those floods aren't getting any player ID, so i've made the code below, any chance on succes with it?

And this is only supposed to work if the bot doesn't receive a player ID, meaning a flooding bot!

It is supposed to store the IP when a connection is made, 5 seconds later it checks if the IP matches the IP of a player, if not, it blocks the IP for 24 hours. It compiled without errors.

Does this even have any chance to work?

pawn Код:
#define MAX_STORED 1000

enum CheckInfo
{
    IP[16],
    IsUsed = 0
};
new cInfo[MAX_STORED][CheckInfo];


new playerIP[16];
public OnIncomingConnection(playerid, ip_address[], port)
{
    new id = GetEmptyStoreID();
    format(cInfo[id][IP], 16, "%s", ip_address);
    cInfo[id][IsUsed] = 1;
   
    SetTimerEx("CheckForID", 5000, false, "d", id);
    return 1;
}

forward CheckForID(checkID);
public CheckForID(checkID)
{
    new Pool = GetPlayerPoolSize();
    for(new i = 0; i <= Pool; i++)
    {
        GetPlayerIp(i, playerIP, 16);
        if(strcmp(playerIP, cInfo[checkID][IP]))
        {
             BlockIpAddress(playerIP, 8640000); // block the IP for 24 hours
             cInfo[checkID][IsUsed] = 0;
        }
    }
}


stock GetEmptyStoreID()
{
    for(new i = 1; i < MAX_STORED; i++)
    {
        if(cInfo[i][IsUsed] == 1) continue ;
        return i;
    }
    return -1;
}
Reply

Quote:
Originally Posted by thegamer355
Посмотреть сообщение
I've heard those floods aren't getting any player ID, so i've made the code below, any chance on succes with it?

And this is only supposed to work if the bot doesn't receive a player ID, meaning a flooding bot!

It is supposed to store the IP when a connection is made, 5 seconds later it checks if the IP matches the IP of a player, if not, it blocks the IP for 24 hours. It compiled without errors.

Does this even have any chance to work?

pawn Код:
#define MAX_STORED 1000

enum CheckInfo
{
    IP[16],
    IsUsed = 0
};
new cInfo[MAX_STORED][CheckInfo];


new playerIP[16];
public OnIncomingConnection(playerid, ip_address[], port)
{
    new id = GetEmptyStoreID();
    format(cInfo[id][IP], 16, "%s", ip_address);
    cInfo[id][IsUsed] = 1;
   
    SetTimerEx("CheckForID", 5000, false, "d", id);
    return 1;
}

forward CheckForID(checkID);
public CheckForID(checkID)
{
    new Pool = GetPlayerPoolSize();
    for(new i = 0; i <= Pool; i++)
    {
        GetPlayerIp(i, playerIP, 16);
        if(strcmp(playerIP, cInfo[checkID][IP]))
        {
             BlockIpAddress(playerIP, 8640000); // block the IP for 24 hours
             cInfo[checkID][IsUsed] = 0;
        }
    }
}


stock GetEmptyStoreID()
{
    for(new i = 1; i < MAX_STORED; i++)
    {
        if(cInfo[i][IsUsed] == 1) continue ;
        return i;
    }
    return -1;
}
Unfortunately nothing you write in Pawn, will help you. The attack is at the core of SA-MP which you don't have access to. Only an outside program/plugin might be of some help.

The attack isn't coming from a players on your server.
Reply

Once you get into the server it doesn't lag, it's just making the server respond longer.
Reply

I have tried to flood (80+ bots, banning them on OnPlayerConnect) my localhost server... It resulted in a HUGE ping 785 from 127.0.0.1 and 2230 from my router ip (external)... And then the computer ran out of memory (i think) and crashed the server...
For everyone who want the log (6963 lines) here is the pastebin link.
Reply

im from chile and got my ip blocked from many servers and idk why :l someone can help me?...
Reply

Lol because their stupid owners banned your IP hahahahah
RIP @Rakil
try to play on some modern servers...
Reply

Quote:
Originally Posted by YouHack
Посмотреть сообщение
Lol because their stupid owners banned your IP hahahahah
RIP @Rakil
try to play on some modern servers...
Don't call them stupid, It's not their mistake they're trying to stop the attack there is no other solutions.
Reply

just keel calm all , thouse shits will stopped when Kalcor do something .
Reply

I'm so glad I'm not the only one with this issue. I added those iptables but it doesn't really solve much.

For now, simply redirect your pb to a temporary IP and it'll be fine.

Quote:
Originally Posted by TommyB
Посмотреть сообщение
This is hardly that big of an issue. Just keep your connection cookie logging off so it doesn't cause your server to hang and inform your players that your server is actually running and to connect even if it doesn't ping properly.
I have them turned off as you know but it's still fucked. The logging isn't actually the cause of this attack.
Reply

Quote:
Originally Posted by Dignity
Посмотреть сообщение
I have them turned off as you know but it's still fucked. The logging isn't actually the cause of this attack.
The only issue that remains is your server is mostly unresponsive in the SA-MP browser. Everything else works fine. All you guys have to do is inform your players the server is actually running and it's a widespread SA-MP attack causing the unresponsiveness.
Reply

Quote:
Originally Posted by 10MIN
Посмотреть сообщение
I have tried to flood (80+ bots, banning them on OnPlayerConnect) my localhost server... It resulted in a HUGE ping 785 from 127.0.0.1 and 2230 from my router ip (external)... And then the computer ran out of memory (i think) and crashed the server...
For everyone who want the log (6963 lines) here is the pastebin link.
Just read this... I think the attackers use a modified version of this bot...
Reply

We're having this issue too, except we don't have connection cookie logging enabled. It just takes the server forever to ping, as well as connect. We started out by dropping those same ranges and it solved our problem until this morning where the attacks are coming from entirely random IP's. OVH isn't detecting this as an attack and even forced mitigation does absolutely nothing, They also haven't really been helpful in helping us figure out a way to mitigate this.

Код:
[25/08/2017 13:35:37] Warning: Minimum time between new connections (7500) exceeded for 212.76.179.25:60660. Ignoring the request.
[25/08/2017 13:35:44] Warning: Minimum time between new connections (7500) exceeded for 133.187.47.75:22324. Ignoring the request.
[25/08/2017 13:35:53] Warning: Minimum time between new connections (7500) exceeded for 173.52.85.240:49680. Ignoring the request.
[25/08/2017 13:36:01] Warning: Minimum time between new connections (7500) exceeded for 219.62.145.2:27268. Ignoring the request.
[25/08/2017 13:36:08] Warning: Minimum time between new connections (7500) exceeded for 39.43.61.23:2589. Ignoring the request.
[25/08/2017 13:36:16] Warning: Minimum time between new connections (7500) exceeded for 82.107.220.153:9452. Ignoring the request.
[25/08/2017 13:36:23] Warning: Minimum time between new connections (7500) exceeded for 129.219.49.23:53698. Ignoring the request.
[25/08/2017 13:36:32] Warning: Minimum time between new connections (7500) exceeded for 124.122.3.12:44049. Ignoring the request.
[25/08/2017 13:36:40] Warning: Minimum time between new connections (7500) exceeded for 135.115.141.143:47886. Ignoring the request.
[25/08/2017 13:36:48] Warning: Minimum time between new connections (7500) exceeded for 108.85.238.166:36906. Ignoring the request.
[25/08/2017 13:36:58] Warning: Minimum time between new connections (7500) exceeded for 131.22.201.195:56118. Ignoring the request.
[25/08/2017 13:37:05] Warning: Minimum time between new connections (7500) exceeded for 145.170.36.233:25677. Ignoring the request.
[25/08/2017 13:37:13] Warning: Minimum time between new connections (7500) exceeded for 204.166.211.164:22365. Ignoring the request.
[25/08/2017 13:37:20] Warning: Minimum time between new connections (7500) exceeded for 183.215.84.149:26611. Ignoring the request.
[25/08/2017 13:37:28] Warning: Minimum time between new connections (7500) exceeded for 58.65.125.102:22774. Ignoring the request.
[25/08/2017 13:37:36] Warning: Minimum time between new connections (7500) exceeded for 156.250.230.197:33771. Ignoring the request.
[25/08/2017 13:37:43] Warning: Minimum time between new connections (7500) exceeded for 114.201.226.126:39261. Ignoring the request.
[25/08/2017 13:37:54] Warning: Minimum time between new connections (7500) exceeded for 112.21.140.179:40939. Ignoring the request.
[25/08/2017 13:38:01] Warning: Minimum time between new connections (7500) exceeded for 220.33.59.136:40402. Ignoring the request.
[25/08/2017 13:38:09] Warning: Minimum time between new connections (7500) exceeded for 94.229.58.158:57509. Ignoring the request.
[25/08/2017 13:38:16] Warning: Minimum time between new connections (7500) exceeded for 214.32.192.173:34913. Ignoring the request.
[25/08/2017 13:38:24] Warning: Minimum time between new connections (7500) exceeded for 109.54.114.163:31082. Ignoring the request.
[25/08/2017 13:38:31] Warning: Minimum time between new connections (7500) exceeded for 95.180.11.171:44719. Ignoring the request.
[25/08/2017 13:38:39] Warning: Minimum time between new connections (7500) exceeded for 203.233.16.58:12617. Ignoring the request.
[25/08/2017 13:38:46] Warning: Minimum time between new connections (7500) exceeded for 17.42.176.147:34041. Ignoring the request.
[25/08/2017 13:38:56] Warning: Minimum time between new connections (7500) exceeded for 2.208.24.182:20611. Ignoring the request.
[25/08/2017 13:39:03] Warning: Minimum time between new connections (7500) exceeded for 14.55.243.201:33112. Ignoring the request.
[25/08/2017 13:39:11] Warning: Minimum time between new connections (7500) exceeded for 54.78.174.253:43276. Ignoring the request.
[25/08/2017 13:39:18] Warning: Minimum time between new connections (7500) exceeded for 96.105.68.109:58354. Ignoring the request.
[25/08/2017 13:39:26] Warning: Minimum time between new connections (7500) exceeded for 80.159.33.34:30422. Ignoring the request.
[25/08/2017 13:39:34] Warning: Minimum time between new connections (7500) exceeded for 62.127.33.198:3411. Ignoring the request.
[25/08/2017 13:39:41] Warning: Minimum time between new connections (7500) exceeded for 218.194.84.225:38677. Ignoring the request.
[25/08/2017 13:39:49] Warning: Minimum time between new connections (7500) exceeded for 95.218.138.169:37966. Ignoring the request.
[25/08/2017 13:39:58] Warning: Minimum time between new connections (7500) exceeded for 50.202.94.206:23856. Ignoring the request.
[25/08/2017 13:40:06] Warning: Minimum time between new connections (7500) exceeded for 59.164.49.221:45382. Ignoring the request.
[25/08/2017 13:40:14] Warning: Minimum time between new connections (7500) exceeded for 208.139.62.64:18887. Ignoring the request.
[25/08/2017 13:40:21] Warning: Minimum time between new connections (7500) exceeded for 218.197.223.61:32081. Ignoring the request.
[25/08/2017 13:40:29] Warning: Minimum time between new connections (7500) exceeded for 160.120.238.98:56875. Ignoring the request.
[25/08/2017 13:40:37] Warning: Minimum time between new connections (7500) exceeded for 2.211.196.95:53064. Ignoring the request.
[25/08/2017 13:40:44] Warning: Minimum time between new connections (7500) exceeded for 88.88.108.248:54961. Ignoring the request.
[25/08/2017 13:40:54] Warning: Minimum time between new connections (7500) exceeded for 42.185.96.190:63917. Ignoring the request.
[25/08/2017 13:41:02] Warning: Minimum time between new connections (7500) exceeded for 192.220.84.5:62736. Ignoring the request.
[25/08/2017 13:41:10] Warning: Minimum time between new connections (7500) exceeded for 134.12.98.84:1049. Ignoring the request.
[25/08/2017 13:41:17] Warning: Minimum time between new connections (7500) exceeded for 120.1.138.138:3878. Ignoring the request.
[25/08/2017 13:41:25] Warning: Minimum time between new connections (7500) exceeded for 99.235.132.184:60915. Ignoring the request.
[25/08/2017 13:41:32] Warning: Minimum time between new connections (7500) exceeded for 210.232.101.197:42465. Ignoring the request.
[25/08/2017 13:41:40] Warning: Minimum time between new connections (7500) exceeded for 192.169.56.20:16373. Ignoring the request.
[25/08/2017 13:41:47] Warning: Minimum time between new connections (7500) exceeded for 111.174.217.78:9771. Ignoring the request.
[25/08/2017 13:41:57] Warning: Minimum time between new connections (7500) exceeded for 123.17.75.184:10129. Ignoring the request.
[25/08/2017 13:42:05] Warning: Minimum time between new connections (7500) exceeded for 99.43.49.232:52002. Ignoring the request.
[25/08/2017 13:42:12] Warning: Minimum time between new connections (7500) exceeded for 195.50.170.153:33395. Ignoring the request.
[25/08/2017 13:42:20] Warning: Minimum time between new connections (7500) exceeded for 108.236.235.236:28561. Ignoring the request.
[25/08/2017 13:42:27] Warning: Minimum time between new connections (7500) exceeded for 218.232.35.70:27396. Ignoring the request.
[25/08/2017 13:42:35] Warning: Minimum time between new connections (7500) exceeded for 131.178.251.183:12405. Ignoring the request.
[25/08/2017 13:42:42] Warning: Minimum time between new connections (7500) exceeded for 211.142.44.71:31692. Ignoring the request.
[25/08/2017 13:42:50] Warning: Minimum time between new connections (7500) exceeded for 204.54.90.66:49487. Ignoring the request.
[25/08/2017 13:43:00] Warning: Minimum time between new connections (7500) exceeded for 14.121.127.195:45258. Ignoring the request.
[25/08/2017 13:43:07] Warning: Minimum time between new connections (7500) exceeded for 8.73.149.138:29214. Ignoring the request.
[25/08/2017 13:43:15] Warning: Minimum time between new connections (7500) exceeded for 128.122.180.23:16445. Ignoring the request.
[25/08/2017 13:43:22] Warning: Minimum time between new connections (7500) exceeded for 99.239.147.128:54209. Ignoring the request.
[25/08/2017 13:43:31] Warning: Minimum time between new connections (7500) exceeded for 67.180.197.171:23248. Ignoring the request.
[25/08/2017 13:43:38] Warning: Minimum time between new connections (7500) exceeded for 122.140.230.91:4202. Ignoring the request.
[25/08/2017 13:43:46] Warning: Minimum time between new connections (7500) exceeded for 123.52.73.163:59939. Ignoring the request.
[25/08/2017 13:43:53] Warning: Minimum time between new connections (7500) exceeded for 99.239.147.128:63835. Ignoring the request.
[25/08/2017 13:44:02] Warning: Minimum time between new connections (7500) exceeded for 14.39.39.207:35419. Ignoring the request.
[25/08/2017 13:44:10] Warning: Minimum time between new connections (7500) exceeded for 16.54.152.189:31988. Ignoring the request.
[25/08/2017 13:44:17] Warning: Minimum time between new connections (7500) exceeded for 155.208.234.247:7191. Ignoring the request.
[25/08/2017 13:44:25] Warning: Minimum time between new connections (7500) exceeded for 142.151.157.22:31742. Ignoring the request.
[25/08/2017 13:44:33] Warning: Minimum time between new connections (7500) exceeded for 161.171.99.165:31597. Ignoring the request.
[25/08/2017 13:44:40] Warning: Minimum time between new connections (7500) exceeded for 42.104.8.182:30336. Ignoring the request.
[25/08/2017 13:44:48] Warning: Minimum time between new connections (7500) exceeded for 151.230.189.55:53142. Ignoring the request.
[25/08/2017 13:44:55] Warning: Minimum time between new connections (7500) exceeded for 100.15.27.175:52732. Ignoring the request.
[25/08/2017 13:45:03] Warning: Minimum time between new connections (7500) exceeded for 99.239.147.128:57235. Ignoring the request.
[25/08/2017 13:45:11] Warning: Minimum time between new connections (7500) exceeded for 99.239.147.128:57237. Ignoring the request.
Reply

Quote:
Originally Posted by TommyB
Посмотреть сообщение
The only issue that remains is your server is mostly unresponsive in the SA-MP browser. Everything else works fine. All you guys have to do is inform your players the server is actually running and it's a widespread SA-MP attack causing the unresponsiveness.
Correct! Changing your port also fixes the issue entirely, for the time being.
Reply

but he can use tht fking hax again with tht soon...
kt wont lasts for long...
Reply

Even though if you block the previous mentioned ranges, there's a bunch of new ranges raging through the servers at the moment.
I tried investigating the packet contents and there's absolutely no chance to detect what's legit and what's not. How this could be patchable would be a mystery to me.
I just hope we all can work together against this unfairness. And ragemode won't help anyone here, just calm down and act rationally
Reply

Quote:
Originally Posted by [HLF]Southclaw
Посмотреть сообщение
I should remind people that this is a UDP attack, meaning - with the right knowhow - any IP address can be used.

denNorske is right though, just wait it out, apply mitigation techniques mentioned in this thread and on the net, attackers will get bored like they always do.

Remember the last attack? People thought it was the end of SA:MP? Yeah...
run a app on vps for 31 days isn't boring at all bruh.
Reply

IPs aren't being used twice now. So apparently you'd have to do a lot of port changing and so on. Looks like owners are going to get pissed.
Reply

Another reason to stop my samp community running
Reply

Banning those ranges is useless now (for me)
Reply

Quote:
Originally Posted by iLearner
Посмотреть сообщение
Banning those ranges is useless now (for me)
All we can do is to wait until the attacker gives up.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)