Staff posts regarding server development go here. Progress updates, ramblings, and more!
  • User avatar
  • User avatar
  • User avatar
  • User avatar
  • User avatar
  • User avatar
  • User avatar
User avatar
By Intelli
#163607
Hey everyone,

As you guys may have noticed, there was a stretch of downtime on the server yesterday (June 2, 2013). Unfortunately, this was caused by an attack against the server. As I wasn't around when the attack started, the server went down until I was at a computer to block it.

The attack

The first thing I did when I saw the server was down, was determining the cause of the downtime. This was fairly easy, as looking at the console, I saw something similar to this:

Image

There were around a dozen or so IP addresses, each making around 15-20 bad connections per second. These connections were overwhelming the server software, locking out legitimate connections and freezing the server.

Now, the simplest way to mitigate an attack like this is to block the IP addresses using the system firewall. However, we've had a few attacks like this so far this year, so I decided to write up a script to automatically block the connections.

Automatic IP bans

The script I developed is fairly simple, and only took around 15 minutes to code. What it does is counts the number of times an IP has recently made a bad connection, and if it crosses a set threshold, it automatically blocks the IP using the system firewall. Pretty basic stuff, but it works well.

Image

Image

I won't post the full code - security through obscurity and all that. No reason to let the attacker know the thresholds. :)

This script won't block all potential attacks, and without a doubt, someone will find a new way to take the server down in the future. However, it will automatically block script kiddie connection floods in the future, and help maintain the servers uptime.

Hopefully you guys enjoyed this information regarding the cause of the downtime, and what we did to block the attack.

As always, thanks for supporting MineRealm :D
#163608
A wild LOSER appears!
LOSER uses BEING A JERK!
INTELLI counterattacks!
Critical hit! It's super effective!

And this is why Intelli is awesome.
He fixes all the problems.
I love you in a fully no-homo way, Intelli.
#163615
Gee, minerealm has a lot of enemies :|
EDIT: Ran an ip locator search on the IP address.
Says it was located in McKinney, Texas.
Cut down the search to about 136,067 people.
No need to thank me ;)
I joke I joke.
#163781
I wish those idiots would burn and tort in hell >:D

Youre so smart Intelli!
#163783
Ratta237 wrote:Gee, minerealm has a lot of enemies :|
EDIT: Ran an ip locator search on the IP address.
Says it was located in McKinney, Texas.
Cut down the search to about 136,067 people.
No need to thank me ;)
I joke I joke.
If you will excuse me I have some hunting to do.
*charges up superconductive rifle Yeavon let me borrow*
#163790
Be careful trusting the IP location. They are frequently off by a city or two, especially in the DFW area where a bunch of cities and suburbs are up against each other.

Source: I have had McKinney show up as my IP before.
#163797
kerovon wrote:Be careful trusting the IP location. They are frequently off by a city or two, especially in the DFW area where a bunch of cities and suburbs are up against each other.

Source: I have had McKinney show up as my IP before.
This. I'm running through a VPN and my IP address shows that I'm in New York, even though I'm in PA.
long long title how many chars? lets see 123 ok more? yes 60

We have created lots of YouTube videos just so you can achieve [...]

Another post test yes yes yes or no, maybe ni? :-/

The best flat phpBB theme around. Period. Fine craftmanship and [...]

Do you need a super MOD? Well here it is. chew on this

All you need is right here. Content tag, SEO, listing, Pizza and spaghetti [...]

Lasagna on me this time ok? I got plenty of cash

this should be fantastic. but what about links,images, bbcodes etc etc? [...]