|
You last visited: Today at 18:14
Advertisement
Private servers are being ddosed!
Discussion on Private servers are being ddosed! within the CO2 Private Server forum part of the Conquer Online 2 category.
05/22/2012, 17:08
|
#1
|
elite*gold: 0 
Join Date: Mar 2012
Posts: 9
Received Thanks: 0
|
Private servers are being ddosed!
Hello,
My Conquer private server is DDOsed / attacked.
I've changed my dedicated host with a new one and they couldn't stop the attacks.
I've talked with different pserver owners and they are in the same situation , attacked by the same guy.
Does anyone knows who's that guy(if someone was attacked by him) or what kind of methods for protecting shall I use?
I can't stop him ...skids..
Thanks
|
|
|
|
05/22/2012, 17:13
|
#2
|
elite*gold: 0
Join Date: May 2008
Posts: 1,769
Received Thanks: 1,143
|
It'd probably be pretty easy to "DDoS" a conquer server. Hell, you could just write a basic bot to flood the server with database queries and thus lag it until everyone DCs or it crashes.
If your host is a linux server, you can probably use iptables to filter out and block the IPs he's using for the "DDoS".
Edit: Lol, Linux server. We're talking about a hosted Conquer server here, it's most likely Windows. Disregard that.
|
|
|
|
|
05/22/2012, 17:15
|
#3
|
elite*gold: 0
Join Date: Mar 2012
Posts: 9
Received Thanks: 0
|
My host is using window server and I can't see his ip , I'm just seeing in event viewer , packets , udp flood , Source  DCon , I've blocked all udp connections,ports and it didn't worked.
This is the 3rd host , I must change it in order to get a stable one but I won't find ..I need to block him.
|
|
|
|
|
05/22/2012, 17:20
|
#4
|
elite*gold: 0
Join Date: May 2008
Posts: 1,769
Received Thanks: 1,143
|
Quote:
Originally Posted by Irinaa
My host is using window server and I can't see his ip , I'm just seeing in event viewer , packets , udp flood , Source DCon , I've blocked all udp connections,ports and it didn't worked.
This is the 3rd host , I must change it in order to get a stable one but I won't find ..I need to block him. |
Obviously if he's getting the IP of your host so quickly it's either someone you know, or you're posting your details in places they don't need to be posted.
Contact your host and file a complaint, they'll know what to do to stop it. Depending on the host, they may be able to simply block the IPs on their end. It's logically impossible that they don't have logs of incoming/outgoing connections. Frankly, I'm surprised they haven't contacted you or discontinued your account. Most hosting companies will not host someone who is frequently the target of "DoS" or "DDoS" attacks, anyway.
|
|
|
|
|
05/22/2012, 17:23
|
#5
|
elite*gold: 0
Join Date: Mar 2012
Posts: 9
Received Thanks: 0
|
Since the guy told me he was an old player, he's getting the ip so easy because the link is on forum for making an account and there's also server.dat
The company didn't helped me and as I said in incoming I only see he's seding packets to the ip and port of the server . and the source is DDCon , so there's no ip
|
|
|
|
|
05/22/2012, 17:25
|
#6
|
elite*gold: 0
Join Date: May 2008
Posts: 1,769
Received Thanks: 1,143
|
Quote:
Originally Posted by Irinaa
Since the guy told me he was an old player, he's getting the ip so easy because the link is on forum for making an account and there's also server.dat
The company didn't helped me and as I said in incoming I only see he's seding packets to the ip and port of the server . and the source is DDCon , so there's no ip
|
Well then, turn off the server, go make some tea, and wait it out.
|
|
|
|
|
05/22/2012, 17:25
|
#7
|
elite*gold: 0
Join Date: Jan 2009
Posts: 586
Received Thanks: 336
|
kratos? xD
|
|
|
|
|
05/22/2012, 17:26
|
#8
|
elite*gold: 0
Join Date: Mar 2012
Posts: 9
Received Thanks: 0
|
Quote:
Originally Posted by Zeroxelli
Well then, turn off the server, go make some tea, and wait it out.
|
This is something serious , I've paid for a lot of hosts and what I'm asking is some help and ..you're telling me to make a tea..thanks
|
|
|
|
|
05/22/2012, 17:27
|
#9
|
elite*gold: 0
Join Date: May 2008
Posts: 1,769
Received Thanks: 1,143
|
Quote:
Originally Posted by Irinaa
This is something serious , I've paid for a lot of hosts and what I'm asking is some help and ..you're telling me to make a tea..thanks
|
If it's really a DDoS attack and your hosting won't help you, there's not much you can do. I wish there were some simple answer to give, but there's none that I know of. Sorry about that.
|
|
|
|
|
05/22/2012, 17:29
|
#10
|
elite*gold: 0
Join Date: Mar 2012
Posts: 9
Received Thanks: 0
|
The event viewer says : UDP FLOOD ATTACK
|
|
|
|
|
05/22/2012, 17:34
|
#11
|
elite*gold: 0
Join Date: May 2008
Posts: 1,769
Received Thanks: 1,143
|
Go to your firewall/server administration and close all your ports as well as deny all incoming connections (UPD and TCP both.) And wait a while. Depending on the type of attack, it may die out if it thinks the machine has gone offline. But, the reality is, with DDoS attacks you just can't do much without the help of the hosting company or access to their security settings yourself.
|
|
|
|
|
05/22/2012, 17:46
|
#12
|
elite*gold: 21
Join Date: Jul 2005
Posts: 9,193
Received Thanks: 5,380
|
That's the whole point of DOS attacks (sounds to me like it's a single or few attackers so it's not a distributed attack). They are notoriously difficult to prevent and generally requires hardware based protection (fancy routers and such combined with internal software and fiirewalls).
Let me be clear though... are they doing their "attack" to your conquer server port? or are they using some other method (ping, web requests, etc).
If it's conquer related then you can write some protection into your source (after X connections within short period, don't accept from that ip). It will help slightly but there's still processing required to refuse their connection so if it's a distributed attack it could still cripple you.
If it's NOT conquer related and you've taken the normal steps (do not allow ping requests for example) then you're probably down to looking into hardware/hosting solutions.
Some companies will offer DDOS protection plans. I'd suggest looking into a few of these and finding which ones work best for you.
|
|
|
|
|
05/22/2012, 20:09
|
#13
|
elite*gold: 0
Join Date: Aug 2007
Posts: 1,525
Received Thanks: 230
|
well i was checking sites About DDos Protection and i found that
|
|
|
|
|
05/22/2012, 21:42
|
#14
|
elite*gold: 0
Join Date: Aug 2009
Posts: 49
Received Thanks: 3
|
Quote:
Originally Posted by shadowman123
well i was checking sites About DDos Protection and i found that
|
that is for freebsd, unix systems.
'
I'll answer once for all. i'm the one who flooded 2 weeks ago CO oficial. i can prove.As DDOS flooder, from my expenrience are 2 ways to stop flood.
1. hide your ip(exist some whost when u dns them they dont give ip, but u can connect on them)
2. filter your ip (provider/networks admin can filter your ip port, flood come on one port for exemple port 53/80/115/443...etc, or can come on random port flooder setup port 0 (it come more packs on diferit ports).
u cant stop alone flood even if u use windows or unix. provider network admin can do it, but u may cant use some ports, internet will go slower.
depend who flood u, what way he do it, how he do it, what kind of flood he use and what power he have. if he have over 50MB/s upload on linux server (one or more servers) and he use juno (juno send death packets, some times can go over filtred ports) your provider can do only one thing to close your ip.
|
|
|
|
|
05/22/2012, 22:38
|
#15
|
elite*gold: 12
Join Date: Jul 2011
Posts: 8,282
Received Thanks: 4,191
|
Try this out for me:
|
|
|
|
All times are GMT +1. The time now is 18:15.
|
|
