Login

bob7 · 08-26-2011, 04:24 AM

I have been attacked by someone who knows how to crash my server.

He managed to do this 4 times till now.

What to do in order to secure my server from his hands??

PLEASE!!! IT'S EMERGENCY!!!!!!

Here is a screenshot that this guy send to me:

https://pithos.grnet.gr/pithos/rest/chem2866@upatras.gr/files/scrlll.jpg

I searched the logs but i didn't find anything... Sad

HELP ME!!!!

loopyman · (This post was last modified: 08-26-2011, 04:27 AM by loopyman.)

Lots of people recommend http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9

bob7 · 08-26-2011, 06:51 AM

(08-26-2011, 04:26 AM)loopyman Wrote:

Lots of people recommend http://www.sourceop.com/modules.php?name=Downloads&d_op=viewdownload&cid=9

When the server was going to crash, I managed to see this SPAMMING MESSAGE at console, just before crashed:

Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files
Socket ProcessAccept Error: Too many open files

BehaartesEtwas · 08-26-2011, 04:52 PM

try installing zblock, that should prevent such hacking.

Cyba_Mephisto · 08-27-2011, 03:02 AM

Problem is that this is a public server with 32 slots. Afair zblock eats too much ressources in this case.
(I know about his servers because he contacted me.)

BehaartesEtwas · 08-27-2011, 06:23 PM

if have zblock running on my public servers, the bigger one has "only" 22 slots, but I see absolutely no performance impact. you have to run zblock in public server mode of course...

bob7 · (This post was last modified: 08-28-2011, 12:41 AM by bob7.)

zblock is not always a solution.

Besides from not having it for above-10-slot servers (non-private ones) due to performance issues (more server fps drops), is zblock compatible with tf2 servers?

Zblock can't be installed to a tf2 server, I think.

BehaartesEtwas · 08-28-2011, 08:04 PM

(08-28-2011, 12:40 AM)bob7 Wrote: Zblock can't be installed to a tf2 server, I think.

ah, you might be right. but that is the only valid argument against it ;-)

but there are other plugins to block those so-called DoS or DDoS attacks (which are in fact not really such attacks). if you are running sourcemod you might try finding a sourcemod plugin for this (I forgot its name).

Cyba_Mephisto · 08-29-2011, 12:29 AM

Yeah, we tried them all out and kept them installed, but they don't fix syn-flooding. We had to manually block that with the iptables.

MIG · 08-29-2011, 08:25 PM

(08-29-2011, 12:29 AM)Cyba_Mephisto Wrote: Yeah, we tried them all out and kept them installed, but they don't fix syn-flooding. We had to manually block that with the iptables.

You can't syn flood a source game because it uses UDP game data syn-flooding is a TCP based attack, you can syn-flood the rcon port so block rcon in IP tables for all other IP other than your own.

I had problems with getting DDOSed aswell and it is very hard to block because faking source IPs with UDP is very easy to do, other attacks i have seen are reflective DDoS attack that are virtual impossible to block.

Cyba_Mephisto · 08-31-2011, 05:39 AM

(08-29-2011, 08:25 PM)MIG Wrote: You can't syn flood a source game because it uses UDP game data syn-flooding is a TCP based attack, you can syn-flood the rcon port so block rcon in IP tables for all other IP other than your own.

That's what I meant. But he insists on using rcon. Rolleyes

We changed the rcon-port now and set up a few rules against portscanning and syn-flooding and thx to the pseudohackers the servers are fine for now.

Mike · 08-31-2011, 04:24 PM

Well, you could post the iptables rules on here to help others with the same problem.. Just sayin'

Login
Username:
Password:	Lost Password?
	Remember me