[Proxy Setup Guide (Hide VPS IP)]

On 4/30/2019 at 3:59 PM, Foob said:

Hello there,

Some of you might know this already and maybe have read the original guide for it. But for those who doesn't know it yet, see below.

 

Thank your guide.

I have a question, I follow the guide and success to login my server.

But in server,  all player ip will be proxy ip, how can fix it?

 

example

Quote

 

main vps ip: 111.111.111.111

proxy ip:111.111.111.112

player ip:111.111.111.113

 

player use script command "getcharip()"   or  mysql `login` `last_ip`

got the proxy ip (111.111.111.112) , not  player ip (111.111.111.113)

[When mob trace player will LAG?]

same as 

I found some player maliciously aggregated the monsters, it let my server all player lag.

When about 150 monster trace a player

Server will be very lag,   all map player feel  lag ,  not only that map.

But only trace will be lag,  if monster around the player and attack , it will not lag.

 

I try to modify conf\battle\monster.conf

Quote

// How often should a monster rethink its chase?
// 0: Every 100ms (MIN_MOBTHINKTIME)
// 1: Every cell moved
// 2: Every 2 cells moved
// 3: Every 3 cells moved (official)
// x: Every x cells moved
// Regardless of this setting, a monster will always rethink its chase if it has 
// reached its target. Increase this value if you want to make monsters continue
// moving after they lost their target (hide, no line of sight, etc.).
monster_chase_refresh: 6

 

Quote

// Mobs and Pets view-range adjustment (range2 column in the mob_db) (Note 2)
view_range_rate: 50

but still lag 
 

My test computer CPU / ram / rathena version

computer-1  : Intel(R) Core(TM)i7-8700  3.20GHz  3.19GHz      ram 16G   64bit

computer-2  : intel(R) Xeon(R) CPU X5650 2.67GHz 2.67GHz   ram 32G   64bit

Rathena 2019-03-28 
Hash version 339e6c6

Client version:20180620
 

And I try to use my old Rathena about 2018-03  with same computer

Didn't have this problem, I aggregated about 1000 monsters ,  it would not lag 

Only new Rathnea have this problem

I also try to download the newest Rathena 2019-05-17   hash version 40cc613

no any modify , no any custom script, but still happened
 

How can I do to fix this problem?

Thank you!!!

[Npc can't auto trigger not moving player]

12 hours ago, Sehrentos said:

I'm not quite sure what you mean, like this perhaps?

job_sword1,117,238,1    script    electricity    1002,1,1,{
OnTouch: // Player has entered NPC's area
  warp "prontera",155,187;
  end;
OnInit:
  npcspeed 60;
  npcwalkto 130,250;
  end;
} 

You can increase the NPC's area of effect: 1002,2,2,{

But i'm not sure if OnTouch event will work on moving NPC's.

 

if NPC's moving to player around and player not moving,then will not  trigger OnTouch

Now I used

for {

getmapxy

getareausers ,

}

it's work.

Thank you

[Npc can't auto trigger not moving player]

I know auto trigger can't trigger not moving player

But that's OK on not moving npc.

 

Now I want use a moving npc to auto trigger player.

like this:

Quote

job_sword1,117,238,1    script    electricity    1002,1,1,{
     warp "prontera",155,187;
     end;
OnInit:
    npcspeed 60;
    npcwalkto 130,250;
    end;
}

 

But player not moving will not warp to prontera.

I think maybe can use

0.for loop

1.getmapxy  => to get npc position

2.getareausers => to get npc position area users, if getareauser >0   areawarp

3. sleep 100

But if I had 50+ moving npc, maybe that will Consume a lot of CPU resources?

Have other better method to auto trigger not moving player?

Thank you!!

[mutiple network question]

My anti-ddos host have 2 independent network

1. only access my country IP

2. all IP access

 

I saw some private server can use 2  independent network in the same time

And 2 network online player can saw each other (mean in the same server,  not 2 server)

And he login/char/map server network all independent.

It mean:

1. login_ip_1 char_ip_1 map_ip_1  (only access my country IP)

2. login_ip_2 char_ip_2 map_ip_2  (all IP access)

 

In RACN can config mutiple ip in char_athena.conf&map_athena.conf like this:

map_ip: 111.111.111.111,222.222.222.222

 

How can do that in RA?

I think him not use RACN, beacuse his server had gepard shield.

I try to use subnet_athena.conf

But failed.

only can do like this

 

Thank you!

[Can Rathena compatible with HTTP? (because anti-DDOS)]

19 hours ago, Lighta said:

Hmm even if we did, you'll have to modify your client to force him to use http too.

Now that not impossible but I feel is not the good way as imo it would be more work then to edit the filter. I don't get how that application gateway can work protect on http but not tcp.

Now hmm why do you want all server to be protected ? what the common way of attack ? Do they spam a particular port which then result in ddos ? Should protecting login only would be enough ?

Anyway you could change rA to use http, I would suggest use http2 and protobuf to do this. This should be done in pair with client so whatever you choose as long the client is happy with it is fine. Just keep in mind that you want persistent connection cause the default for http is a connection per request.

Now what I would really do in your shoes, (beside asking wtf if that protection only for http), is:
1) put all your login-serv / char-serv / map-serv on private ip say 10.*
2) Host or rent a VPN server that will allow your user to join the private network of your servers. (preferably on another device, this will allow that even if this get attack only the vpn ddos but not the actual game servers).

Now only protect this VPN server and voila you all good. People should be able to ddos your server cause they don't know their addresses. (at least not in this way if they flood once connected that another matter..).
Instead of having to modify both client and server you modify none. And just ask your user to launch their vpn client first.
 

Because I used wireshark , found after login to game, map server will direct connect to user.

So if attacker attack my map server port&IP,  online player will disconnect.

maybe I was wrong?

 

 

Using VPN and all in private is a good idea, thank you

[Can Rathena compatible with HTTP? (because anti-DDOS)]

10 hours ago, sader1992 said:

for DDos attack here is my suggestion

never test that but it can be done

first limit the bandwidth per IP the player does not need more then 10 KB/s (you can put it like 25 ?)

so this will protect you from the bandwidth overload

for the ports also you can limit the access per IP (make it like 10 per IP or even more  )

those two things if you can do them then you did a lot of protection without any hard work

as i said i never did that (on linux) but it's possible

HOWEVER if you did that you would need to make an exception for your IPs /sql IPs/website IPs/etc

also as lighta said you can rent vpn and make the connection to the server via that vpn so the players wont really see the vps ip they will see the vpn ip and you can get more then one vpn

by doing that the DDos attack will go to the vpn not the server it self << (also didn't test that before but it's possible too)

 

When I used google cloud,I tried to use google cloud network to limit the bandwidth per IP , limit the access per IP.

But still disconnect.

 

Maybe using many VPN was good idea.

Thank you!

[Can Rathena compatible with HTTP? (because anti-DDOS)]

7 hours ago, Hurtsky said:

i still in testing OVH, but the ping i get is around 50-60ms (ASIA). @bluesky

 

I rent OVH in two month before.

But in my country, ping about 120~240ms

And now I testing ping to OVH, still get 130ms.

[<ITEML> bug that me crash]

33 minutes ago, Functor said:

Hello! You can block it on the server side.

Open ../src/map/clif.c and in the function clif_process_message after:

	if (sd->sc.cant.chat)
		return false; //no "chatting" while muted.

add:

	if (strstr(out_message, "<ITEM>") != NULL && strchr(out_message, '%') != NULL)
	{
		return false;
	}

Recompile the server. ;-)

 

Thanky you

I will try it.

And I very like your gepard shield

It's great.

[<ITEML> bug that me crash]

If player talk

<ITEML>  bla bla bla ...  </ITEML>

bla bla bla was not exist item

Then all saw his talk player will crash.

He was directly type the words,  not use  SHIFT + left-click.

 

How can I disable <ITEML> ?

I used 20160203 client

 

Thank you

[Can 2 login server => 1 char => 1map?]

Now I had 3 computer, 3 IP

Can 2 login server => 1 char => 1map?

like this image:

 

Because I want protection my map server.

If login & char+map in different IP.

when attacker attack my login server_1(public_ip_1),

My Online player still can player.

But can't login untill attack finished.

 

So If I had 2 login server => 1 char => 1map ,  the player can use login_server_2(public_ip_2) login into my server.

 

Thank you!!

[Can Rathena compatible with HTTP? (because anti-DDOS)]

Hello I'm come from https://github.com/rathena/rathena/issues/2654

I realy hope Rathena can compatible with HTTP

Maybe like this image?

Because nowaday, ddos attack was very frequently.
In my country, almost 90% server had under ddos attack.
If Rathena can support http forward to TCP, That's will help us a lot.
Even AZURE had ddos protection standard, but in fact I was under DDOS attack to disconnect.
So AZURE Technical service staff suggestion me to use Application GateWay.
But Rathena used TCP, AZURE Application GateWay used HTTP.

And I tried to use many server like
1.Google colud compute , Only can anti a few ddos
2.OVH , Can anti-ddos, but ping about 120~240ms...
3.other Asia anti-ddos server (about 500~1000usd/month), Only can anti a few ddos
4.AZURE , Can anti "most" ddos, and ping about 35~50ms , and cheap (about 350usd/month).

So AZURE maybe was the best choice for Asia.

Thank you!!!

[How can hide IP in wireshark?]

1 hour ago, sader1992 said:

 

hi sader1992

thank you reply

 

I found this server have my question

http://angel-ro.com/?module=main

 

maybe he was not hide IP, it's other method?

I tried to use wireshark to get ip, only can get 192.168.87.111

and DST-port : notify-srvr(3016)

seems not real server ip or vpn ip

he used gepard shield, maybe is gepard shield that me can't get real IP?

[How can hide IP in wireshark?]

I found some server can hide IP

I can't easy to use wireshark to get IP

maybe he used CDN?

but I search some post,  they said CDN can't not use on rathena

 

I think this hide IP method can help my server to avoid some low level ddos user

Have somebody know how to hide IP?

Thank you !!

[How to save map by browedit2.0?]

14 hours ago, Azura Skyy said:

OK~

Thank you~

 

[How to save map by browedit2.0?]

I used the newest browedit2.0

https://github.com/Borf/browedit

 

But the newest browedit2.0 not found save option button

like this

 

 

Although I used older version can find save option button

like this

But the older version seems cannot edit "where can walk   where cannot walk"

 

How to save map by browedit2.0?

Thank you~

[How could I convert Integer to String?]

OH. the problem is fixed.

I was wrong in other place.

this code can work, needless convert.

---------------------------------------------------

I want covert Integer to String  ,  and put in variable

like this

 

set .@num,1;

set .@string$,.@num;

 

How could I conver it?

Thank you!!!