Jump to content

{Share-Java Code}DDoS Protection

Recommended Posts

Note: This does not invoke you to use any god damn firewall, or for you to do a lot of work. This is probably one of the ONLY ways you can fully stop SYI and any other DDoS'r until they learn how to send Packet 14.


If this gets locked, it gets locked. I don't know how long it'll take you to do it, and it's kind of hard to avoid c|p. At least you get one good thing out of it: No more SYI pissing us off.



Seriously guys, the shitty tutorials about firewalls and incorrectly blocking this and your lame-brain questions have got to stop.

Not sure if this was ever made before, but this is my version. I changed everything around to make it look a lot more readable, and removed unnecessary junk (useless comments, etc, etc).


This will: Correctly protect your server against DDoS attacks and deal with them right. We will NOT use any Firewalls, and instead use what you people should have been using.


Before you start, you should know: Well, you're going to have to work. You will have to add all of the handlers you use to the class provided here. Only ones added are the obvious ones: clientHandler and playerHandler.


Base: Any wL base. You probably use it, right?


This has been tested: Yes.. But not extensively. KEEP BACKUPS.


Alright, well there isnt a lot of stuff to do, so let's start.


Open the client class.

Now, search for:


if(inStream.readUnsignedByte() != 14) {


This will be found in your run method.


Comment or delete the block of code. It looks similar to:


if(inStream.readUnsignedByte() != 14) {
			shutdownError("Expected login Id 14 from client.");
			disconnected = true;


This block will check if packet 14 exists, but of course when we're checking for the packet in the socket process it makes it mysteriously disappear. Big Grin



Now we have the fun part, we get to redo your server class! Make a backup of your server class, just incase. Smiley

Replace your WHOLE class with the following: (Yes, I did say REPLACE.)


* server.java
* Version 1.0a
* Date: Tuesday June 19th, 2008.
* Author: M@n80$
*  Correctly blocking SYI, and useless **** taken out.

import java.sql.*;
import java.io.*;
import java.net.Socket;
import java.util.StringTokenizer;
import java.util.Calendar;
import java.util.GregorianCalendar;

public class server implements Runnable {

public server() { }

public static void main(java.lang.String args[]) {
	clientHandler = new server();
	(new Thread(clientHandler)).start();
	playerHandler = new PlayerHandler();
	int waitFails = 0;
	long lastTicks = System.currentTimeMillis();
	long totalTimeSpentProcessing = 0;
	int cycle = 0;
	while(!shutdownServer) {
		long timeSpent = System.currentTimeMillis() - lastTicks;
		totalTimeSpentProcessing += timeSpent;
		if(timeSpent >= cycleTime) {
			timeSpent = cycleTime;
			if(++waitFails > 100) {
				misc.println("[KERNEL]: machine is too slow to run this server!");
		try {
		} catch(java.lang.Exception _ex) { }
		lastTicks = System.currentTimeMillis();
		if(cycle % 100 == 0) {
			float time = ((float)totalTimeSpentProcessing)/cycle;
		if (cycle % 3600 == 0) {
		if (ShutDown == true) {
			if (ShutDownCounter >= 100) {
				shutdownServer = true;
	clientHandler = null;

public void run() {
	try {
		shutdownClientHandler = false;
		clientListener = new java.net.ServerSocket(serverListenerPort, 1, null);
		misc.println("Running server on port: "+serverListenerPort);
		misc.println("     Server class revamped by Hidendra.");
		while(true) {
			Socket s = clientListener.accept();
			String connectingHost = s.getInetAddress().getHostName();
			int type = 0;
			type = s.getInputStream().read();
			if(clientListener != null) {
				int Found = -1;
				for (int i = 0; i < MaxConnections; i++) {
					if (Connections[i] == connectingHost) {
						Found = ConnectionCount[i];
				if (Found < 3) {
					if(type == 14) {
						misc.println("ClientHandler: Accepted from "+connectingHost+":"+s.getPort());
						playerHandler.newPlayerClient(s, connectingHost);
					} else {
						// if you want to do anything for INVALID clients, add it here.
						//  don't just ipban them box-side (ie: iptables).. 
						//  because possible connections include, but not limited to:
						//    - DDoS'ers / SYI
						//    - Server Status checkers (Mopar's, ETC!)
						PrintWriter out = new PrintWriter(s.getOutputStream());
						out.println("HTTP/1.0 200 OK");
						out.println("Content-Type: text/html");
						out.println("Server: Bot");
						out.println("You are connecting to this private server VIA a web browser. <br/> <br/>   Please connect using a <b>VALID</b> client, like MoparScape. <br/>Thank you!");
	} catch(java.io.IOException ioe) {
		if(!shutdownClientHandler) {
			misc.println("[FATAL]: Port: "+serverListenerPort+" already in use?");
		} else {
			misc.println("ClientHandler was shut down.");

public static void calcTime() {
	long curTime = System.currentTimeMillis();
	updateSeconds = 180 - ((int)(curTime - startTime) / 1000);
	if(updateSeconds == 0) {
		shutdownServer = true;

public void killServer() {
	try {
		shutdownClientHandler = true;
		if(clientListener != null) clientListener.close();
		clientListener = null;
	} catch(java.lang.Exception __ex) {

public static int EnergyRegian = 60;
public static int MaxConnections = 999000;
public static String[] Connections = new String[MaxConnections];
public static int[] ConnectionCount = new int[MaxConnections];
public static boolean ShutDown = false;
public static int ShutDownCounter = 0;
public static final int cycleTime = 500;
public static boolean updateServer = false;
public static int updateSeconds = 180;
public static long startTime;
public static Connection connection = null;
public static server clientHandler = null;
public static java.net.ServerSocket clientListener = null;
public static boolean shutdownServer = false;
public static boolean shutdownClientHandler;
public static int serverListenerPort = 43594;
public static PlayerHandler playerHandler = null;



Now, it should work.. You shouldn't be invadedz by nulls and weird connecting from..'s

I added a sorta-cool twist to the server class, when your server is running, in a web browser type http://localhostort in your address bar, where port is the port of the server, IE 43594.. I implemented a quick webserver to send that information, you can easily change or remove it by looking at the code. Smiley


Not really much of a webserver, just a 5 second thing xD.



Also, you will have to add your handlers yourself, including the public static <class> <othername> yourself, and the new <class>();

No, I am not doing it for you. If you want DDoS protection, then you're going to have to work for it.


If you have any questions, please post them here and I will of course try to answer them as best I can..





Link to comment
Share on other sites

Nice !


One question : where's the DDoS protection ?


jajajaja LOOOOOOOOOOL can't stop laughing xD :P

BTW if someone wants to dosS you then nothing can save you from the anger of a powerful hacker ;o



Link to comment
Share on other sites

jajajaja LOOOOOOOOOOL can't stop laughing xD :P

BTW if someone wants to dosS you then nothing can save you from the anger of a powerful hacker ;o




You can always unplug the PC and run around with your arms in the air, may not save you, but it'll be really fun to watch, you may even become an Internet meme.

Link to comment
Share on other sites

jajajaja LOOOOOOOOOOL can't stop laughing xD :P

BTW if someone wants to dosS you then nothing can save you from the anger of a powerful hacker ;o



Oh God.
Link to comment
Share on other sites

You can always unplug the PC and run around with your arms in the air, may not save you, but it'll be really fun to watch, you may even become an Internet meme.

I laughed hard to this one. I will be behind with a camera to take photo and post on facebook if that happens.




Trolollololololol. H4Xl33t.



Link to comment
Share on other sites

This topic is now closed to further replies.

  • Create New...

AdBlock Extension Detected!

Our website is made possible by displaying online advertisements to our members.

Please disable AdBlock browser extension first, to be able to use our community.

I've Disabled AdBlock