Malice Posted June 28, 2013 Posted June 28, 2013 So our clan server, The Final Chapter, got a padawan connected that immediately scripted some ASCII that formed the TNG logo. Just before I could amban him because I knew something shady was coming, we were crashed by a cvar flood attack. We're using JA+ 2.3 combined with JASS 3.1.0 so we should have been protected from such a flood. Our server is privately hosted and not yet capable of instant logging so we don't have a log of the scripted flood. The host was watching realtime as it happened though and said it was just a stream of random cvars (not sure which ones, they went so fast). Any help on how to protect from this sort of attack in the future would be greatly appreciated. Thanks!
Futuza Posted June 28, 2013 Posted June 28, 2013 Can you give us a better idea of the cvar's used in the attack?
Malice Posted June 28, 2013 Author Posted June 28, 2013 I really wish I could. Our host could see them flooding and saw they were game cvars, but he couldn't tell which ones they were. They went by so fast. The logo had a lot of .(_). looking things in it though. I've seen other scripters flood with a bunch of those sorts of characters to bypass the flood protect before they hit with an attack. If there are more questions about this, I'm not sure what else I can tell you, though. This is all that happened, and all our mod info. JA+ has flood protect. JASS has flood protect. They flooded with cvar strings. So somehow they are bypassing flood protect. If others who have been attacked like this could post logs of the attack, it might help,. But unfortunately we're not capable of doing that, because it never hit our log.
Link Posted June 28, 2013 Posted June 28, 2013 Ah this, yeah its circulated around the usual people and thus become more popular lately. I believe JACoders are aware of it, at least Raz is any way.
Malice Posted June 28, 2013 Author Posted June 28, 2013 That's good. I was hoping to provide more information for them, but unfortunately all I can tell is that they are somehow bypassing the flood protect with strings of punctuation from what I can tell, lots of ". . . ." stuff or whatever. It seems just the ASCII artscene style logo that was launched first is what did it, though perhaps they're using some sort of backloading thing in conjunction with it? Not really entirely sure how they are doing it, but it seems pretty basic and should be an easy fix if Raz0r has ideas about how they're doing it.
Futuza Posted June 28, 2013 Posted June 28, 2013 The ascii artscene logo is highly unlikely to be the cause of the security hole. That's likely just their little tag they're sticking on their 'hack'. I would try to check with Razor via pm or by jumping in onto the irc for jacoders if this is an urgent issue.
Malice Posted June 28, 2013 Author Posted June 28, 2013 Not totally urgent. There was a ddos earlier this morning, then this attack later in the afternoon. If it escalates, I'll seek him out. Thanks.
Raz0r Posted June 29, 2013 Posted June 29, 2013 I lurk. Known issue, fixed it a while ago but it requires engine modifications. Shouldn't be an issue if you're able to use the OpenJK dedicated server.
Malice Posted June 29, 2013 Author Posted June 29, 2013 OpenJK? Not familiar with it. JAPlus is what people demand we run. Is OpenJK capable of all the features people demand of our server? i.e. flipkick, emotes, isolated duels, etc.? If so, I'm on it!
Malice Posted June 29, 2013 Author Posted June 29, 2013 or by jumping in onto the irc for jacoders ...What exactly is the chan for this? I assume it's on quakenet...
Fighter Posted June 29, 2013 Posted June 29, 2013 OpenJK? Not familiar with it. JAPlus is what people demand we run. Is OpenJK capable of all the features people demand of our server? i.e. flipkick, emotes, isolated duels, etc.? If so, I'm on it!OJK's dedicated server would just replace the JampDed.exe, not the JA+ mod. Also, the IRC is at irc.arloria.net:6667 channel #JACoders
Futuza Posted June 29, 2013 Posted June 29, 2013 OJK's dedicated server would just replace the JampDed.exe, not the JA+ mod. Also, the IRC is at irc.arloria.net:6667 channel #JACodersIn otherwords it should be perfectly compatible with all your mods. Also if you are using firefox going to this will open up irc in mibbit: irc://irc.arloria.net/#JACoders
Malice Posted June 29, 2013 Author Posted June 29, 2013 Hey! Thanks guys! I will let our server admin know immediately and get him started on this. Sounds like an easy fix!
eezstreet Posted June 29, 2013 Posted June 29, 2013 JA+ might be incompatible with it, I've heard of crashes at least on the client. Exercise some caution.
Ory'Hara Posted June 29, 2013 Posted June 29, 2013 mmmm, jawa and JP seem to be runnin ja+ fine with openjk despite the reported attacks from motu.
Shadzy Posted June 29, 2013 Posted June 29, 2013 DOnt say shady, ppl will think its me XD We experience them too, mostly cause they like to hate. I follow development of OpenJK, really is progressing nicely!
Malice Posted June 30, 2013 Author Posted June 30, 2013 Seems we're running off the OJK ded executable now (did not have to run the binary), running JAplus, and actuallygot JASS configured to work...apparently that was half our problem, it wasn't working right. Seems that not only OJK may help with the flood protect and such, but it's also giving us a more optimized connection for many members. It's a Euro server, I was consistently getting about 140-180 ping. Now I'm a steady 120.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now