Jump to content
  • 0

"HELP: Server Leak or DDoS Indication?"

miracle

Asked by miracle,

 Share

Question

miracle Poring

miracle

Posted
  • Group:  Members
  • Topic Count:  8
  • Topics Per Day:  0.00
  • Content Count:  22
  • Reputation:   0
  • Joined:  08/06/12
  • Last Seen:  
Posted

Hello im from indonesian, and have problem in server RO private server.

Server name : Return

Hackshield : Gepard (functor)
Rathena version GIT. Lastert Github (april 2016 update)

Scrypter 
1st build : LordAkbare (windows server, GIT)
2nd build : Aica 
3rb modification : Kevin Sylus (linux, centos 6.4)


Since end of march we have trouble in flooding server, i dont know this is server leak or ddos indication,
because before already 3 ISP (data center) complain about my server
So my server get flooding if near WOE time, i dont know what is this,
DDOS or server leak.

Any solution for us?


 

Link to comment
Share on other sites

2 answers to this question

Recommended Posts

  • 0
PandaLovesHamster Poring

PandaLovesHamster

Posted
  • Group:  Members
  • Topic Count:  51
  • Topics Per Day:  0.01
  • Content Count:  452
  • Reputation:   33
  • Joined:  12/18/14
  • Last Seen:  
Posted

You can try to trim down all your scripts when it's almost WoE time and see if it still gets flooded. IF it still gets flooded, then somebody's having fun DDoS'ing you.

Link to comment
Share on other sites
  • 0
Lemongrass Drops

Lemongrass

Posted
  • Group:  Developer
  • Topic Count:  28
  • Topics Per Day:  0.01
  • Content Count:  547
  • Reputation:   270
  • Joined:  11/08/11
  • Last Seen:  
Posted

First of all you should try to gather some information on where the attack comes from.

If you cannot do this on your own try to contact your ISP/hoster for help.

 

If the attack comes from a single or only a small amount of IP-addresses try to look them up in your login log and block the according users and their IPs for any connection requests on your server ports.
This should be done as far up the IP-connection chain as possible, if you run behind a DoS protected host it should be done there.

I would not assume that this is what you would call an DDoS attack, but rather some users toying around with some misconfigurations on your server doing a DoS attack.

 

If you find out that it uses a large pool of IP-addresses you can assume that it might really be a DDoS attack.

If your ISP/hoster cannot help you out with this you have to make use of rAthena's provided functionalities to try to counter these attacks.
Therefore I would have a look at /conf/packet_athena.conf.

Also make sure you block any other traffic than TCP on the server ports in your firewall.

 

Hope this can help you to solve your issues.

 

Ps:

This is not a complete tutorial how to secure your server against such an attack though, those are only some small steps into the right direction.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to question listing
×
×
  • Create New...