Advertisement
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Concerning Security

Comments in 'Tools' started by iamadpond, Aug 22, 2014.

  1. iamadpond
    Offline

    iamadpond Banned

    Joined:
    Aug 24, 2013
    Posts:
    191
    Minecraft User:
    iamadpond
    As I was making a player bot the other day I stumbled on something that most small scale servers should watch out for.
    As I was making the bot, I left out a end of line around the "ping" portion of the code and since the code was then designed to keep always online, these Ping process became zombie's but yet still pinged, moving on 10 minutes. There was 1,000 of these process that I never realised happened. I was testing it out on a random server I found at the time, Jon's sever. And eventually, and unintentionally, it became a dos (You can call it a ddos since there was a large amount of shells running it) and crashed his server unintentionally.
    Luckily my ISP locked me out for 10 minutes which caused me to search for what went wrong.

    Now that backstory is all set, we can move to my point.

    DDOS PROTECTION.

    You wouldn't realise it most small lets say 1GB vps server resellers ship your VPS without decent ddos protection. Or if they do, they ship it to you with null routing which basically just wreaks your internet connection while they wait for your sever to stop being under attack.

    What happens if I don't have DDOS protection?

    Well first you'll see small amounts of lag, then player locations will be muffled. And this continues until unplayable lag while the networking portion of the pocketmime code uses memory to accept socket connections and to keep them open. And when you're memory is gone, the server goes dead and crashes. If you've given most of your VPS' ram to the server , well then the VPS itself might crash. And that's bad news for data retention as Linux saves data in blocks to a storage medium , occasionally , not instantly to save performance.

    So what am I really saying?

    1) Good DDOS shield from providers, Arbor is am example a decent DDOS shield

    2) Implement IPTable blocking if the DDOS comes from the same source.

    3) Install a SSH guard if a DDOS is to hurt your VPS rather than your Server which will prove the same result

    4) Try to be nice to your players since most of them can't drive and might get "upset" and attack your server with the online tools of the internet that I'll not be mentioning.

    Slàn.
    Last edited: Aug 22, 2014
  2. Jon
    Offline

    Jon Active Member Plugin Developer

    Joined:
    Sep 1, 2013
    Posts:
    203
    Plugins:
    3
    Minecraft User:
    Heromine14
    Alright
    iksaku and 64FF00 like this.
  3. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,201
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    for better safety, its better to use that tool in your own network than to test at others.
    LDX, iksaku, Tuff and 1 other person like this.
  4. jython234
    Offline

    jython234 Notable Member Plugin Developer

    Joined:
    Nov 4, 2013
    Posts:
    324
    Plugins:
    1
    Minecraft User:
    jython234
    Should implement protection against this in blockserver.
    Smarticles101 and Tuff like this.
  5. Tuff
    Offline

    Tuff Active Member

    Joined:
    Jan 25, 2014
    Posts:
    203
    Minecraft User:
    Roboroug2
    Built in ddos protection in the server software? Nice.
    LDX likes this.
  6. iamadpond
    Offline

    iamadpond Banned

    Joined:
    Aug 24, 2013
    Posts:
    191
    Minecraft User:
    iamadpond
  7. iJoshuaHD
    Offline

    iJoshuaHD Notable Member Plugin Developer

    Joined:
    Nov 7, 2013
    Posts:
    1,201
    Plugins:
    4
    Minecraft User:
    iJoshuaHD
    seeing the project, its like only monitoring the incoming and outgoing packets etc
  8. ProjectInfinity
    Offline

    ProjectInfinity Active Member Plugin Developer

    Joined:
    Sep 7, 2014
    Posts:
    112
    Plugins:
    3
    Minecraft User:
    ProjectInfinity
    Having been the target of up to 10Gbps attacks during my time of hosting Minecraft (PC) servers I quickly learnt that there's no such thing as software DDoS protection.

    You need powerful hardware that is dedicated to filtering bad network packets.
    Dutok and Tuff like this.
  9. jython234
    Offline

    jython234 Notable Member Plugin Developer

    Joined:
    Nov 4, 2013
    Posts:
    324
    Plugins:
    1
    Minecraft User:
    jython234
    I ment protection against packet spam (ping for example).
    Tuff likes this.
  10. Elmo
    Offline

    Elmo Active Member

    Joined:
    May 9, 2014
    Posts:
    65
    Minecraft User:
    optrusty
    You literely crashed my game... XD at least you fixed it
    Was running Level-rewrite
  11. iamadpond
    Offline

    iamadpond Banned

    Joined:
    Aug 24, 2013
    Posts:
    191
    Minecraft User:
    iamadpond
    Depends on what you consider "Software" fail2ban would be an example of potential DDOS protection or brute force software defense against SSH logins on Unix systems in accordance with the firewall, but the same method could be regurgitated if a script kiddy is using something like LOIC that repeats its packet contents which would make it easy for a system similar to fail2ban defend against DDOS attacks.
  12. codmadnesspro
    Offline

    codmadnesspro Notable Member Plugin Developer

    Joined:
    Sep 11, 2013
    Posts:
    552
    Plugins:
    1
    Minecraft User:
    Codmadnesspro
    fail2ban wouldn't defend attacks from random ips. There are booters that send a packet from another IP ever time in the end bringing a server offline. Though I have nothing to worry about because of having ddos protection anyway.
    Dutok likes this.
  13. iamadpond
    Offline

    iamadpond Banned

    Joined:
    Aug 24, 2013
    Posts:
    191
    Minecraft User:
    iamadpond
    It would actually, depending on your timeout and leniency. The only way it would be under preforming if a DDOS network was harmonizing IP's to use them selves at certain points then have a cool off period and be removed from the "pool" and vise versa.
  14. Dutok
    Offline

    Dutok Notable Member Plugin Developer

    Joined:
    Jun 20, 2014
    Posts:
    372
    Plugins:
    3
    Minecraft User:
    Dutok
    OVH comes with very good and very cheap DDoS protection.. I'm guessing most people here use control panels and what not, so switching to unmanaged hosting might be difficult.
  15. codmadnesspro
    Offline

    codmadnesspro Notable Member Plugin Developer

    Joined:
    Sep 11, 2013
    Posts:
    552
    Plugins:
    1
    Minecraft User:
    Codmadnesspro
    OVH? Urgh look at their T'S&C's not even worth it, stay away from it.
    Worst t's&c's ever here
  16. Dutok
    Offline

    Dutok Notable Member Plugin Developer

    Joined:
    Jun 20, 2014
    Posts:
    372
    Plugins:
    3
    Minecraft User:
    Dutok
    They allow Minecraft (PocketMine) servers and have cheap DDoS protection, which is why I linked it.
  17. codmadnesspro
    Offline

    codmadnesspro Notable Member Plugin Developer

    Joined:
    Sep 11, 2013
    Posts:
    552
    Plugins:
    1
    Minecraft User:
    Codmadnesspro
    100mbps is rubbish and it's not as if you're actually going to get that amount maybe less.
    Yes ovh have good ddos protection but thats about it.
    Dutok likes this.

Share This Page

Advertisement