Someone attacks my server

Discussion in 'Bukkit Help' started by Mineria, Apr 22, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    Mineria

    Hey,
    someone is attacking my server right now,
    he crashes it in few seconds...

    any help please?

    running bukkit on CentOS.

    need a firewall rull or something, this guy is using a vpn ...
     
  2. Offline

    Phil3004

    Firewall Rule wont help.

    Just Sayin

    Block repated Commands maybe he uses this to Spam the Server to death.
     
  3. Offline

    andrewpo

    Most useless post ever.


    There's not much you can do to mitigate a DDoS attack, but you can relieve the symptoms slightly - your firewall will still need to process each request it gets.

    What exactly is happening (your explanation is a bit ambiguous)? What type of server are you using (Hosted by a minecraft server company/VPS/Dedicated server/hosted on the 10 year old metal box under your bed)? What firewall software do you use (e.g. CSF)?
     
  4. Offline

    Phil3004

    Wow what would you expect after so much information, who knows how he is attacking?
    Its not always a DDoS jusr saying.

    Smartass
     
  5. Offline

    andrewpo

    Yes, as you can see I did acknowledge I wasn't sure what type of attack the OP was experiencing - which is conveyed in the pragmatics of "What exactly is happening (your explanation is a bit ambiguous)?"
     
  6. Offline

    Mineria

    Sorry, i'm french, that's why i'm maybe ambiguous ;)

    this guy connect on my server and told me to delete it from a topsite, or he crashes it,
    few seconds after, my VPS is going to use all the RAM available to java, end of streams errors, everybody got disconnected, and isn't available to reconnect.

    i only use iptables, i've no CSF, or Fail2ban at the moment.

    this guy uses hotspot shield to hide IP.

    i think he opens many connections on the 25565 port, TCP ou UDP, i don't know...

    thanks for your help !

    PS : VPS, 2*2.4Ghz Xeon, 4Go RAM + 2Gb burst.
     
  7. Offline

    Evenprime

    Well, if the attacker is using hotspot shield, you could always just set up the firewall to drop all packets coming from hotspot shield ip address ranges. There aren't that many and they are easy to google. (Disadvantage: users that use hotspot shield too won't be able to connect too)

    Because OP states that Java is eventually freaking out, it seem that this is not a DDoS attack that blocks his network with random traffic, but rather an attack that aims directly at the Minecraft server. So blocking that traffic at firewall level may be enough to "fix" problem.
     
  8. Offline

    andrewpo

    Can you work out what IPs/IP ranges these attacks are coming from and ask your VPS host to nullroute them?
     
  9. Offline

    Mineria

    the host attacking seems to be always *.anchorfree.net where * is number.
    i can't block the host from iptables, i'll look for the ip range and test this way !

    up !

    they want my website too é_è

    victim of my succes or what

    it crashs only in few seconds !


    EDIT :
    now, java stop running instantly, no error messages... (hmm at least, "Connection reset")

    EDIT :

    everything looks like a .crash exploit

    EDIT by Moderator: merged posts, please use the edit button instead of double posting.
     
    Last edited by a moderator: May 25, 2016
Thread Status:
Not open for further replies.

Share This Page