AAO25.com
Assist => Support => Server Support => Topic started by: WraShadow on Monday, October 02, 2017, 11:27:18 AM
-
Hi. Just yesterday my server expiration date came to pass but I've learned how to deal with the attacks. The first rules I applied made so my server would never go down when under attack but we still experienced a lot of lag when it was under. That is, until I blocked most of the IP's doing it.
The list of IPS under were blocked over 3.000.000 times in the last 10-11 days. I hope the list helps. If you need rules to batch, lemme know.
190.129.105.104
183.239.183.68
74.83.81.167
201.254.154.55
190.129.105.124
59.127.32.176
191.80.173.130
202.198.72.253
201.254.21.63
205.209.65.66
216.58.36.108
201.179.209.97
218.111.133.17
190.51.32.131
201.254.191.76
144.92.44.100
191.82.223.38
46.10.56.27
183.237.118.143
181.20.147.98
201.254.181.2
186.61.157.128
190.50.248.211
123.135.226.183
201.178.126.171
27.219.2.201
120.236.136.227
181.27.225.59
190.129.101.42
191.82.200.27
24.97.239.214
216.67.91.94
191.80.143.196
181.20.140.228
59.127.59.53
200.68.73.141
190.129.100.12
191.84.68.202
153.35.85.34
190.175.165.135
191.85.140.24
-
That little amount of IPs? Well, thanks for letting people know.
-
They needed a lot to even try to break my VPS lol
-
sometimes REJECT is better than DROP, but it means sending a "replying" to the source.
-
sometimes REJECT is better than DROP, but it means sending a "replying" to the source.
I really dont know. Maybe its the best choice. For the record, I dropped and worked fine. Maybe it had worked even better if I rejected. Never tried that.
-
when my servers are under attack, then 10'000 different IP's are involved. if someone want a log about, let me know.
-
Question is pancio.... still able to play????
-
when my servers are under attack, then 10'000 different IP's are involved. if someone want a log about, let me know.
I'm not saying it was just those IP's. Those stood out the most. I couldnt be bothered to look at 10 connections per IP per attack. The amount of connections that little list of IPs made feels like Amplified. I've theorized it was happening a couple months ago, therefore blocking those IP's. On top of the general rules, it seems to have stopped.
I've never had the time to configure something but, if you can, you should try. Its easy. Having an echo of the output of the attacks into txt file. Create a bot to run every 60 seconds. This bot could use a regular expression to find lines with the IP's and create queries. Have the bot trigger shellscript batch with the instructions.