Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
botnet & zombi attack sphere lag & exploding.
Author Message
G-Defender
Journeyman
*

Posts: 57
Likes Given: 12
Likes Received: 3 in 3 posts
Joined: Dec 2012
Reputation: 0

(uolist.net)

Post: #1
botnet & zombi attack sphere lag & exploding.
Hi sphere 56b and 56c and 56d botnet & zombi attack sphere lag & exploding.
They are using a VPN program. 2000k has a rope entry and exit.
The sphere is flowing like water. It must be a solution.
I use the 56b sphere. How can we fix this problem?

Code:
04:33:1f4:Client connected [Total:1] ('88.236.21.214' 1/1)
21:28:17c:Client disconnected [Total:69] ('88.236.21.214' 1/1)

Logfiles: logs.txt

[Image: kXJY7q.jpg]

images: click.

I am waiting for an answer thank you.

[Image: banner.png]
(This post was last modified: 10-01-2017 12:01 AM by G-Defender.)
10-01-2017 12:00 AM
Visit this user's website Find all posts by this user Like Post Quote this message in a reply
darksun84
Sir Spamalot
****

Posts: 1,687
Likes Given: 246
Likes Received: 162 in 151 posts
Joined: Mar 2012
Reputation: 35



Post: #2
RE: botnet & zombi attack sphere lag & exploding.
Damn I have no idea, can't you block them manually ?
Do you have auto account?
(This post was last modified: 10-01-2017 12:46 AM by darksun84.)
10-01-2017 12:40 AM
Find all posts by this user Like Post Quote this message in a reply
G-Defender
Journeyman
*

Posts: 57
Likes Given: 12
Likes Received: 3 in 3 posts
Joined: Dec 2012
Reputation: 0

(uolist.net)

Post: #3
RE: botnet & zombi attack sphere lag & exploding.
It is not possible to prevent this manually.
No account. ip port connect disconnect.

[Image: banner.png]
10-01-2017 12:51 AM
Visit this user's website Find all posts by this user Like Post Quote this message in a reply
Artyk
Journeyman
*

Posts: 75
Likes Given: 43
Likes Received: 9 in 9 posts
Joined: Sep 2014
Reputation: 0



Post: #4
RE: botnet & zombi attack sphere lag & exploding.
Is the mac address changing too? maybe you can block it from your router/firewall
(This post was last modified: 10-01-2017 12:58 AM by Artyk.)
10-01-2017 12:57 AM
Find all posts by this user Like Post Quote this message in a reply
Kanibal
Master
**

Posts: 255
Likes Given: 6
Likes Received: 30 in 28 posts
Joined: Jun 2012
Reputation: 0



Post: #5
RE: botnet & zombi attack sphere lag & exploding.
Disable build in HTTP server

Grandmaster Localhost Admin
10-01-2017 01:31 AM
Visit this user's website Find all posts by this user Like Post Quote this message in a reply
G-Defender
Journeyman
*

Posts: 57
Likes Given: 12
Likes Received: 3 in 3 posts
Joined: Dec 2012
Reputation: 0

(uolist.net)

Post: #6
RE: botnet & zombi attack sphere lag & exploding.
(10-01-2017 01:31 AM)Kanibal Wrote:  Disable build in HTTP server

Code:
UseHttp=0 // closed.

It's useless.

I need a solution.

[Image: banner.png]
10-01-2017 02:14 AM
Visit this user's website Find all posts by this user Like Post Quote this message in a reply
Heeelp
Apprentice
*

Posts: 20
Likes Given: 7
Likes Received: 1 in 1 posts
Joined: Dec 2014
Reputation: 0



Post: #7
RE: botnet & zombi attack sphere lag & exploding.
And how the hell your server has that many players? xD.

Does those attacks affect the server performance?
10-03-2017 03:03 AM
Find all posts by this user Like Post Quote this message in a reply
G-Defender
Journeyman
*

Posts: 57
Likes Given: 12
Likes Received: 3 in 3 posts
Joined: Dec 2012
Reputation: 0

(uolist.net)

Post: #8
RE: botnet & zombi attack sphere lag & exploding.
Server is constantly lagging.
After a while, the sphere bursts.
It must be a solution.

[Image: banner.png]
10-04-2017 03:28 AM
Visit this user's website Find all posts by this user Like Post Quote this message in a reply
Coruja
Sphere Developer
*****

Posts: 987
Likes Given: 5
Likes Received: 226 in 187 posts
Joined: Jul 2012
Reputation: 7

Dimension Shard

Post: #9
RE: botnet & zombi attack sphere lag & exploding.
question already answered on github, but anyway here's an copy/paste of the text (maybe it could be useful to someone):

Quote:you're under an DDoS attack on layer 7, unfortunately there's nothing we/you can do on sphere-side. To block an DDoS attack you will need an advanced knowledge in network security, and depending on the attack scale you will also need an big $$ to pay anti-DDoS protections

basically, an global network have many layers (1 to 7)
-layer 1: is the infected/attacker PC
-layer 3: is your datacenter
-layer 7: is your application (Sphere)

if connections are reaching your application (layer 7) this means that they passed through all the others layers without being been blocked. So you must block these connections on these others layers to prevent they reach your application. You can't simply block them on Sphere or on the PC firewall, because the PC will keep receiving hundreds of connections per second and will keep wasting CPU/RAM/network to block all these connections. So you will need an external anti-DDoS protection to prevent all these connections to reach your server

if you're lucky, maybe your datacenter can offer an basic anti-DDoS protection for cheap price and this will be enough to block the attack. Or you can move to another datacenter that offer this cheap protection (like OVH). But if the attack is really huge and keep coming 24h/day, you will have to pay an advanced DDoS protection from an anti-DDoS leader company (F5, Incapsula, Arbor, Akamai, etc) for about U$500 ~ U$2000 (per month)

EDIT: on Sphere you can also disable LOGM_CLIENTS_LOG setting on sphere.ini, this will make Sphere not show clients connecting/disconnecting anymore and it will save some CPU because Sphere won't keep freezing writing huge logs at each second. But should not be used as "protection", it will only reduce the attack drawbacks. The best way to mitigate DDoS attacks is using anti-DDoS protections to block the connections before it reach your server
10-04-2017 04:49 AM
Find all posts by this user Like Post Quote this message in a reply
escribano
Journeyman
*

Posts: 170
Likes Given: 16
Likes Received: 32 in 23 posts
Joined: Nov 2012
Reputation: 2

Dragon Shard

Post: #10
RE: botnet & zombi attack sphere lag & exploding.
I've solved this all DDoS attacks to my shard some months ago using MANY different techniques to create a reverse-firewall.


The base idea is this:

1) Your shard should be "hidden" to the internet, so anyone can't even see your server online if your IP it's not released on the whitelist.
2) You need to create a program to "validade the player and send the IP to the server" in a way that the attacker wont detect the firewall connection.
3) You need a second server to "receive" the IP's, so this is the only one server that can be really attacked, but it can be an VPS for abour 5 dollars.
4) You need to have the knowledge about TCP/IP, Sub-Net, CIDR, Firewall and so...
5) You need to create an API to the VPS send the player IP to the firewall release'em


This works only at AWS for now, i could't find any host with the sabe payment politics that could be free 1gb or 1tb of DDoS Traffic!


Hope it helps!
[Image: ddostroyer.png]

UltimaPHP - OpenSource Ultima Online Server v0.1-pre-alpha under development, we need help!
10-05-2017 05:04 AM
Find all posts by this user Like Post Quote this message in a reply
[+] 1 user Likes escribano's post
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)