SphereCommunity
botnet & zombi attack sphere lag & exploding. - Printable Version

+- SphereCommunity (https://forum.spherecommunity.net)
+-- Forum: Sphere 0.56d (/Forum-Sphere-0-56d)
+--- Forum: General Help (/Forum-General-Help)
+--- Thread: botnet & zombi attack sphere lag & exploding. (/Thread-botnet-zombi-attack-sphere-lag-exploding)



botnet & zombi attack sphere lag & exploding. - G-Defender - 10-01-2017 12:00 AM

Hi sphere 56b and 56c and 56d botnet & zombi attack sphere lag & exploding.
They are using a VPN program. 2000k has a rope entry and exit.
The sphere is flowing like water. It must be a solution.
I use the 56b sphere. How can we fix this problem?

Code:
04:33:1f4:Client connected [Total:1] ('88.236.21.214' 1/1)
21:28:17c:Client disconnected [Total:69] ('88.236.21.214' 1/1)

Logfiles: logs.txt

[Image: kXJY7q.jpg]

images: click.

I am waiting for an answer thank you.


RE: botnet & zombi attack sphere lag & exploding. - darksun84 - 10-01-2017 12:40 AM

Damn I have no idea, can't you block them manually ?
Do you have auto account?


RE: botnet & zombi attack sphere lag & exploding. - G-Defender - 10-01-2017 12:51 AM

It is not possible to prevent this manually.
No account. ip port connect disconnect.


RE: botnet & zombi attack sphere lag & exploding. - Artyk - 10-01-2017 12:57 AM

Is the mac address changing too? maybe you can block it from your router/firewall


RE: botnet & zombi attack sphere lag & exploding. - Kanibal - 10-01-2017 01:31 AM

Disable build in HTTP server


RE: botnet & zombi attack sphere lag & exploding. - G-Defender - 10-01-2017 02:14 AM

(10-01-2017 01:31 AM)Kanibal Wrote:  Disable build in HTTP server

Code:
UseHttp=0 // closed.

It's useless.

I need a solution.


RE: botnet & zombi attack sphere lag & exploding. - Heeelp - 10-03-2017 03:03 AM

And how the hell your server has that many players? xD.

Does those attacks affect the server performance?


RE: botnet & zombi attack sphere lag & exploding. - G-Defender - 10-04-2017 03:28 AM

Server is constantly lagging.
After a while, the sphere bursts.
It must be a solution.


RE: botnet & zombi attack sphere lag & exploding. - Coruja - 10-04-2017 04:49 AM

question already answered on github, but anyway here's an copy/paste of the text (maybe it could be useful to someone):

Quote:you're under an DDoS attack on layer 7, unfortunately there's nothing we/you can do on sphere-side. To block an DDoS attack you will need an advanced knowledge in network security, and depending on the attack scale you will also need an big $$ to pay anti-DDoS protections

basically, an global network have many layers (1 to 7)
-layer 1: is the infected/attacker PC
-layer 3: is your datacenter
-layer 7: is your application (Sphere)

if connections are reaching your application (layer 7) this means that they passed through all the others layers without being been blocked. So you must block these connections on these others layers to prevent they reach your application. You can't simply block them on Sphere or on the PC firewall, because the PC will keep receiving hundreds of connections per second and will keep wasting CPU/RAM/network to block all these connections. So you will need an external anti-DDoS protection to prevent all these connections to reach your server

if you're lucky, maybe your datacenter can offer an basic anti-DDoS protection for cheap price and this will be enough to block the attack. Or you can move to another datacenter that offer this cheap protection (like OVH). But if the attack is really huge and keep coming 24h/day, you will have to pay an advanced DDoS protection from an anti-DDoS leader company (F5, Incapsula, Arbor, Akamai, etc) for about U$500 ~ U$2000 (per month)

EDIT: on Sphere you can also disable LOGM_CLIENTS_LOG setting on sphere.ini, this will make Sphere not show clients connecting/disconnecting anymore and it will save some CPU because Sphere won't keep freezing writing huge logs at each second. But should not be used as "protection", it will only reduce the attack drawbacks. The best way to mitigate DDoS attacks is using anti-DDoS protections to block the connections before it reach your server



RE: botnet & zombi attack sphere lag & exploding. - escribano - 10-05-2017 05:04 AM

I've solved this all DDoS attacks to my shard some months ago using MANY different techniques to create a reverse-firewall.


The base idea is this:

1) Your shard should be "hidden" to the internet, so anyone can't even see your server online if your IP it's not released on the whitelist.
2) You need to create a program to "validade the player and send the IP to the server" in a way that the attacker wont detect the firewall connection.
3) You need a second server to "receive" the IP's, so this is the only one server that can be really attacked, but it can be an VPS for abour 5 dollars.
4) You need to have the knowledge about TCP/IP, Sub-Net, CIDR, Firewall and so...
5) You need to create an API to the VPS send the player IP to the firewall release'em


This works only at AWS for now, i could't find any host with the sabe payment politics that could be free 1gb or 1tb of DDoS Traffic!


Hope it helps!
[Image: ddostroyer.png]