[bobbobagan]

Hi there,

We are being DDoSed by a rival community, and have tried installing your anti-DDoS plugin but it has not helped. The lag still continues to cripple our server.

We can tell it is a deliberate attack because only two of our 9 servers are being attacked (both jailbreak servers), and we know who is behind the attack.

Is there anything more we can do in terms of stopping the attack against our servers? We have already talked with our host, and they said the problem should have been fixed by now... but it clearly hasn't. The attack comes and goes, which is another way to tell its a deliberate attack.

Anyway... any help is appreciated!!!

Bobbobagan

[unknown]

you can always sue the people who are doing it.

[Drunken F00l]

Are you sure it's distributed? Do you know the IPs or IP ranges of the attacking machines? What exactly are they doing? Are they attacking the game port or something else?

[Versed]

Are you sure it's distributed? Do you know the IPs or IP ranges of the attacking machines? What exactly are they doing? Are they attacking the game port or something else?

robots are invading Earth, please help.

[bobbobagan]

I am fairly sure that one attackers IP is 81.77.51.144 which we have linked back to the UK. Although we got this IP on 10/7/09, so it has probably changed since then. There could be more than one attacker, but I am not entirely sure.

The IP of my servers being attacked is:
118.127.17.234

We know that the person involved owns a hacking website (which I will send you the link to in a PM drunken_fool)

Also some how he is getting access to our console and sometimes spams our server with the URL of his website. We have tried changing the RCON password, but no avail. There must be a major breach in CS:S somewhere that this person is exploiting.

[Drunken F00l]

You didn't answer my major questions. What is the attacker doing? What is making you think you are being attacked?

[bobbobagan]

We decided to change hosts, because our old host wasn't doing much about the attack. We moved to Hypernia, but they too can't do much.

What is the attacker doing?

He is basically lagging the server. When you try and play, you lag (or basically teleport) around the map. This is a message I received from my host (Hypernia) about the attack:

I am not seeing anything out of the ordinary on the .51 server. The DOS is probably taking advantage of game bugs and it's near impossible for us to block this sort of attack. The best tools you have are VAC and banning them. If you find any mods that may help prevent them crashing the server, we'd be happy to assist in setting that up.

The problem is it's not really an attack on the machine, just the individual game server, so traditional DDOS protection on the network is nearly useless detecting it and stopping it. Typically game DOSes send slightly malformed game data packets which the game server accepts but then later causes it to crash or lag out. It's extremely difficult to detect or block this kind of attack from the network side. Packet dumps of just data going to your server might not help either, as a few malformed packets out of millions would be impossible to locate.

Your best bet might be the mod community and game admin community who may have more relevant advice for your specific game.

What is making you think you are being attacked?

It is very clear we are being attacked because only specific servers are being attacked. Some of our other servers are left untouched, but our most popular ones are being attacked with this lag.

[Adder]

If they are CS:S servers, I remember that one way to lag/crash a server was to set up a script that would spam timeleft/nextmap in console and overload the server, you might have people doing that.

[bobbobagan]

lol... no. We already have measures put in place for this, and it is a completely different type of lag. Plus it still happens when nobody is in game.

[Drunken F00l]

What your provider said is correct. If there is no ordinary traffic on the network, they are exploiting some game bug and there is nothing they can do for you.