"Gatewayserver" is underattack

04/23/2013 10:07 unforgiven78#1
Hello

I believe this is a DDOS attack against my server, Take a look yourself:

First i get this error from "Gatewayserver"

[Only registered and activated users can see links. Click Here To Register...]

Then,
"SMC" service becomes "Red" and everytime i click "start service" it becomes "Red" again in 2 seconds

[Only registered and activated users can see links. Click Here To Register...]

I tried to replace "Gatewayserver.exe" with another one but it didn't work
Please help, tell me what to do?

Thank you
04/23/2013 10:30 Kape7#2
Close the SMC when that happens and check if keeps happening on the gateway, that msg is a patch preparation msg sent from the SMC.
I assume you have globalmanager port closed.
04/23/2013 10:41 unforgiven78#3
Quote:
Originally Posted by Synx7 View Post
Close the SMC when that happens and check if keeps happening on the gateway, that msg is a patch preparation msg sent from the SMC.
I assume you have globalmanager port closed.
It happens while SMC is closed, i'm using win server 2008 r2 it is allowed for all necessary ports to connect. my server has been running well for a longtime i don't know why this happens now?!
04/23/2013 17:02 Wayne3#4
Block the IP of the attacker.
04/23/2013 17:33 unforgiven78#5
Quote:
Originally Posted by Wayne3 View Post
Block the IP of the attacker.
Well it's a temporary solution, he would not mind change his IP and attack again. i got his msg:

"Hey ** .. i'll keep attacking ur game and make it Check 24/7 .. so let's make a deal when u come back .. and i hope when u read my msg u will remsg me .. if u care about ur game"

thank you
04/23/2013 18:43 Wayne3#6
Thats true. Where did you got the message?
04/24/2013 00:16 Schickl#7
1.perfmon(.exe) and monitor traffic
2.find out the port this guy obviously uses
3.close port(firewall ya know)
4.????
5.profit
04/25/2013 00:11 royalblade#8
easiest and most complete way to fix is replace the vsro gateway with the black rogue gateway.

[Only registered and activated users can see links. Click Here To Register...]

Click the first link and follow the tutorial :)
No advertisment intended
05/02/2013 22:55 InPanic Kev#9
With blackrouge you will have the same problem ;) if you dont belive i can close your gateway server ^^

add me on Skype : ip-kev

maybe i can help you ;)
05/03/2013 09:36 Ninja_Stylez#10
Haha that one is easy... someone is using srDos_2.exe against you. To fix it you need new gateway server, which usually fucks up auto-update so you will have to use 2 gateway servers. One for updates only (just switching them for 1-2 mins to make the auto update then u run the fixed one again). The exploit itself is sending packets that SMC sends for auto-update which makes GW close.