Advertisement
Page 1 of 1
Anyone else got DDOSed?
#1
Posted 05 October 2010 - 09:26 AM
Hi,
I'm one of the admins of Sexy's 4.1 CTF - we started to get DOSed on Saturday frome some IP ranges from Poland: rybnet.pl, algrim.pl and NETCITY-KIELCE so far (status from Monday).
So, I'm wondering: are we the only UrT server that got attacked?
PS: I hope this is the right place to ask this question. Please move this somewhere else if I'm mistaken.
I'm one of the admins of Sexy's 4.1 CTF - we started to get DOSed on Saturday frome some IP ranges from Poland: rybnet.pl, algrim.pl and NETCITY-KIELCE so far (status from Monday).
So, I'm wondering: are we the only UrT server that got attacked?
PS: I hope this is the right place to ask this question. Please move this somewhere else if I'm mistaken.
Caco, ergo sum!
#3
Posted 05 October 2010 - 10:56 AM
naixn (another admin) handled the situation, I'll detail what he told me:
1. The UrT server was targeted with bogus packages, so this is why I posted it here.
2. The last iptables drop rule was added yesterday evening. I guess we'll have to wait 1-2 more days, to see if they switch to another host (they switched hosts 3 times already).
In the mean time, I hope we can get our host to write a formal complain to the ones in Poland.
If we're the only ones having trouble with this, it means we pissed off a cheater; some like to threaten us when we ban - the last ones were a group playing from a common IP that resolved to gw-ext.tagus.ist.utl.pt (193.136.166.125), the previous week.
1. The UrT server was targeted with bogus packages, so this is why I posted it here.
2. The last iptables drop rule was added yesterday evening. I guess we'll have to wait 1-2 more days, to see if they switch to another host (they switched hosts 3 times already).
In the mean time, I hope we can get our host to write a formal complain to the ones in Poland.
If we're the only ones having trouble with this, it means we pissed off a cheater; some like to threaten us when we ban - the last ones were a group playing from a common IP that resolved to gw-ext.tagus.ist.utl.pt (193.136.166.125), the previous week.
This post has been edited by SailorMon: 05 October 2010 - 10:58 AM
Caco, ergo sum!
#4
Posted 05 October 2010 - 11:03 AM
A temporary solution would be to do a range ban and block everyone trying to connect to the server from Poland for few days.. It might keep them away from the server.
BTW i found a match for the IP address you posted, last active september 30'th, geotool says he's from Portugal.
BTW i found a match for the IP address you posted, last active september 30'th, geotool says he's from Portugal.
This post has been edited by Rav3n: 05 October 2010 - 11:07 AM
Advertisement
#7
Posted 05 October 2010 - 12:54 PM
It's weird that they targeted yourself, and specifically a game server! I mean... that's someone with a grudge.
You will probably find that your getting flooded from Open "proxies" so i would not trust at all that the IPs from which you are getting the attack is the source of the abuse.
You will probably find that your getting flooded from Open "proxies" so i would not trust at all that the IPs from which you are getting the attack is the source of the abuse.
#8
Posted 05 October 2010 - 12:59 PM
I'll post an update if/when we'll know more about it.
The fact that they went for the UrT server is why I decided to ask if we're the only ones getting attacked - which, I guess, is the case.
The fact that they went for the UrT server is why I decided to ask if we're the only ones getting attacked - which, I guess, is the case.
This post has been edited by SailorMon: 05 October 2010 - 01:00 PM
Caco, ergo sum!
Page 1 of 1
1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users
Advertisement