TnG flood attack

[Malice]

So our clan server, The Final Chapter, got a padawan connected that immediately scripted some ASCII that formed the TNG logo. Just before I could amban him because I knew something shady was coming, we were crashed by a cvar flood attack. We're using JA+ 2.3 combined with JASS 3.1.0 so we should have been protected from such a flood. Our server is privately hosted and not yet capable of instant logging so we don't have a log of the scripted flood. The host was watching realtime as it happened though and said it was just a stream of random cvars (not sure which ones, they went so fast).

 

Any help on how to protect from this sort of attack in the future would be greatly appreciated. Thanks!

[Futuza]

Can you give us a better idea of the cvar's used in the attack?

[Malice]

I really wish I could. Our host could see them flooding and saw they were game cvars, but he couldn't tell which ones they were. They went by so fast. The logo had a lot of .(_). looking things in it though. I've seen other scripters flood with a bunch of those sorts of characters to bypass the flood protect before they hit with an attack.

 

If there are more questions about this, I'm not sure what else I can tell you, though. This is all that happened, and all our mod info. JA+ has flood protect. JASS has flood protect. They flooded with cvar strings. So somehow they are bypassing flood protect. If others who have been attacked like this could post logs of the attack, it might help,. But unfortunately we're not capable of doing that, because it never hit our log.

[Link]

Ah this, yeah its circulated around the usual people and thus become more popular lately. I believe JACoders are aware of it, at least Raz is any way.

[Malice]

That's good. I was hoping to provide more information for them, but unfortunately all I can tell is that they are somehow bypassing the flood protect with strings of punctuation from what I can tell, lots of ". . . ." stuff or whatever. It seems just the ASCII artscene style logo that was launched first is what did it, though perhaps they're using some sort of backloading thing in conjunction with it? Not really entirely sure how they are doing it, but it seems pretty basic and should be an easy fix if Raz0r has ideas about how they're doing it.

[Futuza]

The ascii artscene logo is highly unlikely to be the cause of the security hole.  That's likely just their little tag they're sticking on their 'hack'.  I would try to check with Razor via pm or by jumping in onto the irc for jacoders if this is an urgent issue. 

[Malice]

Not totally urgent. There was a ddos earlier this morning, then this attack later in the afternoon. If it escalates, I'll seek him out. Thanks. 

[Raz0r]

I lurk.

 

Known issue, fixed it a while ago but it requires engine modifications. Shouldn't be an issue if you're able to use the OpenJK dedicated server.

[Malice]

OpenJK? Not familiar with it. JAPlus is what people demand we run. Is OpenJK capable of all the features people demand of our server? i.e. flipkick, emotes, isolated duels, etc.? If so, I'm on it!

[Malice]

 or by jumping in onto the irc for jacoders ...

What exactly is the chan for this? I assume it's on quakenet...

[Fighter]

OpenJK? Not familiar with it. JAPlus is what people demand we run. Is OpenJK capable of all the features people demand of our server? i.e. flipkick, emotes, isolated duels, etc.? If so, I'm on it!

OJK's dedicated server would just replace the JampDed.exe, not the JA+ mod.

 

Also, the IRC is at irc.arloria.net:6667 channel #JACoders

[Futuza]

OJK's dedicated server would just replace the JampDed.exe, not the JA+ mod.

 

Also, the IRC is at irc.arloria.net:6667 channel #JACoders

In otherwords it should be perfectly compatible with all your mods.  Also if you are using firefox going to this will open up irc in mibbit: irc://irc.arloria.net/#JACoders

[Malice]

Hey! Thanks guys!  I will let our server admin know immediately and get him started on this. Sounds like an easy fix! 

[eezstreet]

JA+ might be incompatible with it, I've heard of crashes at least on the client. Exercise some caution.

[Ory'Hara]

mmmm, jawa and JP seem to be runnin ja+ fine with openjk despite the reported attacks from motu.

[Shadzy]

DOnt say shady, ppl will think its me XD

 

We experience them too, mostly cause they like to hate.

 

I follow development of OpenJK, really is progressing nicely!

[Malice]

Seems we're running off the OJK ded executable now (did not have to run the binary), running JAplus, and actuallygot JASS configured to work...apparently that was half our problem, it wasn't working right. Seems that not only OJK may help with the flood protect and such, but it's also giving us a more optimized connection for many members. It's a Euro server, I was consistently getting about 140-180 ping. Now I'm a steady 120.