DDoS attack from Wolfenstein ET Servers. Developers, please fix the exploit.

UJERebel · 2012-01-26 18:44:18 UTC

I don’t this there should be a ‘;’ behind and if in unix scripts.

But it could really be i’m wrong, but it’s worth giving a shot removing it

schnoog · 2012-01-26 20:22:02 UTC

The ; is right there because no newline between the if statement and the then action
But it seems like the newlines where grapped away by editing the script with a non-unix editor and safed with windows newline

razor · 2012-01-26 21:14:19 UTC

Hi !

Sir Schnoog you be all right

Thank you SO MUCH !!

Big Thank you to all the persons that have created and worked on this script !

The data of the script have been corrupted while the transfer because the Server have been too much under attack :o

Thank you to all for your Help for your answers

example of the list of all the attacks requests at the same time for 1 second :o :

581 Requests per second

470 Requests per second

139 Requests per second

632 Requests per second

131 Requests per second

914 Requests per second

3485 Requests per second

81 Requests per second

212 Requests per second

40 Requests per second

Patriotqube · 2012-01-27 07:51:53 UTC

Yes looks like ours

You do have it running so it scans pretty often right?

razor · 2012-01-27 12:04:11 UTC

It seems to do the job

tjimboo · 2012-01-27 14:34:15 UTC

any general solution for admins using windows?
we made some own modification but they only work for us so think some windows would need this to.

tjimboo · 2012-01-27 16:35:09 UTC

@bottiger u could also mod ur own game so it dont reply when u get DoS…

BigBear · 2012-01-27 21:13:58 UTC

Hi!

In that case it require a good coding level and to be sure to well manage dependencies

TheSgtBilko · 2012-01-28 03:16:37 UTC

I’d suggest googling what they do in COD community in regards of fw settings instead of hoping for a fix.

diaboliksmart · 2012-01-28 07:28:53 UTC

[QUOTE=tjimboo;392110]any general solution for admins using windows?
we made some own modification but they only work for us so think some windows would need this to.[/QUOTE]

Already tried with the Windows security-policies Use Windows to block IP’s and IP ranges … but it has never-worked for me
Another way should be in the Firewall you use.
And very last solution is to migrate the schnoog script-shell on Windows Power Shell …

BigBear · 2012-01-30 06:22:03 UTC

Hi !

For Windows Perhaps more easy with this Python script ? :

http://www.splashdamage.com/forums/showthread.php/30480-Serwer-lag-why

But I ask me if the Python script do not risk to slow too much the Server ??
I do not know, perhaps a good script like some seems to say…

I have not tested the Python script because I use the “Oldman” and “Shnoog” script, this is the only reason with I cannot say more

tjimboo · 2012-01-30 10:26:28 UTC

[QUOTE=$mart;392142]Already tried with the Windows security-policies Use Windows to block IP’s and IP ranges … but it has never-worked for me
Another way should be in the Firewall you use.
And very last solution is to migrate the schnoog script-shell on Windows Power Shell …[/QUOTE]

what u wanna do with it? As i know there is no function on filter traffic and then add to a block policy. We made it so the game makes a logfile and then we read from that logfile and use netsh to add ip to a block policy. pm me if u wanna know more and ill try help.

BigBear · 2012-02-04 19:47:35 UTC

Hi!

Do you think it is normal to got those amount of attacks in just a week ?

http://www.eurobunkerarena.com/listofban.zip

I think we need new version of ETDED ! Compatible 2.55 and 26X and too that display in Server List to client the Both protocols : it mean all 2.55 and all 2.6X servers version should appear in any version of client (and if servers names appear in double it is not a problem). The 2.55+ servers do not appear in 2.6X client !
Please free the server of using ETfacade and things like that !

Have not someone already use their own Reengineered EDED 2.55+ version they keep for their own usage ?
If yes, please open your ETDED version.

For me WET servers require an all included improved security

The problem is really serious and it is really annoying !

Thank you to all for your future Help keeping WET alive and Open to all fair play players : without barriers or chains !

Nitrox1 · 2012-02-04 22:21:39 UTC

I started working on “ETFix”, the goal is to fix known 2.60b problems and add some extra features if needed.

Currently it has an experimental fix for the getstatus exploit, allowing only 6 requests in a row from the same IP, once the request limit has been reached for this IP, server will not respond to getstatus requests from this IP for 10 seconds.

My coding knowledges are far from being perfect so please don’t judge me on what i coded there… As i said it’s experimental and it’s gong to be improved with time ^^

I tested the fix and it worked, it was able to handle around 4000 requests per seconds without any noticeable lag.

I also added a new server cvar “sv_protocolCheck”, default value is 1, which means server will check client protocol and reject connection if it is different. If you set this cvar to 0, server will not check client protocol and allow the connection.

You can get the source code at https://www.assembla.com/spaces/etn

I did not try to compile linux version yet, but if you can’t do it i’m pretty sure someone on these forums will be able to do it for you (hopefully).

Anybody interested to join the ETFix project can send a mail to admin at etmods dot net

OldMan2011 · 2012-02-05 12:54:29 UTC

I did not try to compile linux version yet, but if you can’t do it i’m pretty sure someone on these forums will be able to do it for you (hopefully).

After some difficulty I recompile the Linux version now succeeded. I’ll test it.

:stroggbanana:

Thank N!trox !

Greetings

OldMan

OldMan2011 · 2012-02-05 15:24:46 UTC

it seems to work …

but no indication at Splatterladder and Trackbase. No server information in XQF Serverbowser, Bots are listed as a player.

:rolleyes:

Nitrox1 · 2012-02-05 20:17:27 UTC

Last time i tested with HLSW it worked (seems that HLSW sends 1 getstatus requets/second), i’m not sure how many getstatus requests trackbase and splatterladder send to servers, and the interval between these requests, maybe someone can tell us a little more about this.

I could also add an “IP Whitelist” feature, so requests from these IP’s would never be ignored.

I will probably work on ETFix tonight when i go back home.

EDIT: I tested with hlsw, works, just 10 sec timeout when queries limit is reached. Same with XQF.

EDIT2: For those who can’t build etded.x86 for Linux, i’ve added it to the SVN

Nitrox1 · 2012-02-06 06:33:19 UTC

Bots are not counted as players in XQF:

OldMan2011 · 2012-02-06 13:22:21 UTC

Ok, I have now downloaded the source again and recompiled. The displays in XQF and track base are now correct. At the map rotation Splatterladder looks a little strange. Server be sometimes appear to be offline.

A (editable?) whitelist would be a good idea.

Otherwise it seems to work really well.

Sporadic server does not display on my homepage.

zbzero · 2012-02-06 16:18:58 UTC

idk if im going to be stupid asking this but this etfix will support PB in the server?? If im not wrong the source code not include the PB stuff in it or im wrong??