Server gets ddosed (Hostsavor & PlusEmulator)

[Calcium]

Yesterday my server was ddosed and I see 9000 Online Users with different IP Adresses (Botnet).
I fix the Online Counter with a mysql_select count where online = 1.

But my Server still getting ddosed again and I had CPU problems and Client laggs.

I wrote a Ticket on Hostsavor and getting this message:

Hi Hannes,Please ensure that you've got appropriate filtering from within your game server and your websocket server to prevent flooding. If you're allowing ports through the firewall, you should ensure that the application is correctly handling the ports and limits the amount of connections per ip, per user and looks for irregularities within the connections and blacklists them if necessary.
Please make sure that you've made sufficient changes to your application, otherwise we will be unable to offer further guidance other than what we've provided above if that does not resolve the issue.
Thank you for contacting HostSavor Support.

Discord: ******

Hi Hannes,Issues such as this are usually down to the applications that are on the server, not the server itself.
Thank you for contacting HostSavor Support.

Discord: ****

I'm pretty sure that my Server is not able to block connections from outside.

Now I think about the GameSocketManager and I edited some codes to his:

You must be registered for see links

But I dont think this fix the Problem?

Need help ^^

 

[JayC]

Are you sure that your emulator isn't just not taking a user offline after they logoff?

DDoS is a denial service attack, meaning you wouldn't be able to access your client, website, or server at all - It would be down. You are not getting DDoS'd.

Lastly, Don't use HostSavor for VPS's. Buy directly from a source such as OVH where they are actually reliable vs. resells. Not saying that HostSavor VPS's are bad, because I have not used one in a while but OVH servers are definitely better. Also get a TCP proxy from hostsavor !

 

[Calcium]

Here is the fix:
to dont want that bot ip adresses can logging into your emulator



Socket replyFromComputer = ((Socket)iAr.AsyncState).EndAccept(iAr);
replyFromComputer.NoDelay = disableNagleAlgorithm;

string Ip = replyFromComputer.RemoteEndPoint.ToString().Split(':')[0];

//write a code that if(ddostextfile.txt IP adress = Ip ) { return; } // Streamwriter and co.


string valid;
using (IQueryAdapter dbClient = PlusEnvironment.GetDatabaseManager().GetQueryReactor())
{
dbClient.SetQuery("SELECT ip_last FROM `users` WHERE `ip_last` = @ip LIMIT 1");
dbClient.AddParameter("ip", Ip);
valid = dbClient.GetString();
}

if (valid == null || Ip == null)
{
Console.WriteLine("IP IS NULLED");
return;
}


if (valid != Ip)
{
Console.WriteLine("IP ADRESS: {0} doesn't exists in users.sql", Ip); // uncomment when you dont want to show it
// write a code that writes the ip adresse in the ddostextfile.txt
return;
}
else
{
int ConnectionCount = getAmountOfConnectionFromIp(Ip);
if (ConnectionCount < maxIpConnectionCount)
{


_acceptedConnections++;
ConnectionInformation c = new ConnectionInformation(_acceptedConnections, replyFromComputer, this, parser.Clone() as IDataParser, Ip);
reportUserLogin(Ip);
c.connectionChanged += c_connectionChanged;

if (connectionEvent != null)
{
connectionEvent(c);
connectionListener.BeginAccept(newConnectionRequest, connectionListener);
}

return;
}

 

[Joe]

Are you sure that your emulator isn't just not taking a user offline after they logoff?

DDoS is a denial service attack, meaning you wouldn't be able to access your client, website, or server at all - It would be down. You are not getting DDoS'd.

Lastly, Don't use HostSavor for VPS's. Buy directly from a source such as OVH where they are actually reliable vs. resells. Not saying that HostSavor VPS's are bad, because I have not used one in a while but OVH servers are definitely better. Also get a TCP proxy from hostsavor !

Probably flooding the client, this is a style of attack where they flood the port causing your hotel to have thousands online.

100% use an OVH server preferably with a game firewall, although expensive they work very well

 

[JayC]

Also get cloudflare