DDOSing Report

Discussion in 'Community Discussion' started by AuriusPheonix, May 3, 2019.

  1. AuriusPheonix

    AuriusPheonix

    Posts:
    8
    Likes Received:
    0
    Alrighty, so this is never pleasant, but it has to be done. I don't know the culprit, though if I can find out I will be returning to deliver that information, however there has recently been a huge increase in DDOS attacks across multiple servers in the NA region. AOD servers have been hit numerous times, as well as tR's Deathstar server. I'm not sure if it's possible to do something about it, but it has started to become a real nuisance.
     
  2. CoM.XA

    CoM.XA

    Posts:
    4
    Likes Received:
    0
    cant even play at this point
     
  3. Unamused Kanye

    Unamused Kanye

    Posts:
    67
    Likes Received:
    37
    I am afraid w o w has evolved into a force we can no longer stop...
     
    AuriusPheonix and Bob-Billy like this.
  4. CoM.XA

    CoM.XA

    Posts:
    4
    Likes Received:
    0
    nah w o w the homie
     
  5. Caelum

    Caelum Donator

    Posts:
    23
    Likes Received:
    47
    We (JKA.io) have been seeing several hundred filtered DDoS attempts over the past several days on servers we host, it seems to be a JKA-wide thing targeting essentially any server on any mod that gets a meaningful amount of players.

    The actual DDoS is fairly simple, and trivial for us to filter, we've seen hundreds like it in the past. Since we offer (real) DDoS protection and servers we host are immune, you'll be able to play on these servers uninterrupted when this happens, for what it's worth:

    in NA:
    • Owe's Bedroom{RTV/RTM} - North America • 198.50.210.67:29070
    in EU:
    • {BG}Server[OPEN] • 54.37.94.229:29070
    • TIN | HQ • 54.37.94.207:29070
    • TIN | Duel • 54.37.94.226:29070
    • TIN | FA Fun • 54.37.94.205:29070
    • Battlegrounds of Delaware • 54.37.94.202:29070
    • [Legacy] Lyceum • 54.37.94.193:29070
    • [Cult:Arena] • 54.37.94.210:29070
    • 'GJO| Duel./[RTV] • 54.37.94.206:29070
    • TIN | Classic DotF • 54.37.94.232:29070
     
    Last edited: May 4, 2019
    Bare Jon likes this.
  6. isair

    isair Donator

    Posts:
    49
    Likes Received:
    87
    It is indeed a proper DDoS tailored specifically for JA servers. My knowledge of Quake engine games are limited but the packets look like they could apply to those as well. Filtered DDoS attempts seem to be in the thousands though. Here is a partial screenshot of the firewall rules statistics from one of the least busy servers I host. The first column is the number of packets. The third column is whether it is for dropped packets (to protect the server) or accepted ones. Each pair of two rows is for one type of game packet we specifically watch out for.
    [​IMG]
     
  7. Encritary

    Encritary

    Posts:
    103
    Likes Received:
    64
    By the way, ad.ppl.Opens have DDoS-protection too, but it wasn't tested on the production yet.
     
  8. nullb

    nullb

    Posts:
    15
    Likes Received:
    6
    Can somebody share the iptables rules required to drop these bad packets? I'd just like my servers in Australia to stop lagging
    It's not volumetric or a known attack type as I have in-line 40GE scrubbers, it's something customer tailored to Q3.

    Which should be reported to OpenJK on git so it can be patched and the iptables rules shared so we can all block it and move on...

    I'm currently away or I'd debug it, patch it and share it myself.
     
  9. isair

    isair Donator

    Posts:
    49
    Likes Received:
    87
    I'd be happy to share via private messages. Do shoot one my way.
     
  10. nullb

    nullb

    Posts:
    15
    Likes Received:
    6
    Cheers sent one you way :)
     
  11. Unamused Kanye

    Unamused Kanye

    Posts:
    67
    Likes Received:
    37
    I knew BlueFangSolutions was a hack when I saw they charged you extra for uploading and enabling rtv and JKA mods (that means you pay extra to run MB2 and server add-ons). Extra charge PER MONTH (Something they didn't used to do, and if you've ever dealt with hosting servers, you know that is a completely arbitrary up-charge. akin to Telecom companies charging you a 'service fee' on your equipment, as opposed to being allowed to upload the files on your own and change command lines your self, which, again, isn't hard to do if you've dealt with server hosting. Instead, you have to pay each time you want to say... switch your JA+ server to a MB2 server. Which is bullshit.

    And they don't even have DDoS protection. (Also something I noticed some time ago.)

    Also, time to get the tinfoil hats out... What if Disney is behind the JKA DDoS attacks? I find it hard to believe that someone would have so much hate, not to mention time and money on their hands to be doing this as frequently as they are.
     
    Last edited: May 4, 2019
    Caelum likes this.
  12. Defiant

    Defiant Project Leader Movie Battles II Team Code Leader

    Posts:
    618
    Likes Received:
    760
    To be fair, especially for JKA mods since your running native code that doesn't come with any guarantee that it doesn't do anything bad, the hosting companies do take on a tonne of risk. Depending on how they're set up it can put other customers service at risk and take more administrators time to mitigate/monitor. If they actually bother with that is another question - but if they do then charging more for the extra work it causes seems fair.
     
  13. Unamused Kanye

    Unamused Kanye

    Posts:
    67
    Likes Received:
    37
    So are you saying someone who really knows what they're doing could use their MB2 server to disrupt other servers on its network?
     
  14. Spaghetti

    Spaghetti cable wrangler Movie Battles II Team Retired

    Posts:
    843
    Likes Received:
    807
    Essentially, but it's not really about MB2 servers. Any service that lets you upload arbitrary executable code has the risk Defiant is highlighting. Even if they prevent direct shell access, as long as you're allowed to upload a library that the server executable loads, they could potentially get shell access and from there it's down to whatever other security mitigations are in place. So there is a justification for a managed service to babysit mods and charge for maintaining them across updates.
     
  15. isair

    isair Donator

    Posts:
    49
    Likes Received:
    87
    Pretty much. This is exactly why I containerise, and probably any other modern hosting provider does as well.
     
  16. Defiant

    Defiant Project Leader Movie Battles II Team Code Leader

    Posts:
    618
    Likes Received:
    760
    But when your talking about a hosting company that has been hosting a game for 15 years, they probably don't put resources towards doing such things to old games.
     
  17. Puppytine

    Puppytine Slayed dreamer

    Posts:
    2,105
    Likes Received:
    1,338
    If you believe that BlueFang doesn't do a good job, that they ripping you off and the services they provide aren't worth the money BlueFang does want for them, buy a VPS and do everything in your way.
     
  18. isair

    isair Donator

    Posts:
    49
    Likes Received:
    87
    I'll trust that they did the math to see if it's worth it, but this is usually the kind of thing that slowly kills a tech company.
     

Share This Page