• Shoutbox
    Active Users: 0
     
  • Notice: N/A
    Loading...
 
  • Active Users
     
  • There are currently no users chatting.
 
Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Administrator heatsinkbod's Avatar
    Join Date
    Jul 2016
    Location
    Chester
    Posts
    238
    Trophies
    Blog Entries
    2

    Service News 08/09/2016

    Hi all over the past week or so many AAAA hosted servers have been getting a form of flood attacks via getstatus - you may have seen these in your logs or in the TCADMIN server console hey would have looked like this

    SV packet 77.174.47.151:7130 : getstatus
    SV packet 37.123.157.57:7130 : getstatus

    I have been away on Holiday so only got chance to dig around over this issue today

    these IP ports have now been blocked, not sure if this was just a bot trying to spam or someone intent on flooding us either way they are blocked if its intent flood then they will be back with new IP and ports but time will tell.

    Note getstatus are normal requests so you will see other IP's with the likes of RCON on the end these are used by other legit programs and console tools.
    If you suspect a flood attack on getstatus let us know

    Sorry this took a while to resolve but hopefully this is the end of this issue

  2. #2
    HI Jon. It seems it is not solved yet i get slow server all the time on my server 109.70.148.92:12220.

    On console i get this constantly

    SV packet 84.108.57.54:7130 : getstatus

    SV packet 84.108.57.54:1024 : getstatus

  3. #3
    Quote Originally Posted by PacRac View Post
    HI Jon. It seems it is not solved yet i get slow server all the time on my server 109.70.148.92:12220.

    On console i get this constantly

    SV packet 84.108.57.54:7130 : getstatus

    SV packet 84.108.57.54:1024 : getstatus
    Lol, check out this post: http://www.x-null.net/forums/showthr...ll=1#post27100
    Same IP :/

  4. #4
    Administrator heatsinkbod's Avatar
    Join Date
    Jul 2016
    Location
    Chester
    Posts
    238
    Trophies
    Blog Entries
    2
    Quote Originally Posted by PacRac View Post
    HI Jon. It seems it is not solved yet i get slow server all the time on my server 109.70.148.92:12220.

    On console i get this constantly

    SV packet 84.108.57.54:7130 : getstatus

    SV packet 84.108.57.54:1024 : getstatus
    ok Hi Pacrac ok not seen that IP thats also now blocked yours seems to be ok now

  5. #5
    Administrator heatsinkbod's Avatar
    Join Date
    Jul 2016
    Location
    Chester
    Posts
    238
    Trophies
    Blog Entries
    2
    Quote Originally Posted by Shadow View Post
    Lol, check out this post: http://www.x-null.net/forums/showthr...ll=1#post27100
    Same IP :/
    mmm that is strange going by the time span

  6. #6
    I am still getting slow server message from time to time checked my logs and no ip's flood. So it seems is not from my port now.
    Last edited by PacRac; 09-09-2016 at 11:36 PM.

  7. #7
    Administrator heatsinkbod's Avatar
    Join Date
    Jul 2016
    Location
    Chester
    Posts
    238
    Trophies
    Blog Entries
    2
    Quote Originally Posted by PacRac View Post
    I am still getting slow server message from time to time checked my logs and no ip's flood. So it seems is not from my port now.
    Hi ok - well found the server was running 100% across all 8 cores and traced it to a virus which I have now sorted - the virus was using UDP also so may be the route of all the issues we have had

  8. #8
    Administrator heatsinkbod's Avatar
    Join Date
    Jul 2016
    Location
    Chester
    Posts
    238
    Trophies
    Blog Entries
    2
    Quote Originally Posted by heatsinkbod View Post
    Hi ok - well found the server was running 100% across all 8 cores and traced it to a virus which I have now sorted - the virus was using UDP also so may be the route of all the issues we have had
    Hi ok spent all day on this now and finally its all sorted the dedi CPU's now under 20% across all cores - virus eliminated and multi scans using various virus tools found the remaing bits of the virus which was all over the place - all removed and stable

    Updated many security aspects across various platforms on the dedi to ensure we dont get repeat attack - so sorry all its been crap the past week but only really got chance to dig around this weekend after been back of hols to sort it out

    AAAA hosting only exists from the community suort so if its crap we loose support and we would not be able to continue so sorry I was not able to resolve this sooner but rest assured we take every effort to ensure our community is stable and sorry its taken so long to resolve this time.............

  9. #9
    Quote Originally Posted by heatsinkbod View Post
    Hi ok spent all day on this now and finally its all sorted the dedi CPU's now under 20% across all cores - virus eliminated and multi scans using various virus tools found the remaing bits of the virus which was all over the place - all removed and stable

    Updated many security aspects across various platforms on the dedi to ensure we dont get repeat attack - so sorry all its been crap the past week but only really got chance to dig around this weekend after been back of hols to sort it out

    AAAA hosting only exists from the community suort so if its crap we loose support and we would not be able to continue so sorry I was not able to resolve this sooner but rest assured we take every effort to ensure our community is stable and sorry its taken so long to resolve this time.............:
    Hi Jon.

    Server is lagging again another flood attack from these ip's:

    SV packet 197.48.201.216:19809 : getstatus

    Cvar_Set2: interval 6

    SV packet 81.99.91.249:7130 : getstatus

    Cvar_Set2: interval 7

    SV packet 197.48.201.216:19809 : getstatus

    Cvar_Set2: interval 8

    SV packet 81.99.91.249:7130 : getstatus

    Cvar_Set2: interval 9

    Cvar_Set2: interval 10

    SV packet 81.99.91.249:7130 : getstatus

    SV packet 197.48.201.216:19809 : getstatus

    Cvar_Set2: interval 11

    Cvar_Set2: sv_antiwh 1

    Cvar_Set2: interval 12

    SV packet 81.99.91.249:7130 : getstatus

    Cvar_Set2: interval 13

    SV packet 197.48.201.216:19809 : getstatus

    Cvar_Set2: interval 14

    SV packet 81.99.91.249:7130 : getstatus

    Cvar_Set2: interval 15

    Cvar_Set2: interval 16

    SV packet 81.99.91.249:7130 : getstatus

    SV packet 197.48.201.216:19809 : getstatus

    Cvar_Set2: interval 17

    Cvar_Set2: interval 18

    SV packet 81.99.91.249:7130 : getstatus

    Cvar_Set2: interval 19

    SV packet 197.48.201.216:19809 : getstatus

    Cvar_Set2: interval 20

    SV packet 81.99.91.249:7130 : getstatus

    Cvar_Set2: interval 21

    SV packet 197.49.137.31:7130 : getstatus

    Cvar_Set2: interval 22

    SV packet 197.48.201.216:19809 : getstatus

    SV packet 81.99.91.249:7130 : getstatus


    I will do a nice donation this end of month till then i am really low financially. .
    Just hope this get sorted soon. Losing daily players to other servers

  10. #10
    Administrator heatsinkbod's Avatar
    Join Date
    Jul 2016
    Location
    Chester
    Posts
    238
    Trophies
    Blog Entries
    2
    Quote Originally Posted by PacRac View Post
    Hi Jon.

    Server is lagging again another flood attack from these ip's:

    SV packet 197.48.201.216:19809 : getstatus

    Cvar_Set2: interval 6

    SV packet 81.99.91.249:7130 : getstatus

    Cvar_Set2: interval 7

    SV packet 197.48.201.216:19809 : getstatus

    Cvar_Set2: interval 8

    SV packet 81.99.91.249:7130 : getstatus

    Cvar_Set2: interval 9

    Cvar_Set2: interval 10

    SV packet 81.99.91.249:7130 : getstatus

    SV packet 197.48.201.216:19809 : getstatus

    Cvar_Set2: interval 11

    Cvar_Set2: sv_antiwh 1

    Cvar_Set2: interval 12

    SV packet 81.99.91.249:7130 : getstatus

    Cvar_Set2: interval 13

    SV packet 197.48.201.216:19809 : getstatus

    Cvar_Set2: interval 14

    SV packet 81.99.91.249:7130 : getstatus

    Cvar_Set2: interval 15

    Cvar_Set2: interval 16

    SV packet 81.99.91.249:7130 : getstatus

    SV packet 197.48.201.216:19809 : getstatus

    Cvar_Set2: interval 17

    Cvar_Set2: interval 18

    SV packet 81.99.91.249:7130 : getstatus

    Cvar_Set2: interval 19

    SV packet 197.48.201.216:19809 : getstatus

    Cvar_Set2: interval 20

    SV packet 81.99.91.249:7130 : getstatus

    Cvar_Set2: interval 21

    SV packet 197.49.137.31:7130 : getstatus

    Cvar_Set2: interval 22

    SV packet 197.48.201.216:19809 : getstatus

    SV packet 81.99.91.249:7130 : getstatus


    I will do a nice donation this end of month till then i am really low financially. .
    Just hope this get sorted soon. Losing daily players to other servers
    Hi have added those ip's - still working on a generic block for 7130 port as appears it remains open as a another normal server program is using it

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •