thankyou
Donate to the B3 fund!

"even a small donation helps!"
Donate with PayPal!
January Donations
MordyT USD25.00

Author Topic: How to block DDoS Attacks from COD4 Servers?  (Read 11259 times)

Offline johnvaldetine

  • Full Member
  • ***
  • Posts: 75
How to block DDoS Attacks from COD4 Servers?
« on: July 28, 2012, 11:12:26 AM »
http://b1207.hizliresim.com/z/w/b5krd.jpg

Yesterday, DDoS Attack was done to one of our COD4 servers. I read a topic in this forum about blocked to DDoS Attack but i dont understand correctly. Who can help me ? Please, tell me step by step what i will do..

Thanks.

p.s.: Maybe it's not DDoS attack, but i think it's DDoS. If it's not, please tell me. We can't BAN or KICK these players from server, because they were in connecting, not connected to server.

I'm waiting to your replies..

Offline 82ndAB.Bravo17

  • Dev. Team
  • Hero Member
  • *
  • Posts: 2640
Re: How to block DDoS Attacks from COD4 Servers?
« Reply #1 on: July 28, 2012, 02:21:01 PM »
You need to look in the log files for the ip of the phantom players and then ban the ip in your firewall.

You could also try banning the IP in Punkbuster, but I am not sure if they ever get connected enough for that to work.

Offline johnvaldetine

  • Full Member
  • ***
  • Posts: 75
Re: How to block DDoS Attacks from COD4 Servers?
« Reply #2 on: July 28, 2012, 02:40:44 PM »
Thanks for reply.

I saw a topic about it. It is http://forum.bigbrotherbot.net/cod4/important-pactch-for-cod4-servers/ , but our servers were cracked. Is this DDoS patch working at our servers? (is it working with cracked servers ?)

Thanks.

Offline Courgette

  • Senior Dev.
  • Hero Member
  • *
  • Posts: 4883
    • Github repository
Re: How to block DDoS Attacks from COD4 Servers?
« Reply #3 on: July 28, 2012, 02:51:56 PM »
Hi,

We don't like to see topics about cracked servers / games on those forums.

The B3 staff discourages anyone from running cracked servers / games and we do not provide support for such configurations.

If you have issues with your cracked servers, seek for support from whoever gave your that crack. This is definitely not the place for such a conversation.

Offline johnvaldetine

  • Full Member
  • ***
  • Posts: 75
Re: How to block DDoS Attacks from COD4 Servers?
« Reply #4 on: July 28, 2012, 03:51:43 PM »
Hi,

We don't like to see topics about cracked servers / games on those forums.

The B3 staff discourages anyone from running cracked servers / games and we do not provide support for such configurations.

If you have issues with your cracked servers, seek for support from whoever gave your that crack. This is definitely not the place for such a conversation.

Firstly, i'm so sorry for my post. I said wrong my previous post. All of our servers is not cracked. Only 1 server was cracked because of using funny MOD.

I found how noobs attack to servers like this problem. It's called Fake Players. (i have installion&tutorial link, but i dont write here.)

Please, COD4 Admins solve and fix this problem. I cant send private message on this forum, please contact me on xfire. (XF: johnvaldetine)

Offline 82ndAB.Bravo17

  • Dev. Team
  • Hero Member
  • *
  • Posts: 2640
Re: How to block DDoS Attacks from COD4 Servers?
« Reply #5 on: July 28, 2012, 05:12:17 PM »
This is a COD4 problem, not a B3 issue, so you would need to seek any further info in a forum dealing with COD4.

Offline MordyT

  • Support Hero
  • Hero Member
  • *
  • Posts: 3644
  • Over $300 Donated to B3!
    • MordyT
Re: How to block DDoS Attacks from COD4 Servers?
« Reply #6 on: July 30, 2012, 07:10:54 PM »
The solution we found (this is for future reference for non cracked server owners) is to issue a "status" command via rcon, grab the GUID, then ban with pb (by GUID). Time consuming, yes. Possible to bypass, yes (keep buying new keys my friend), but in the end of the day (less then a week on my servers) the issue was fixed.
Help will be given to those with a b3.log

If drop off the map it is due to RL becoming busy :)

System: Python 2.7.3 - Deb 7 - B3 Source Code - 128MB RAM box (rented at $5 a year) - remote MySQL - Remote Web Services

Offline Miramar

  • Sr. Member
  • ****
  • Posts: 200
Re: How to block DDoS Attacks from COD4 Servers?
« Reply #7 on: August 01, 2012, 03:25:01 PM »
nice idea... but...
i guess the attackers are doing this shit with some rcon tools... and not ingame?
so there is no guid you can ban...

Offline MordyT

  • Support Hero
  • Hero Member
  • *
  • Posts: 3644
  • Over $300 Donated to B3!
    • MordyT
Re: How to block DDoS Attacks from COD4 Servers?
« Reply #8 on: August 01, 2012, 08:41:25 PM »
nice idea... but...
i guess the attackers are doing this shit with some rcon tools... and not ingame?
so there is no guid you can ban...
The GUID is still present via standard RCON. PB doesn't see it and neither does B3, only a RCON tool can see it with the status command.
Help will be given to those with a b3.log

If drop off the map it is due to RL becoming busy :)

System: Python 2.7.3 - Deb 7 - B3 Source Code - 128MB RAM box (rented at $5 a year) - remote MySQL - Remote Web Services

Offline Freelander

  • XLRstats dev.
  • Dev. Team
  • Hero Member
  • *
  • Posts: 1000
Re: How to block DDoS Attacks from COD4 Servers?
« Reply #9 on: August 02, 2012, 09:08:06 AM »
only a RCON tool can see it with the status command.

You mean ingame rcon? Cos B3 sends the status command to the server continuously like any other rcon tool.

Offline johnvaldetine

  • Full Member
  • ***
  • Posts: 75
Re: How to block DDoS Attacks from COD4 Servers?
« Reply #10 on: August 02, 2012, 09:48:37 AM »
The GUID is still present via standard RCON. PB doesn't see it and neither does B3, only a RCON tool can see it with the status command.

MordyT, we are testing on our servers for blocking from attacks, we almost solved to attacks. Firstly, your idea is good, but isn't working. Because, Attack bots are connecting (!!) to servers, not connected. I have this attack program and it was coded for seem only CONNECTING on servers. The other attack programs are connected to servers , joined a team and shooted someone than exit :) If attack bots connected to servers, we will see their guid and ban via punkbuster. We can see only their IPs , every IP is the same.

Our solving is about RATE setting. Attack bots have "1500 rate" and real players have "25000". Admin can check to rate for connecting players via punkbuster and set to forbidden "Rate 1500".

John.

Offline MordyT

  • Support Hero
  • Hero Member
  • *
  • Posts: 3644
  • Over $300 Donated to B3!
    • MordyT
Re: How to block DDoS Attacks from COD4 Servers?
« Reply #11 on: August 02, 2012, 05:50:11 PM »
You mean ingame rcon? Cos B3 sends the status command to the server continuously like any other rcon tool.
I can't seem to get the info from in-game rcon for some reason. HLSW does show it though.

MordyT, we are testing on our servers for blocking from attacks, we almost solved to attacks. Firstly, your idea is good, but isn't working. Because, Attack bots are connecting (!!) to servers, not connected. I have this attack program and it was coded for seem only CONNECTING on servers. The other attack programs are connected to servers , joined a team and shooted someone than exit :) If attack bots connected to servers, we will see their guid and ban via punkbuster. We can see only their IPs , every IP is the same.

Our solving is about RATE setting. Attack bots have "1500 rate" and real players have "25000". Admin can check to rate for connecting players via punkbuster and set to forbidden "Rate 1500".

John.
I would love to know your punkbuster code..

Also, I would love to demonstrate our method to you if you would like on our servers.
Help will be given to those with a b3.log

If drop off the map it is due to RL becoming busy :)

System: Python 2.7.3 - Deb 7 - B3 Source Code - 128MB RAM box (rented at $5 a year) - remote MySQL - Remote Web Services

Offline johnvaldetine

  • Full Member
  • ***
  • Posts: 75
Re: How to block DDoS Attacks from COD4 Servers?
« Reply #12 on: August 03, 2012, 08:39:38 AM »
I can't seem to get the info from in-game rcon for some reason. HLSW does show it though.
I would love to know your punkbuster code..

Also, I would love to demonstrate our method to you if you would like on our servers.

Please, give me your Xfire. Sharing is the best way to learn ;)

Offline Mariodu62

  • Sr. Member
  • ****
  • Posts: 466
Re: How to block DDoS Attacks from COD4 Servers?
« Reply #13 on: August 03, 2012, 08:55:33 AM »
usually the attack is done by a port different that the game port... (28960)

So when we are under attack we block all ports with the firewall except game port 28960..

We loose tracking and so on but we can play...

Offline johnvaldetine

  • Full Member
  • ***
  • Posts: 75
Re: How to block DDoS Attacks from COD4 Servers?
« Reply #14 on: August 03, 2012, 09:35:13 AM »
usually the attack is done by a port different that the game port... (28960)

So when we are under attack we block all ports with the firewall except game port 28960..

We loose tracking and so on but we can play...

It's exact solution, i think. But it's not good like your said. Attack programs have changable port setting, maybe. But, Connection Rate doesn't change and it's stable.

 


Rate this page +1 at Google Search