league admin
Hi,
I'm one of the admins of Sexy's 4.1 CTF - we started to get DOSed on Saturday frome some IP ranges from Poland: rybnet.pl, algrim.pl and NETCITY-KIELCE so far (status from Monday).
So, I'm wondering: are we the only UrT server that got attacked?
PS: I hope this is the right place to ask this question. Please move this somewhere else if I'm mistaken.
Advertisement
Page 1 of 1
Anyone else got DDOSed?
Rate Topic:
#1
sC`SailorMo-n 
Posted 05 October 2010 - 09:26 AM
Caco, ergo sum!
MultiQuote
#3
sC`SailorMo-n
Posted 05 October 2010 - 10:56 AM
naixn (another admin) handled the situation, I'll detail what he told me:
1. The UrT server was targeted with bogus packages, so this is why I posted it here.
2. The last iptables drop rule was added yesterday evening. I guess we'll have to wait 1-2 more days, to see if they switch to another host (they switched hosts 3 times already).
In the mean time, I hope we can get our host to write a formal complain to the ones in Poland.
If we're the only ones having trouble with this, it means we pissed off a cheater; some like to threaten us when we ban - the last ones were a group playing from a common IP that resolved to gw-ext.tagus.ist.utl.pt (193.136.166.125), the previous week.
1. The UrT server was targeted with bogus packages, so this is why I posted it here.
2. The last iptables drop rule was added yesterday evening. I guess we'll have to wait 1-2 more days, to see if they switch to another host (they switched hosts 3 times already).
In the mean time, I hope we can get our host to write a formal complain to the ones in Poland.
If we're the only ones having trouble with this, it means we pissed off a cheater; some like to threaten us when we ban - the last ones were a group playing from a common IP that resolved to gw-ext.tagus.ist.utl.pt (193.136.166.125), the previous week.
This post has been edited by SailorMon: 05 October 2010 - 10:58 AM
Caco, ergo sum!
#4
Rayne
Posted 05 October 2010 - 11:03 AM
A temporary solution would be to do a range ban and block everyone trying to connect to the server from Poland for few days.. It might keep them away from the server.
BTW i found a match for the IP address you posted, last active september 30'th, geotool says he's from Portugal.
BTW i found a match for the IP address you posted, last active september 30'th, geotool says he's from Portugal.
This post has been edited by Rav3n: 05 October 2010 - 11:07 AM
#5
sC`SailorMo-n
Posted 05 October 2010 - 11:10 AM
We dropped all the IPs reserved to the listed providers - quite a few, but not the entire Poland :)
Caco, ergo sum!
Advertisement
#7
FS |HSO|RaideR
-
FS inactive member
Company Director & Lead Web Services Developer
Posted 05 October 2010 - 12:54 PM
It's weird that they targeted yourself, and specifically a game server! I mean... that's someone with a grudge.
You will probably find that your getting flooded from Open "proxies" so i would not trust at all that the IPs from which you are getting the attack is the source of the abuse.
You will probably find that your getting flooded from Open "proxies" so i would not trust at all that the IPs from which you are getting the attack is the source of the abuse.
#8
sC`SailorMo-n
Posted 05 October 2010 - 12:59 PM
I'll post an update if/when we'll know more about it.
The fact that they went for the UrT server is why I decided to ask if we're the only ones getting attacked - which, I guess, is the case.
The fact that they went for the UrT server is why I decided to ask if we're the only ones getting attacked - which, I guess, is the case.
This post has been edited by SailorMon: 05 October 2010 - 01:00 PM
Caco, ergo sum!
Page 1 of 1
1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users
Advertisement