servers warp

80 replies [Last post]
FASTER OF BORG
faster of borg's picture
Offline
Joined: Nov 2009
Posts:
Re: servers warp

All went fine, thanks EASY.

XTERMY [EN]
XTERMY's picture
Offline
Joined: Oct 2003
Posts:
Re: servers warp
"ZEZAO OF BORG wrote:

Thanks Hammer and Faster about all effort to restart servers Happy

Once Borg... Always Borg!

Lol zezao! Now start playing again at borg server or server will die xD

Wishful Thinking!
Offline
Joined: Sep 2010
Posts:
Re: servers warp

g'day all, I run Q3A servers for Australia, and even us over here are getting this 'data-leech' issue with the getstatus requests, I see the scripts on Page 4, however I see a mention of Linux/Debian, however, my servers are running on Windows Server 2008 (Standard), and I would like to know if that can be turned into something that can be used on a Windows OS.

This bug has been driving me crazy for months, and also affects Urban Terror (being on the same ports), Even when the ports are closed by Firewall, and no trace of the ports, the server still transmits data 3-5KB/sec per port, and sometimes can reach 150KB/sec (which is better than having them on, taking 2.4MB/sec Upstream Bandwidth).

So, what can I do to solve it this end of the world?.
Thanks.

Videos I Made:
JumpStart | Stream (Q3A Frag-Highlights)
Loss of Connection | Stream (QuakeLive Frag-Highlights)
The QuaTr!X | Download/Stream (Q3A Defrag)

Videos I'm In:
Fragger's Rock | HQ: Download (Q3A Frag-Highlights)
Anomaly | HQ: Download (Q3A Defrag)
Gateway 7 | HQ: Download (Q3A Defrag)

WASP*KILLER
Killer's picture
Offline
Joined: Feb 2005
Posts:
Re: servers warp
Wishful Thinking! wrote:

...This bug has been driving me crazy for months, and also affects Urban Terror...

Assuming you are using either Urban Terror 4.1/4.1.1 and have not copied its q3urt folder to Q3, thereby running it as a Mod, then there is an integrated ioq3 solution available.

Revision: 1762
Time: 03.01.2010 23:12
Author: tma
Path: code/server/sv_main.c (trunk)
Message: * Rate limit getstatus and rcon connectionless requests

The approved ioq3 code referred to above was created 2 years ago but probably has not made its way into UrT as 4.1 was released in 2007 and 4.1.1 was mainly a map and very minor bug release.

If you or a friend can recompile ioq3 1.35 or 1.36 with the revision as a Windows binary, then you can use the result on your server without affecting pure. This is an update to the ioq3 engine, it does not affect the UrT code in any way. The same technique is being used in OpenArena as 0.8.5 does not have the revision and we needed a solution prior to the release of OA 0.8.8.

Wishful Thinking!
Offline
Joined: Sep 2010
Posts:
Re: servers warp

Thanks for the much needed information, I do not know anything about programmer or any form of scripting nor do I know anyone that is able to do it for me. I can see I will be waiting a little while for something to get done for Windows, so I might ring up my provider and get them to change my IP address, as each day goes by, this bug is sending me into over charge fees, even when the ports are closed, my server tries to talk back to the stupid thing.

Videos I Made:
JumpStart | Stream (Q3A Frag-Highlights)
Loss of Connection | Stream (QuakeLive Frag-Highlights)
The QuaTr!X | Download/Stream (Q3A Defrag)

Videos I'm In:
Fragger's Rock | HQ: Download (Q3A Frag-Highlights)
Anomaly | HQ: Download (Q3A Defrag)
Gateway 7 | HQ: Download (Q3A Defrag)

cml
Forum moderator Rank moderator LIVING LEGEND
camel-xp's picture
Offline
Joined: Mar 2006
Posts:
Re: servers warp

Since Easy posted his solution about iptables rules to prevent spam flood on unix based systems I noticed that it not protect fully against this problem, our ISP provider called us about abuse report from some site about ddos attacks being performed from 2 of our root machines and posted a simmilar iptables rules to block it, since I added them I noticed imediatelly reduce of spam activity to 0, only incoming packets are coming, but not outgoing which produced the flood.

I am posting new rules for any admins that got q3 servers hosted on linux:
( sry no solution for windows yet )

-A OUTPUT -p UDP -m length --length 1162:1168 -j DROP
-A FORWARD -p UDP -m length --length 1162:1168 -j DROP
-A INPUT -p UDP -m length --length 1162:1168 -j DROP
-A INPUT -p UDP -m length --length 42 -m recent --set --name getstatus_cod
-A INPUT -p UDP -m string --algo bm --string "getstatus" -m recent --update --seconds 1 --hitcount 20 --name getstatus_cod -j DROP

those rules are suppose to be for cod game but they work aswel for q3
as far as I see

now simple example how to add them easily:

first save current iptable rules:
iptables-save > ddos.conf
then edit the ddos.conf file and add new rules at the bottom before the "COMMIT"
then flush whole rules:
iptables -F
and restore saved ddos.conf file:
iptables-restore < ddos.conf

Hope this will help, I will keep looking if those rules are fully protecting against flood spam.

Cyrax
Offline
Joined: Apr 2009
Posts:
Re: servers warp

You can try this precompiled binaries which have requested fix and many other useful features

I am proud of spreading a pirated Excessive Plus version and claim to be the original author, yay!

Wishful Thinking!
Offline
Joined: Sep 2010
Posts:
Re: servers warp

Also, I might just add, that apart from being Windows, I'm not running E+ servers, which makes my situation even more rare. Unlagged, Defrag and TeamArena is what I have in the Q3A department of servers, all of which have been affected by this, IPs coming from USA, Ukraine, Germany and many more places.

Would anyone here be interested in looking for a fix for Windows based Q3A servers, I normally have the entire physical server off due to the issue, which stuffs up Unreal Tournament 3, Teeworlds, Ventrilo and Mumble all running on the same box/IP.

cheers.

Videos I Made:
JumpStart | Stream (Q3A Frag-Highlights)
Loss of Connection | Stream (QuakeLive Frag-Highlights)
The QuaTr!X | Download/Stream (Q3A Defrag)

Videos I'm In:
Fragger's Rock | HQ: Download (Q3A Frag-Highlights)
Anomaly | HQ: Download (Q3A Defrag)
Gateway 7 | HQ: Download (Q3A Defrag)

FASTER OF BORG
faster of borg's picture
Offline
Joined: Nov 2009
Posts:
Re: servers warp
cml wrote:

Since Easy posted his solution about iptables rules to prevent spam flood on unix based systems I noticed that it not protect fully against this problem, our ISP provider called us about abuse report from some site about ddos attacks being performed from 2 of our root machines and posted a simmilar iptables rules to block it, since I added them I noticed imediatelly reduce of spam activity to 0, only incoming packets are coming, but not outgoing which produced the flood.

I am posting new rules for any admins that got q3 servers hosted on linux:
( sry no solution for windows yet )

-A OUTPUT -p UDP -m length --length 1162:1168 -j DROP
-A FORWARD -p UDP -m length --length 1162:1168 -j DROP
-A INPUT -p UDP -m length --length 1162:1168 -j DROP
-A INPUT -p UDP -m length --length 42 -m recent --set --name getstatus_cod
-A INPUT -p UDP -m string --algo bm --string "getstatus" -m recent --update --seconds 1 --hitcount 20 --name getstatus_cod -j DROP

those rules are suppose to be for cod game but they work aswel for q3
as far as I see

now simple example how to add them easily:

first save current iptable rules:
iptables-save > ddos.conf
then edit the ddos.conf file and add new rules at the bottom before the "COMMIT"
then flush whole rules:
iptables -F
and restore saved ddos.conf file:
iptables-restore < ddos.conf

Hope this will help, I will keep looking if those rules are fully protecting against flood spam.

Camel+ is your method will remove 3-6 percent losses.I am using EASY+ IPTABLES rules but it gives 3-6 percent losses time to time to all players.What make me upset some players call it laggy server because of these 3-6 percent losses.Any plan to have new e+ ver. to remove this hole.

cml
Forum moderator Rank moderator LIVING LEGEND
camel-xp's picture
Offline
Joined: Mar 2006
Posts:
Re: servers warp

I delete one rule from my firewall rules
-A OUTPUT -p udp -m length --length 1162:1168 -j DROP
I noticed it limits the bandwidth limit on autodownload, was like 1-2kb/s Happy
After deleting it is much faster.

//edit: maybe that was the cause for PB having lags or packets lost also, by that limits being enabled...