Blocking hosted/internet tab attacks (client-side)
#1

https://www.youtube.com/watch?v=x5zp9Sef77s
Video it is in spanish, but you can appreciate when I block attacker IP in windows firewall

Server attacker (listing on game-mp...): 142.44.145.48:7777


Edit:
Fixed on SA-MP 0.3.7 R2 Client (testing): https://sampforum.blast.hk/showthread.php?tid=641818
Reply
#2

I haven't looked deeply into this but I noticed that some servers are abusing the query protocol by sending a shitton of packets, their hostnames are updated "live" (very fast) because they are literally spamming everyone with packets, even after closing the browser. I kept getting packets from this server: 91.121.223.142:7777 for few minutes after closing the browser.
I guess Kye should really consider removing some servers from the hosted tab for their abuses. A major re-write of the query protocol is also needed but I'm pretty sure that isn't going to happen.

This server also does it: 142.44.145.49:7777
Reply
#3

Ok, 142.44.145.48:7777 has been removed from game-mp, but the attacker have more servers on hosted tab, he is using 142.44.145.49:7777 now for attacking.

Network address: 142.44.145.0/24
Servers (3) on game-mp on 142.44.145.0 network:


Reply
#4

Quote:
Originally Posted by adri1
View Post
Ok, 142.44.145.48:7777 has been removed from game-mp, but the attacker have more servers on hosted tab, he is using 142.44.145.49:7777 now for attacking.

Network address: 142.44.145.0
Servers (3) on game-mp on 142.44.145.0 network:


the attacks come only to servers with the same ip range? or because eh seen that they have closed account to host companies for that, or I have over understood that is that or am I wrong?
Reply
#5

Quote:
Originally Posted by !R1Ch@rD!
View Post
the attacks come only to servers with the same ip range? or because eh seen that they have closed account to host companies for that, or I have over understood that is that or am I wrong?
All those servers are hosted on ovh dedicated server, I know who is the hoster (attacker), and I can send more information by pm
Reply
#6

It is correct that those ip's are from the attacker already perform some tests itself and it works.
Thanks for the information
Reply
#7

I can confirm this attack (false querys)
Reply
#8

Why there are two servers with the same IP? wtf

Reply
#9

Is it that Sergioo guy again? IP's are similar to what he has.
Reply
#10

Quote:
Originally Posted by Hansrutger
View Post
Is it that Sergioo guy again? IP's are similar to what he has.
Yes he is.



._.
Reply
#11

confirmed
Reply
#12

The internet tab it's working fine! So... buy the internet tab !
https://imgur.com/a/e50fP
Reply
#13

someone needs to fix this
Reply
#14

Quote:
Originally Posted by mw3samp
Посмотреть сообщение
someone needs to fix this
Someone needs to finally ban idiots like these from the hosted tab.
And if you're sure about that sergio guy and have some proof, you should think about taking some legal actions against this kid. Or at least fight him back because I guess he also has a server.
What about making a abuse complaint to OVH?
Reply
#15

Quote:
Originally Posted by dotSILENT
Посмотреть сообщение
Someone needs to finally ban idiots like these from the hosted tab.
And if you're sure about that sergio guy and have some proof, you should think about taking some legal actions against this kid. Or at least fight him back because I guess he also has a server.
What about making a abuse complaint to OVH?
well i think in general there should be a way to fix this, from kalcor
Reply
#16

U can't avoid IP Spoofing. The purpose of spoofing is exactly this, change source address so you can't determinate which server is the attacker.

So, the only client side fix is block the malicious server (at least in the current type of spoofing).

If we can confirm that Sergio don't know anything about programming, we assume that he will not able to modify the spoofer's code and change the type of spoofing.

The real solution, but server side, is add a checksum to all packets, so the attacker MUST know the valid checksum to modify the packets.

Anyway, you can always use a modified version of samp master list to avoid this problem, but I think that isn't legal at all (honestly, I don't think SA-MP Team will allow these modifications).

Again, you can download Wireshark and start monitoring your network.

Quote:
Originally Posted by dotSILENT
Посмотреть сообщение
What about making a abuse complaint to OVH?
You can, but dedicated servers aren't monitored at all. OVH will need technical information.
Reply
#17

Twice in a month. This is great :/

If possible file abuse complaints on ovh, if that's any help.
Reply
#18

My request to mods to please check this topic .

Reply
#19

Quote:
Originally Posted by mw3samp
Посмотреть сообщение
My request to mods to please check this topic .
They already know. I heard that Sergio's game-mp account has been banned.

Anyway, I can check for the attacker's server in few hours.
Reply
#20

Looks like the same person is ddosing samp forums. Also sa-mp client is crashing for many people.
INTERNET & HOSTED are crashed

Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)