Posts: 14
Threads: 2
Joined: Jun 07, 2009
Hi there,
We are being DDoSed by a rival community, and have tried installing your anti-DDoS plugin but it has not helped. The lag still continues to cripple our server.
We can tell it is a deliberate attack because only two of our 9 servers are being attacked (both jailbreak servers), and we know who is behind the attack.
Is there anything more we can do in terms of stopping the attack against our servers? We have already talked with our host, and they said the problem should have been fixed by now... but it clearly hasn't. The attack comes and goes, which is another way to tell its a deliberate attack.
Anyway... any help is appreciated!!!
Bobbobagan
Posts: 940
Threads: 24
Joined: Dec 12, 2008
you can always sue the people who are doing it.
Posts: 5,877
Threads: 182
Joined: Dec 11, 2004
Are you sure it's distributed? Do you know the IPs or IP ranges of the attacking machines? What exactly are they doing? Are they attacking the game port or something else?
Posts: 729
Threads: 69
Joined: May 06, 2008
Drunken_F00l Wrote:Are you sure it's distributed? Do you know the IPs or IP ranges of the attacking machines? What exactly are they doing? Are they attacking the game port or something else?
robots are invading Earth, please help.
Posts: 14
Threads: 2
Joined: Jun 07, 2009
I am fairly sure that one attackers IP is 81.77.51.144 which we have linked back to the UK. Although we got this IP on 10/7/09, so it has probably changed since then. There could be more than one attacker, but I am not entirely sure.
The IP of my servers being attacked is:
118.127.17.234
We know that the person involved owns a hacking website (which I will send you the link to in a PM drunken_fool)
Also some how he is getting access to our console and sometimes spams our server with the URL of his website. We have tried changing the RCON password, but no avail. There must be a major breach in CS:S somewhere that this person is exploiting.
Posts: 5,877
Threads: 182
Joined: Dec 11, 2004
You didn't answer my major questions. What is the attacker doing? What is making you think you are being attacked?
Posts: 14
Threads: 2
Joined: Jun 07, 2009
We decided to change hosts, because our old host wasn't doing much about the attack. We moved to Hypernia, but they too can't do much.
Drunken_F00l Wrote:What is the attacker doing?
He is basically lagging the server. When you try and play, you lag (or basically teleport) around the map. This is a message I received from my host (Hypernia) about the attack:
Quote:I am not seeing anything out of the ordinary on the .51 server. The DOS is probably taking advantage of game bugs and it's near impossible for us to block this sort of attack. The best tools you have are VAC and banning them. If you find any mods that may help prevent them crashing the server, we'd be happy to assist in setting that up.
The problem is it's not really an attack on the machine, just the individual game server, so traditional DDOS protection on the network is nearly useless detecting it and stopping it. Typically game DOSes send slightly malformed game data packets which the game server accepts but then later causes it to crash or lag out. It's extremely difficult to detect or block this kind of attack from the network side. Packet dumps of just data going to your server might not help either, as a few malformed packets out of millions would be impossible to locate.
Your best bet might be the mod community and game admin community who may have more relevant advice for your specific game.
Drunken_F00l Wrote:What is making you think you are being attacked?
It is very clear we are being attacked because only specific servers are being attacked. Some of our other servers are left untouched, but our most popular ones are being attacked with this lag.
Posts: 1,299
Threads: 43
Joined: Dec 01, 2008
If they are CS:S servers, I remember that one way to lag/crash a server was to set up a script that would spam timeleft/nextmap in console and overload the server, you might have people doing that.
Posts: 14
Threads: 2
Joined: Jun 07, 2009
lol... no. We already have measures put in place for this, and it is a completely different type of lag. Plus it still happens when nobody is in game.
Posts: 5,877
Threads: 182
Joined: Dec 11, 2004
What your provider said is correct. If there is no ordinary traffic on the network, they are exploiting some game bug and there is nothing they can do for you.