Re: [hlds_linux] Somebody is dosing my server, how to prevent it?
Ban the IP? Set up a script that checks the serverlogs periodically for these message and auto-ban IP's that trigger the rate limits often? Pawel wrote: Hi, Today in logs i found: L 11/17/2008 - 21:56:03: Traffic from 83.4.116.235:4996 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4997 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4998 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4999 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4998 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1025 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1026 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1025 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1027 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1027 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1028 was blocked for exceeding rate limits and it is full of such lines. Server is up to date, protocol 48, steam. But we felt lags and CPU load was 80% :| Could you help me? :D What i should make to prevent my server from ddos? Thanks ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Somebody is dosing my server, how to prevent it?
http://www.mediavida.com/vertema.php?fid=17tid=60857 I found the that i should set such cvars max_queries_sec -1 max_queries_sec_global -1 max_queries_window -1 That will help me? I don;t understand this language, that spanish? :P On Mon, Nov 17, 2008 at 10:26 PM, Arie [EMAIL PROTECTED] wrote: Ban the IP? Set up a script that checks the serverlogs periodically for these message and auto-ban IP's that trigger the rate limits often? Pawel wrote: Hi, Today in logs i found: L 11/17/2008 - 21:56:03: Traffic from 83.4.116.235:4996 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4997 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4998 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4999 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4998 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1025 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1026 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1025 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1027 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1027 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1028 was blocked for exceeding rate limits and it is full of such lines. Server is up to date, protocol 48, steam. But we felt lags and CPU load was 80% :| Could you help me? :D What i should make to prevent my server from ddos? Thanks ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Somebody is dosing my server, how to prevent it?
why don't you just drop the IP at your firewall? Ban the IP? Set up a script that checks the serverlogs periodically for these message and auto-ban IP's that trigger the rate limits often? Pawel wrote: Hi, Today in logs i found: L 11/17/2008 - 21:56:03: Traffic from 83.4.116.235:4996 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4997 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4998 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4999 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4998 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1025 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1026 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1025 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1027 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1027 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1028 was blocked for exceeding rate limits and it is full of such lines. Server is up to date, protocol 48, steam. But we felt lags and CPU load was 80% :| Could you help me? :D What i should make to prevent my server from ddos? Thanks ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Somebody is dosing my server, how to prevent it?
Setting those variables would remove all limits on queries. That would stop the messages, but it would not fix your problem ;) Pawel wrote: http://www.mediavida.com/vertema.php?fid=17tid=60857 I found the that i should set such cvars max_queries_sec -1 max_queries_sec_global -1 max_queries_window -1 That will help me? I don;t understand this language, that spanish? :P On Mon, Nov 17, 2008 at 10:26 PM, Arie [EMAIL PROTECTED] wrote: Ban the IP? Set up a script that checks the serverlogs periodically for these message and auto-ban IP's that trigger the rate limits often? Pawel wrote: Hi, Today in logs i found: L 11/17/2008 - 21:56:03: Traffic from 83.4.116.235:4996 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4997 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4998 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4999 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4998 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1025 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1026 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1025 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1027 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1027 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1028 was blocked for exceeding rate limits and it is full of such lines. Server is up to date, protocol 48, steam. But we felt lags and CPU load was 80% :| Could you help me? :D What i should make to prevent my server from ddos? Thanks ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Somebody is dosing my server, how to prevent it?
I've found that hlsw will do this, it's always been a little too aggressive making server queries. The CVARs listed below will help but if they don't, just ban the IP that is is the source. - Original Message - From: Pawel To: Half-Life dedicated Linux server mailing list hlds_linux@list.valvesoftware.com Sent: Monday, November 17, 2008 1:39 PM Subject: Re: [hlds_linux] Somebody is dosing my server, how to prevent it? http://www.mediavida.com/vertema.php?fid=17tid=60857 I found the that i should set such cvars max_queries_sec -1 max_queries_sec_global -1 max_queries_window -1 That will help me? I don;t understand this language, that spanish? :P On Mon, Nov 17, 2008 at 10:26 PM, Arie wrote: Ban the IP? Set up a script that checks the serverlogs periodically for these message and auto-ban IP's that trigger the rate limits often? Pawel wrote: Hi, Today in logs i found: L 11/17/2008 - 21:56:03: Traffic from 83.4.116.235:4996 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4997 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4998 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4999 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4998 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1025 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1026 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1025 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1027 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1027 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1028 was blocked for exceeding rate limits and it is full of such lines. Server is up to date, protocol 48, steam. But we felt lags and CPU load was 80% :| Could you help me? :D What i should make to prevent my server from ddos? Thanks ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Somebody is dosing my server, how to prevent it?
Because this IP is from neostrada, polish Internet which has dynamic ip ;) So this haker can reconnect and will get new IP :/ On Mon, Nov 17, 2008 at 10:43 PM, Steve [EMAIL PROTECTED] wrote: why don't you just drop the IP at your firewall? Ban the IP? Set up a script that checks the serverlogs periodically for these message and auto-ban IP's that trigger the rate limits often? Pawel wrote: Hi, Today in logs i found: L 11/17/2008 - 21:56:03: Traffic from 83.4.116.235:4996 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4997 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4998 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4999 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4998 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1025 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1026 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1025 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1027 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1027 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1028 was blocked for exceeding rate limits and it is full of such lines. Server is up to date, protocol 48, steam. But we felt lags and CPU load was 80% :| Could you help me? :D What i should make to prevent my server from ddos? Thanks ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Somebody is dosing my server, how to prevent it?
Ban the entire /24. Pawel wrote: Because this IP is from neostrada, polish Internet which has dynamic ip ;) So this haker can reconnect and will get new IP :/ On Mon, Nov 17, 2008 at 10:43 PM, Steve [EMAIL PROTECTED] wrote: why don't you just drop the IP at your firewall? Ban the IP? Set up a script that checks the serverlogs periodically for these message and auto-ban IP's that trigger the rate limits often? Pawel wrote: Hi, Today in logs i found: L 11/17/2008 - 21:56:03: Traffic from 83.4.116.235:4996 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4997 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4998 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4999 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4998 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1025 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1026 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1025 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1027 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1027 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1028 was blocked for exceeding rate limits and it is full of such lines. Server is up to date, protocol 48, steam. But we felt lags and CPU load was 80% :| Could you help me? :D What i should make to prevent my server from ddos? Thanks ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Somebody is dosing my server, how to prevent it?
Do a tcpdump and see what hes doing first. Then decide how to block it. On Mon, Nov 17, 2008 at 1:52 PM, Pawel [EMAIL PROTECTED] wrote: Because this IP is from neostrada, polish Internet which has dynamic ip ;) So this haker can reconnect and will get new IP :/ On Mon, Nov 17, 2008 at 10:43 PM, Steve [EMAIL PROTECTED] wrote: why don't you just drop the IP at your firewall? Ban the IP? Set up a script that checks the serverlogs periodically for these message and auto-ban IP's that trigger the rate limits often? Pawel wrote: Hi, Today in logs i found: L 11/17/2008 - 21:56:03: Traffic from 83.4.116.235:4996 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4997 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4998 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4999 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:4998 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1025 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1026 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1025 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1027 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1027 was blocked for exceeding rate limits L 11/17/2008 - 21:56:04: Traffic from 83.4.116.235:1028 was blocked for exceeding rate limits and it is full of such lines. Server is up to date, protocol 48, steam. But we felt lags and CPU load was 80% :| Could you help me? :D What i should make to prevent my server from ddos? Thanks ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux -- - [EMAIL PROTECTED] ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux