[help] boh8eia gia prostasia apo dos ddos

[ScRaB4ever]

kalhspera! opws anefera panw xriazomai protect gia ton server m apo dos ddos. exw mia spida alla den kanei tpt....

mporei kapoios na me boh8hsei? ty

[ScRaB4ever]

ti ennoeis ama brw ta packets?

[Flash™]

File ntellos  filos mou pou pire apo to dedicated ayto edw  kai tou kanane ayta to

mono pou mporouse na  kanei einai block tin ip eleos diladi mia apo tis kales eteries den mporeis

na kanei tpt kai plhroneis gia to Setup lefta..

to thema einai oti kapoios pou thelei ena sikosei server prepei na einai diathetimenos twra poia na xalasei kanena 500eyro oste na einai ok to kefali tou kai ama den petixei o server

na to xtipaei ston ntixw ..

Mono ama broun kamia lisei kapoios me kapoion tropw ena firewall na to dosei me crack oste na  einai ok

[ScRaB4ever]

kai egw me hetzner eimai....

se kapoioys server omws ayto to fix einai ftiagmeno....

kai den nomizw na exoyn doseis leyta gia na to fix ennoontas apo etairia kai etc

kserw oti to prog ayto stelnei dipla packets...

[Flash™]

File to thema einai oti i hetzner einai mia eteria pou  exei ena kalo onoma kai den mporei na apotepsei  ta ddos atack.

Giati ta ddos atack den einai  se megalo ba8mo ton server einai ton  dedicated ayth exoun to problima giati xtupane to pc.

ama tous steileis email to mono pou tha sou poune einai oti na kanoun block tin ip pou  sou kanei atack.

Diladi tpt sxedon giati  mporei na sou kanoun atack polla atoma mazi kai na prepei na kaneis  sinexeia block.

Tou esteiles kanena email na tou pei tpt?

[ScRaB4ever]

oxi den toys exw steilei. bsk apo oti exw katalbaei den exw prob me ta ddos  alla me ta packets :/

[TEOGR_hItMaKeR]

file m ena pragma exw na sou proteinw i milise me tin etairia pou exeis gia na s dwsei kapoio eidos firewall i ena modem pou den dexete ddos attacks de n thumame  name i allakse etairia.. Den nomizw na einai to "l2jattacker" dioti einai ena polu noobiko program pianei mono se polu xamilis poiotitas servers opote kane auta pou sou proteinw parapanw..

[ScRaB4ever]

afoy tlk to prob den einai me ta ddos alla me ta server packets

[Flash™]

i eteria den exei modem allo na sou dosei toso kalh einai.. mono firewall ama pareis kai ayto tha sou to dosei  se megalh timh..

ektos apo ayto dite aythn edw tin eteria look

[ScRaB4ever]

afoy tlk to prob den einai me ta ddos alla me ta server packets

[Flash™]

pare ayto edw file mou here  here 2

[ScRaB4ever]

eyxarhstw poly gia to fix

kapoies erwthseis an mporeis na m apanthseis...

arxika ti kanei ayto p m esteiles kai deyteron oi ari8moi aytoi exoun na kanoyn me to l2jattacker?

btw eyxarhstw gia ola

 

[edit] perasa to fix alla akoma m bgazei toys ari8moys

ena fix 8a htan as poyme otan kapoios stelnei 5 idia paketa se ena second na trwei dc...

h genikotera an stelnei polla paketa se ena sec

[TEOGR_hItMaKeR]

Koita ti brika kai dokimase to http://maxcheaters.com/forum/index.php?topic=165886.0

[ScRaB4ever]

to dokimasa kai den kanei tpt....

[ScRaB4ever]

bump

katw einai ena fix p kanei to eksis an kapoios mesa sto game stelnei polla paketa timwreite

mporei kapoios na to kanei otan mia ip stelnei polla paketa na trwei dc??

I have one idea, but not tested, just written...

 

Index: C:/Workspace/L2_GameServer_It/java/config/server.properties
===================================================================
--- C:/Workspace/L2_GameServer_It/java/config/server.properties	(revision 1025)
+++ C:/Workspace/L2_GameServer_It/java/config/server.properties	(working copy)
@@ -69,6 +69,16 @@
# Define how many players are allowed to play simultaneously on your server.
MaximumOnlineUsers=100

+# Activate Protection for knownPacket flooding
+MaxPacketProtection = False
+# How much known packets before punishment.
+# If the player send more than 100 knownPackets per second, the player get punished.
+KnownPacketsBeforeBan = 100
+# Punishments
+# 1 - broadcast warning to gms only
+# 2 - kick player (default)
+# 3 - kick & ban player (Accesslevel -99)
+KnownPacketsPunishment = 2

# Minimum and maximum protocol revision that server allow to connect.
# You must keep MinProtocolRevision <= MaxProtocolRevision.
Index: C:/Workspace/L2_GameServer_It/java/net/sf/l2j/Config.java
===================================================================
--- C:/Workspace/L2_GameServer_It/java/net/sf/l2j/Config.java	(revision 1025)
+++ C:/Workspace/L2_GameServer_It/java/net/sf/l2j/Config.java	(working copy)
@@ -78,6 +78,10 @@
     /** Maximum number of players allowed to play simultaneously on server */
     public static int   MAXIMUM_ONLINE_USERS;
     
+    public static boolean ENABLE_MAX_PACKET_PROTECTION;
+    public static int MAX_KNOWN_PACKETS;
+    public static int KNOWN_PACKETS_PUNiSHMENT;
+    
     // Setting for serverList
     /** Displays [] in front of server name ? */
     public static boolean SERVER_LIST_BRACKET;
@@ -1120,6 +1124,10 @@

                 MAX_CHARACTERS_NUMBER_PER_ACCOUNT = Integer.parseInt(serverSettings.getProperty("CharMaxNumber", "0"));
                 MAXIMUM_ONLINE_USERS        = Integer.parseInt(serverSettings.getProperty("MaximumOnlineUsers", "100"));
+                
+                ENABLE_MAX_PACKET_PROTECTION = Boolean.parseBoolean(serverSettings.getProperty("MaxPacketProtection", "false"));
+                MAX_KNOWN_PACKETS = Integer.parseInt(serverSettings.getProperty("KnownPacketsBeforeBan", "5"));
+                KNOWN_PACKETS_PUNiSHMENT = Integer.parseInt(serverSettings.getProperty("KnownPacketsPunishment", "2"));
                
                 MIN_PROTOCOL_REVISION   = Integer.parseInt(serverSettings.getProperty("MinProtocolRevision", "660"));
                 MAX_PROTOCOL_REVISION   = Integer.parseInt(serverSettings.getProperty("MaxProtocolRevision", "665"));
@@ -2082,6 +2090,10 @@
         else if (pName.equalsIgnoreCase("AutoDeleteInvalidQuestData")) AUTODELETE_INVALID_QUEST_DATA = Boolean.valueOf(pValue);

         else if (pName.equalsIgnoreCase("MaximumOnlineUsers")) MAXIMUM_ONLINE_USERS = Integer.parseInt(pValue);
+        
+        else if (pName.equalsIgnoreCase("MaxPacketProtection")) ENABLE_MAX_PACKET_PROTECTION = Boolean.parseBoolean(pValue);
+        else if (pName.equalsIgnoreCase("KnownPacketsBeforeBan")) MAX_KNOWN_PACKETS = Integer.parseInt(pValue);
+        else if (pName.equalsIgnoreCase("KnownPacketsPunishment")) KNOWN_PACKETS_PUNiSHMENT = Integer.parseInt(pValue);

         else if (pName.equalsIgnoreCase("ZoneTown")) ZONE_TOWN = Integer.parseInt(pValue);

Index: C:/Workspace/L2_GameServer_It/java/net/sf/l2j/gameserver/network/L2GameClient.java
===================================================================
--- C:/Workspace/L2_GameServer_It/java/net/sf/l2j/gameserver/network/L2GameClient.java	(revision 1025)
+++ C:/Workspace/L2_GameServer_It/java/net/sf/l2j/gameserver/network/L2GameClient.java	(working copy)
@@ -41,6 +41,7 @@
import net.sf.l2j.gameserver.model.actor.instance.L2PcInstance;
import net.sf.l2j.gameserver.model.entity.L2Event;
import net.sf.l2j.gameserver.serverpackets.L2GameServerPacket;
+import net.sf.l2j.gameserver.util.FloodProtector;
import net.sf.l2j.util.EventData;

import com.l2jserver.mmocore.network.MMOClient;
@@ -84,6 +85,9 @@
	// Flood protection
	public byte packetsSentInSec = 0;
	public int packetsSentStartTick = 0;
+	 
+    // KnownPacket protection
+    private int knownPacketCount = 100;

	public L2GameClient(MMOConnection<L2GameClient> con)
	{
@@ -489,6 +493,26 @@
     	}
     }
     
+    public boolean checkknownPackets()
+	{
+		if(this.getActiveChar() != null && 
+				!FloodProtector.getInstance().tryPerformAction(this.getActiveChar().getObjectId(), FloodProtector.PROTECTED_KNOWNPACKET))
+		{
+			knownPacketCount++;
+			if (knownPacketCount >= Config.MAX_KNOWN_PACKETS)
+			{
+				return true;
+			}
+			else
+				return false;
+		}
+		else
+		{
+			knownPacketCount = 0;
+			return false;
+		}
+	}
+    
     /**
      * Produces the best possible string representation of this client.
      */
Index: C:/Workspace/L2_GameServer_It/java/net/sf/l2j/gameserver/network/L2GamePacketHandler.java
===================================================================
--- C:/Workspace/L2_GameServer_It/java/net/sf/l2j/gameserver/network/L2GamePacketHandler.java	(revision 1025)
+++ C:/Workspace/L2_GameServer_It/java/net/sf/l2j/gameserver/network/L2GamePacketHandler.java	(working copy)
@@ -18,10 +18,13 @@
package net.sf.l2j.gameserver.network;

import java.nio.ByteBuffer;
+import java.sql.Time;
import java.util.concurrent.RejectedExecutionException;
import java.util.logging.Logger;

import net.sf.l2j.Config;
+import net.sf.l2j.gameserver.GmListTable;
+import net.sf.l2j.gameserver.LoginServerThread;
import net.sf.l2j.gameserver.ThreadPoolManager;
import net.sf.l2j.gameserver.clientpackets.*;
import net.sf.l2j.gameserver.network.L2GameClient.GameClientState;
@@ -811,6 +814,8 @@
      	byte[] array = new byte[size];
      	buf.get(array);
      	_log.warning(Util.printData(array, size));
+     	if (Config.ENABLE_MAX_PACKET_PROTECTION)
+     		knownPacketProtection(client);
	}

	private void printDebugDoubleOpcode(int opcode, int id2, ByteBuffer buf, GameClientState state, L2GameClient client)
@@ -820,7 +825,50 @@
      	byte[] array = new byte[size]; 
      	buf.get(array);
      	_log.warning(Util.printData(array, size));
+     	if (Config.ENABLE_MAX_PACKET_PROTECTION)
+     		knownPacketProtection(client);
	}
+	
+	private void knownPacketProtection(L2GameClient client)
+	{
+		if(client.getActiveChar() != null && client.checkknownPackets())
+		{
+			punish(client);
+			return;
+		}
+	}
+	
+	private void punish(L2GameClient client)
+	{
+		switch(Config.KNOWN_PACKETS_PUNiSHMENT)
+		{
+			case(1):
+				if (client.getActiveChar() != null)
+				{
+					GmListTable.broadcastMessageToGMs("Player " + client.getActiveChar().toString() + " flooding known packets.");
+				}
+				break;
+			case(2):
+				_log.warning("PacketProtection: " + client.toString() + " got kicked due flooding of known packets");
+				if (client.getActiveChar() != null) 
+				{
+					GmListTable.broadcastMessageToGMs("Player " + client.getActiveChar().toString() + " flooding known packets and got kicked.");
+					client.getActiveChar().sendMessage("You are will be kicked for known packet flooding, GM informed.");
+					client.getActiveChar().closeNetConnection();
+				}
+				break;
+			case(3):
+				_log.warning("PacketProtection: " + client.toString() + " got banned due flooding of known packets");
+				LoginServerThread.getInstance().sendAccessLevel(client.getAccountName(), -99);
+				if(client.getActiveChar() != null)
+				{
+					GmListTable.broadcastMessageToGMs("Player " + client.getActiveChar().toString() + " flooding known packets and got banned.");
+					client.getActiveChar().sendMessage("You are banned for known packet flooding, GM informed.");
+					client.getActiveChar().closeNetConnection();
+				}
+				break;
+		}
+	}

	// impl
	public L2GameClient create(MMOConnection<L2GameClient> con)
Index: C:/Workspace/L2_GameServer_It/java/net/sf/l2j/gameserver/util/FloodProtector.java
===================================================================
--- C:/Workspace/L2_GameServer_It/java/net/sf/l2j/gameserver/util/FloodProtector.java	(revision 1025)
+++ C:/Workspace/L2_GameServer_It/java/net/sf/l2j/gameserver/util/FloodProtector.java	(working copy)
@@ -50,15 +50,16 @@

	// =========================================================
	// Enum
-	private static final int PROTECTEDACTIONSIZE = 3;
+	private static final int PROTECTEDACTIONSIZE = 4;

	// reuse delays for protected actions (in game ticks 1 tick = 100ms)
-	private static final int[] REUSEDELAY = new int[]{ 4, 42, 42 };
+	private static final int[] REUSEDELAY = new int[]{ 4, 42, 42, 15 };

	// protected actions
	public static final int PROTECTED_USEITEM	= 0;
	public static final int PROTECTED_ROLLDICE	= 1;
	public static final int PROTECTED_FIREWORK	= 2;
+	public static final int PROTECTED_KNOWNPACKET = 100;

	// =========================================================
	// Constructor

[ntellos]

min les vlakeies.

edw eixa d-guard firewall kai sunexiza na trww attack mexru p crashare to pc

http://en.wikipedia.org/wiki/Denial-of-service_attack#Prevention_and_response

 

Σαφώς και αυτά που λέω δεν είναι απόλυτα, αλλά αυτά εφαρμόζω. Αυτό που ισχύει πάντα είναι ότι αν ο επιτιθέμενος έχει μεγαλύτερο bandwidth την έχεις γαμήσει, αλλά σιγά μην νοικίασει κανείς dedicated για να κάνει ddos attack σε lol java server.

 

Οπότε κανά χαζό πρόγραμμα, τύπου L2j attacker είναι, που στέλνει χαζά πακέτα από το pc κανενός πιτσιρικά με max 2mpbs upload(αν το πιάνει κι αυτό κι όλας) που του crushάρει τον server. Ρυθμίζει το firewall(software) και καθάρισε.

 

 

 

Όσο για τον φίλο μας πάρε μια ιδέα από εδώ πως να ρυθμίσεις το firewall σου. Σαφώς και θα προσαρμόσεις τις ρυθμίσεις στις ανάγκες του server σου, οπότε δεν είναι τυφλοσούρτης.

OS: win7 ultimate 64bit / win server 2003-2008

 

Τα accounts του server γίνονται μέσω account manager από το site.

Πρώτα από όλα απομόνωσα την βάση δεδομένων του login server από τον game server (αν δεν γνωρίζετε πως γίνεται pm εδω)

Αυτο γιατι με την χρήση διαφορετικών user name και password στον mySQL απομονώνονται πλήρως και ασφαλίζεται ο game server αρκετά αξιόπιστα.

Ενεργοποίησα το firewall των windows σε πλήρη ασφάλεια. 2 task για τον apache server 1 για internal use και 1 για external.

Αυτο βοηθά ώστε να δημιουργηθεί μια απομόνωση εξωτερικών και εσωτερικών διαυλων.

Κανένα port ανοιχτό για login ή game server εκτός από τον έλεγχο ροής της java.

Κατέβασα την free εκδοση του zone alarm. Την ενεργοποίησα σε πλήρη ασφάλεια με όλα τα port κλειστά και όλες τις εφαρμογές block.

 

Μετα απο αυτά άρχισα να τρέχω μια-μια τις εφαρμογές που ήθελα να αφήσω να περάσουν.

πχ. έτρεξα το L2 (client χωρίς patch, από αλλο pc μεσω internet ) και ρύθμισα τα login και game server port να επιτρέπουν την επικοινωνία μόνο μέσα από L2 client.

μετά τους web browsers και τελικά ρύθμισα το telnet να επικοινωνεί μόνο κατόπιν ερωτήματος.

 

Από τοτε δεν εχω πρόβλημα hack παρόλο που καθε 30 λεπτά χτυπάει ο hacker τον server με patchaki. Εχουν καταγραφεί εκατονταδες προσπάθειες αλλα ευτυχώς δεν περνάνε :)

 

ΥΓ. Αν ο server σας ειναι dedicated και απομακρισμένος πρίν από ολα ρυθμιστε το firewall να επιτρέπει την επικοινωνία με την εφαρμογή απομακρυσμένης διαχείρισης και το port που έχετε ορίσει σ'αυτήν, γιατι θα κλειδωθήτε απέξω και εσεις αφού θα διακοπεί η σύνδεση.

Το zone alarm εκτός από το ip προσέγγισης εισόδου αναφέρει και την εφαρμογή, οπότε μπορείτε ευκολα να δώσετε πρόσβαση ή απόρριψη στα εισερχόμενα.