Raised This Month: $51 Target: $400
 12% 

New ddos attack


Post New Thread Reply   
AlliedModders Forum Index > AMX Mod X > Scripting > Scripting Help
Page 3 of 3 12 3
 
Thread Tools Display Modes
EFFx
Veteran Member
EFFx's Avatar
Join Date: Feb 2016
Location: São Paulo, Brasil
Old 01-01-2017 , 14:26   Re: New ddos attack
Reply With Quote #21
We have a needy in our forum that wants attention f*cking with the servers of others? Hahahaha
Lets get girls my friend, virgin
__________________
• Ranking System • AutoMix 5vs5 System
• Web Ban System • Plugins for free
____________________________________________
For private works:
• Discord: EFFEXo#8850 • Steam: EFFEXo
EFFx is offline
DJEarthQuake
Veteran Member
DJEarthQuake's Avatar
Join Date: Jan 2014
Location: Astral planes
Old 06-14-2020 , 12:21   Re: New ddos attack
Reply With Quote #22
Fail2ban helps. Malformed packets can be tagged for later control.

server.cfg
Default hlds settings.
//max_queries_sec : 3
//max_queries_sec_global : 30
//max_queries_window : 60

More sensitive
max_queries_sec 2
max_queries_sec_global 15
max_queries_window 30

Easy test.
Refresh server a bunch of times one will see "...was blocked for exceeding rate limits"


/etc/fail2ban/filter.d/gearbox.conf
Code:
# Fail2Ban filter for ddos for GoldSrc
#
#

[Definition]

failregex = : Traffic from <HOST>:(\d{1,5}) was blocked for exceeding rate limits

ignoreregex =

[Init]

datepattern = %%m/%%d/%%Y - %%H:%%M:%%S

# Author: SPiNX March 2020

jail.local
Code:
[hlds-ddos]
enabled = true
maxretry = 50
findtime  = 100
bantime = 900
logpath = /var/log/messages
tcpport = 27005,27015,27016,27017,27018,27019,27020.27030
udpport = 27005,27015,27016,27017,27018,27019,27020,27030
action  = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
           %(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]

[gearbox]
enabled = true
maxretry = 2
bantime = 1800
findtime  = 10
logpath = /home/TUT/Steam/steamapps/common/Half-Life/cstrike/qconsole.log
		  /home/TUT/Steam/steamapps/common/Half-Life/dod/qconsole.log
		  /home/TUT/Steam/steamapps/common/Half-Life/gearbox/qconsole.log

banaction = %(banaction_allports)s
Be sure to pay attention to or rotate qconsole.log it gets big fast.
https://developer.valvesoftware.com/...d_Line_Options
-condebug - Stores console output to "Half-Life\qconsole.log".

fail2ban-client status
Code:
Status
|- Number of jail:	6
`- Jail list:	gearbox, hlds-ddos, nginx-botsearch, nginx-http-auth, nginx-limit-req, sshd
Nobody even bothers anymore. Earlier this year it was very active banning bad guys.

fail2ban-client status hlds-ddos
Code:
Status for the jail: hlds-ddos
|- Filter
|  |- Currently failed:	3
|  |- Total failed:	18841
|  `- File list:	/var/log/messages
`- Actions
   |- Currently banned:	0
   |- Total banned:	0
   `- Banned IP list:
__________________
DJEarthQuake is offline
Reply
AlliedModders Forum Index > AMX Mod X > Scripting > Scripting Help
Page 3 of 3 12 3

« Previous Thread | Next Thread »


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 19:20.

DMCA - Archive - Top

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode