Hey, someone is attacking my server right now, he crashes it in few seconds... any help please? running bukkit on CentOS. need a firewall rull or something, this guy is using a vpn ...
Firewall Rule wont help. Just Sayin Block repated Commands maybe he uses this to Spam the Server to death.
Most useless post ever. There's not much you can do to mitigate a DDoS attack, but you can relieve the symptoms slightly - your firewall will still need to process each request it gets. What exactly is happening (your explanation is a bit ambiguous)? What type of server are you using (Hosted by a minecraft server company/VPS/Dedicated server/hosted on the 10 year old metal box under your bed)? What firewall software do you use (e.g. CSF)?
Wow what would you expect after so much information, who knows how he is attacking? Its not always a DDoS jusr saying. Smartass
Yes, as you can see I did acknowledge I wasn't sure what type of attack the OP was experiencing - which is conveyed in the pragmatics of "What exactly is happening (your explanation is a bit ambiguous)?"
Sorry, i'm french, that's why i'm maybe ambiguous this guy connect on my server and told me to delete it from a topsite, or he crashes it, few seconds after, my VPS is going to use all the RAM available to java, end of streams errors, everybody got disconnected, and isn't available to reconnect. i only use iptables, i've no CSF, or Fail2ban at the moment. this guy uses hotspot shield to hide IP. i think he opens many connections on the 25565 port, TCP ou UDP, i don't know... thanks for your help ! PS : VPS, 2*2.4Ghz Xeon, 4Go RAM + 2Gb burst.
Well, if the attacker is using hotspot shield, you could always just set up the firewall to drop all packets coming from hotspot shield ip address ranges. There aren't that many and they are easy to google. (Disadvantage: users that use hotspot shield too won't be able to connect too) Because OP states that Java is eventually freaking out, it seem that this is not a DDoS attack that blocks his network with random traffic, but rather an attack that aims directly at the Minecraft server. So blocking that traffic at firewall level may be enough to "fix" problem.
Can you work out what IPs/IP ranges these attacks are coming from and ask your VPS host to nullroute them?
the host attacking seems to be always *.anchorfree.net where * is number. i can't block the host from iptables, i'll look for the ip range and test this way ! up ! they want my website too é_è victim of my succes or what it crashs only in few seconds ! EDIT : now, java stop running instantly, no error messages... (hmm at least, "Connection reset") EDIT : everything looks like a .crash exploit EDIT by Moderator: merged posts, please use the edit button instead of double posting.