Jump to content
  • 0

Guys Help Me, I Need To Know What To Do


Question

Posted

Hello everyone, i have problem seriously problem, some kid flood my server from server inside, and i don't know what to do... :(

maybe buy some protection or some sell custom code protection, cus i don't know what to do, i have lameguard maybe turn on and this help us fixs this. or buy another protection for lots money.

Now we can't process server works, and seriously pissing me off. please help.

I got message from server ddos protection.

 

 

Hello,

Most of these connections are from the localhost, which isn't filtered by BitNinja. I'd recommend to review the script/program which opens such a large amount of connections towards the MySQL server. It is also possible that the script is vulnerable for mysql injection and SLEEP queries are being injected into it.

You can get the process ID for each connection by running
netstat --inet --inet6 -np

You can get the running queries in MySQL by connecting the server and running the following query:
SHOW PROCESSLIST;

If you have any further question or need any help, feel free to ask.

Best regards,

 

14 answers to this question

Recommended Posts

  • 0
Posted (edited)

Fixed, problem was in java, database connection not all closed, its was open 170differend place, i pay some java dev and he closed all, thanks for helping anyway

Edited by Mellion
  • 0
Posted (edited)

The guy just said what I said on your previous topic, aka your own server (probably gameserver, but can be website if it connects to your mysql server) stucks your connections, denying future requests.

 

Analyze which queries are launched, and act following ; if it's your gameserver, fix or delay or remove entirely whatever launches queries, if it's website, move your website OUT of gameserver hardware or make sure there is NO connections made (being online script, number of players, etc).

 

The dude gives you hints about what to do to analyze it, you got also MySQL workbench which is kinda powerful (and more visual : https://www.mysql.fr/products/workbench/).

Edited by Tryskell
  • 0
Posted

So i asked someone, fixs  this problem, cus im not proffesional whit those kinda flood attacks from gameserver. i wanna something professional, make server immortal kinda those attacks, cus i have zero experience, ofc i could pay.

  • 0
Posted

and i wanna ask, i have lameguard protection, i know its shity and outdated, but i think still protect from those flood attacks from inside its that true? cus i pay for lameguard i think 100-150eu, i dont remember.

  • 0
Posted (edited)

how then block any mysql connection not used from server? i mean outside. cus i don't use any website scripts.

Edited by Mellion
  • 0
Posted

how then block any mysql connection not used from server? i mean outside. cus i don't use any website scripts.

Please dont use multiple posts...

Maybe you got more than enought connections with any code inside your server?

  • 0
Posted (edited)

Please dont use multiple posts...

Maybe you got more than enought connections with any code inside your server?

i don't understand what you mean....

 

I understand some guy flooding packets inside in my server, like abuse some script commands i don't know how he do that, so i just install lameguard, i find out who do  this, i ban his hwid and he never connect to mine server. That be best reason for fixs this stupid problem.

 

There way change hwid but you i know you can destroy your hard that way.

Edited by Mellion
  • 0
Posted

Sorry for another post.

I've checked it and found that every connection is from one of the following processes:

root      7753  2.1 27.3 4826508 1110588 pts/0 Sl   14:34   0:45 java -Dfile.encoding=UTF- -Xms1024m -Xmx3024m -cp lib/*:lib/uMad/*:l2jfrozen-

core.jar com.l2jfrozen.gameserver.GameServer
root      4236 89.2  2.0 1738164 82536 pts/0   Sl   14:09  54:57 java -Xmx256m -XX:+UseSerialGC -XX:+AggressiveOpts -cp lib/*:l2jfrozen-core.jar com.l2jfrozen.loginserver.L2LoginServer
 
but look nothing wrong whit that.
 
root      7753  2.1 27.3 4826508 1110588 pts/0 Sl   14:34   0:45 java -Dfile.encoding=UTF- -Xms1024m -Xmx3024m -cp lib/*:lib/uMad/*:l2jfrozen-core.jar com.l2jfrozen.gameserver.GameServer
http://pastebin.com/wjSe4rnc

root      4236 89.2  2.0 1738164 82536 pts/0   Sl   14:09  54:57 java -Xmx256m -XX:+UseSerialGC -XX:+AggressiveOpts -cp lib/*:l2jfrozen-core.jar com.l2jfrozen.loginserver.L2LoginServer
http://pastebin.com/5LMmw949

well i checked all, i didin't see any problem whit that.
  • 0
Posted (edited)

I already answered, use mysql workbench or whatever tool allowing you to see which queries are processed.

 

We already (me and some others) told you it wasn't host.

Edited by Tryskell
Guest
This topic is now closed to further replies.
×
×
  • Create New...