The online racing simulator
How are we supposed to protect our hosts?
(55 posts, closed, started )
How are we supposed to protect our hosts?
Quote from Victor :As for Bose's question : not all WKD members (there's quite a few of them it seems) have been involved in this. Even though the WKD servers have been shut down, it does not mean that the remaining team members must quit. They are welcome to stick around. Wether they will continue using the WKD name I do not know at this point. That is up to them to decide.
In any case I hope people will not start blaming the remaining WKD members for something others have done. It was a tight group of 5 people who caused disturbances. These have been dealt with - let's end that era here and leave things at that.

As this is far far from resolved, I really think this should be kept open for discussion. We simply can't resolve this by turning ignorance to the problem. As a community we could work together to resolve these attacks faster, instead we're having a massive door slammed in our faces.

"there's quite a few of them it seems"? alot more than the 5 banned it also seems. I will not be told that I am to 'not blame' the rest of wkd when I am still suffering attacks from former wkd members. More to the ****ing point, why are we being blamed for what ever pathetic vendetta this is? Considering the vast numbers of WKD members that seem to be involved, I think they've just about wavered any right to be pissed off.

Its costing me 5 times as much to run my hosts now, and I get pissed off with people who call these attacks harmless, if its costing people extra money, its far from ****ing harmless.

STOP SLAMMING THE DOOR IN OUR ****ING FACE AND HELP US RESOLVE THIS ISSUE. Personally I feel a published list of ex WKD members would be the least of a start.

Regards, a pissed off team who've instigated **** all!

Oh and why is it you can ban beaver08 but not beaver09?

if you ban schmidt_oner from your host, its one more ex-wkd problem gone!
Quote :"there's quite a few of them it seems"? alot more than the 5 banned it also seems. I will not be told that I am to 'not blame' the rest of wkd when I am still suffering attacks from former wkd members.

Well it is not only your server which get attacked, I have been driving on WS Metropolis, I can tell you it has been DDos'ed quite a few times as well.
I cannot confirm anything who did it, but it is obvious that it is related to some people.

Quote :More to the ****ing point, why are we being blamed for what ever pathetic vendetta this is? Considering the vast numbers of WKD members that seem to be involved.

It seems everyone is becoming victim of this issue, who ever is driving on cruise servers, I am not sure if it is only that.

Quote :Its costing me 5 times as much to run my hosts now, and I get pissed off with people who call these attacks harmless, if its costing people extra money, its far from ****ing harmless.

I can understand that it must be a pain in the ass to go through this, it does not cost only a lot of money but a lot of time from you as well i can understand.
It is beyond harmless due to you want to lend a service to cruisers to let them have fun on your server, but it is held back because of these attacks

Quote :STOP SLAMMING THE DOOR IN OUR ****ING FACE AND HELP US RESOLVE THIS ISSUE. Personally I feel a published list of ex WKD members would be the least of a start.

Regards, a pissed off team who've instigated **** all!

I agree on that we must solve this issue, with the devs, because without them we cannot solve the issue at all.
Banning accounts which are primairly used won't stop them.

I can understand you want a list of former WKD members, but some of them are not related to this behaviour of those DDos'ers.
We should be reasonable with the people who might not have anything to do with it.

Quote :Oh and why is it you can ban beaver08 but not beaver09?

On that part I can say they only banned the accounts which were primairly used.
Quote from holy mate :
I agree on that we must solve this issue, with the devs, because without them we cannot solve the issue at all.
Banning accounts which are primairly used won't stop them.

Don't they have to connect to run netstat and obtain an IP? If we can just ban them before they connect, its another door closed.

Quote from holy mate :
On that part I can say they only banned the accounts which were primairly used.

But these accounts are both the same person, thats ridiculous considering devs banned my whole IP without justification, it took major protest to get mine back, yet here we are with the main culprit and he's being protected? Who's cock did he suck eh?
Quote from Flange :Don't they have to connect to run netstat and obtain an IP? If we can just ban them before they connect, its another door closed.

I know you can IP ban them from the VPS , but I am sure they will use a proxy to gain access any way


Quote :But these accounts are both the same person, thats ridiculous considering devs banned my whole IP without justification, it took major protest to get mine back, yet here we are with the main culprit and he's being protected? Who's cock did he suck eh?

Yes true, well i know from being a former WKD Admin in 2012, he has more than 2 accounts yet , there is not a limit on how many accounts per Paypal account or any other payment method.
I agree with you that the devs should not ban an IP without any verification nor to let users make protests to get unbanned ( as in your case ).
I am not sure if he is being protected or that they just did not suspect that to be from the same person, but from being obvious it should be suspected that it is.
Quote from holy mate :I agree on that we must solve this issue, with the devs, because without them we cannot solve the issue at all.

What have the devs of a game/sim got to do with it? Nothing.

You see this happening in all kinds of online games and cross platform; Minecraft, Counterstrike, Call of Duty, Xbox360 to just name a few.

This thread is (again) quite pointless, full of rage and anger. Exactly the main motive to continue.
Quote from Flange :Don't they have to connect to run netstat and obtain an IP? If we can just ban them before they connect, its another door closed.

Obviously you ping every server online when loading List of hosts, so you don't have to connect to server to get its IP
I do tech support & security for a few sites I work for so hopefully a few tips on how to prevent a server from being DDoSed will help...


1) - Contact The LFS Developers - They are the only ones who can look into the issue and may be able to help.

2) - Block proxies from connecting to your server. Here's a "How To" article on 3 ways to accomplish that task: WikiHow - Block Proxy Servers. This will prevent most DDoS attacks from reaching their intended target.

3) - If a VPN is used where there are multiple IP's for that service, don't waste your time banning individual IP's as it's not going to work. Instead do a reverse-IP lookup search for the IP that's abusing your server and blacklist the entire range of IP's that service uses. It may require you to generate a list of the IP's in that range which you can make here: IP Range List Generator.


Quote from Pablo Donoso :I do tech support & security for a few sites I work for so hopefully a few tips on how to prevent a server from being DDoSed will help...


1) - Contact The LFS Developers - They are the only ones who can look into the issue and may be able to help.

2) - Block proxies from connecting to your server. Here's a "How To" article on 3 ways to accomplish that task: WikiHow - Block Proxy Servers. This will prevent most DDoS attacks from reaching their intended target.

3) - If a VPN is used where there are multiple IP's for that service, don't waste your time banning individual IP's as it's not going to work. Instead do a reverse-IP lookup search for the IP that's abusing your server and blacklist the entire range of IP's that service uses. It may require you to generate a list of the IP's in that range which you can make here: IP Range List Generator.



You've contradicted yourself in proving a point, only the devs can help me, yet you provide me a useful link. If this wasn't discussed, there'd be something else the devs couldn't help me with. Thanks for the link btw.

Oh and the first thing it says is 'You can purchase and download the software', so again, lets turn ignorance to the issue and just throw money away. I've already paid extra for protection against this, wanna give me the cash to 'You can purchase and download the software'?
Why are the LFS devs being blamed in any way? My server has been DDOSed continiously over the past 3 months, sometimes once a week, sometimes 4 times a day yet I don't vent my frustration towards the LFS devs.

It's unfair to target the LFS devs, those responsible for making a great sim. They aren't even remotely responsible for the partycrashers DDOSing servers.

Instead of showing gratitude towards the LFS makers once in a while, rotten eggs are being thrown at them. Surely you know that DDOS is a widespread issue far from being easy to fix.

Tarnishing players reputations based on speculation only fuels contempt which ends up in tribalism. Although I share your frustration I think the last people to vent it on are the LFS devs.
i think what is trying to be said overall is that for anything to done that will make a difference must be done globaly,so set at the master server
Quote from Flange :

Oh and why is it you can ban beaver08 but not beaver09?

Asked this already to Victor, the reply was the following one:

"Beaver has got a brother, and that brother may own that account."

"As we have not a clearly proof linking beaver08 and beaver09 , we cannot ban him"

"If we see that Beaver09 is being used by Beaver08 , that account will be banned too."
Quote from DANIEL-CRO :Obviously you ping every server online when loading List of hosts, so you don't have to connect to server to get its IP

I've just checked this time and time again, I can't get a single server IP just from getting the server list. So what other ways apart from connecting could the IP's be obtained.

I'm not blaming the Devs for the attacks, far from it. I am blaming them for making it so hush hush and sweeping it under the carpet when we could all be pulling together over this. Isn't that what communities do?

As for beavers brother story, how many brothers does he have? as far as I was aware his 'only' brother has/had an account called 'sylent' or something.
I don't see what can be done really.

To get a target IP you could simply try to connect to it ingame using a new demo account, whether you actually connect and join the server or not doesn't matter.

Then there's the attack itself, which will be from a load of different IPs and so very difficult to block at the firewall level.

All you can hope for is that your host has a sufficiently large pipe and that the attack is not large enough to fill it.
if someone runs something like teamspeak from the same host then gives that ip out so people can connect to it,is it possible this way
Quote from bishtop :if someone runs something like teamspeak from the same host then gives that ip out so people can connect to it,is it possible this way

If the IP is given out, then there is just less fishing to do by the attacker.
Quote from Flange :You've contradicted yourself in proving a point, only the devs can help me, yet you provide me a useful link. If this wasn't discussed, there'd be something else the devs couldn't help me with. Thanks for the link btw.

Oh and the first thing it says is 'You can purchase and download the software'...

1) Contact the LFS staff / developers to make an official report on the issue so they are aware of it. This is what all websites do when it comes to filing a complaint or report, the person contacts the domain administrator and asks for advice which needs to be done first so you go through the proper procedures.

2) Yes it says "buy software" as the first option however there are 3 methods to blocking proxies & VPN's in which the 2nd and 3rd options don't cost anything however it is something you have to do in order to secure your server.


Method 1 - Buy Proxy Software
Requires you to learn about Classless Inter-Domain Routing among other things plus it cost money and is something you said you didn't want to do hence the other 2 methods...


Method 2 - Block proxy servers by HTTP protocols
If you don’t want to purchase software, there is another way. You can insert a script in your website’s root htsaccess file. It’s best to copy and paste the code, rather than type it. That way, you can be sure that you won’t make any errors. After you’ve inserted the code, upload it to your server. This method is effective. Insert the following code:


# block proxy servers from site access
# [URL]http://perishablepress.com/press/2008/04/20/how-to-block-proxy-servers-via-htaccess/[/URL]

RewriteEngine on
RewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]

Method 3 - Block Proxy Servers With a Third Party Service
Use a free service like Black Box Proxy Block to check if an IP address is associated with an open proxy server. Other services such as BlockScript, BlockThatProxy, Maxmind and ThreatMetrix track all types of proxy servers, including Open proxies, HTTP proxies, SOCKS proxies, VPN (Virtual Private Network) servers, SSH tunnel servers, web-based proxies, popular anonymity networks, and Tor.


Whether this is understood or not is up to you my friend. The same things that the article explains are things I already knew and am trying to help teach you about. No worries man, just do some research on your server and find out what it needs to be secure then make it happen as that's what will stop it from getting abused. We can only give you advice here but you're the one that has to take action k.
You're obviously confusing web hosting with game server hosting.
Its really sad to see this is how lfs is going.., i remember way back when i started back at the end of 2007 as a demo user test4 "couldn't think of a username at the time lol", there was none of this DoS business now it seems to happen on a regular basis.., personnaly i dont think the devs can do much more then there already doing, maybe if they built a new system but i dont think that will happen.

'Off-Topic'
btw no this isnt my first account its actually my third, chrizza132 was my old account i gave that away to a friend.
Web Hosting = A web hosting service is a type of Internet hosting service that allows individuals and organizations to make their website accessible via the World Wide Web. Web hosts are companies that provide space on a server owned or leased for use by clients, as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for other servers located in their data center.

Game Server Hosting
= shared web hosting service... one's website is placed on the same server as many other sites, ranging from a few to hundreds or thousands. Typically, all domains may share a common pool of server resources, such as RAM and the CPU. The features available with this type of service can be quite basic and not flexible in terms of software and updates. Resellers often sell shared web hosting and web companies often have reseller accounts to provide hosting for clients.

htaccess = A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration. They are placed inside the web tree, and are able to override a subset... of the server's global configuration for the directory that they are in, and all sub-directories. The original purpose of .htaccess—reflected in its name—was to allow per-directory access control, by for example requiring a password to access the content. Nowadays however, the .htaccess files can override many other configuration settings including content type and character set, CGI handlers, etc.

(courtesy of wiki as I don't have time to list the differences, 1 is a subset of the other... htaccess is commonly used for server configurations in relation to blocking proxies...)

Quote from Flange :
Don't they have to connect to run netstat and obtain an IP? If we can just ban them before they connect, its another door closed.

Quote from holy man :
I know you can IP ban them from the VPS , but I am sure they will use a proxy to gain access any way

Quote from RFX :
2) - Block proxies from connecting to your server. Here's a "How To" article on 3 ways to accomplish that task: WikiHow - Block Proxy Servers. This will prevent most DDoS attacks from reaching their intended target.

3) - If a VPN is used where there are multiple IP's for that service, don't waste your time banning individual IP's as it's not going to work. Instead do a reverse-IP lookup search for the IP that's abusing your server and blacklist the entire range of IP's that service uses. It may require you to generate a list of the IP's in that range which you can make here: IP Range List Generator.

Quote from RFX :
Whether this is understood or not is up to you my friend. The same things that the article explains are things I already knew and am trying to help teach you about. No worries man, just do some research on your server and find out what it needs to be secure then make it happen as that's what will stop it from getting abused.

I was giving advice on what needs to be done. How Flange goes about doing it is his choice however at least he knows what's involved. As I said, he needs to research what his server's needs are so he can make it happen. I didn't say for him to use that exact config, only that blocking proxies will stop most DDoS attacks because nobody is going to DDoS someone on their own IP not to mention most DDoS attacks are often carried out using multiple proxy services and is neutralized once they can't connect.

btw I already explained to Victor a while back about how people were getting the server IP's so that they could possibly find a solution to it and implement it in the future but I'm not going to say how publicly. At the same time a patch was added to help keep LFS more secure but the servers you guys use have to be configured properly for them to be protected.

I'm sure it's an unpleasant situation for many of you guys to be in. I'm just offering advice on what can be done to protect yourselves. As I mentioned though, you guys have to take initiative and learn about these things if you want it to happen.
yeah id say that its something that needs to be sorted out as best as possible. ignorance to the problem will only give more power to those that are ddos'ing servers
Quote from Flange :More to the ****ing point,

far from ****ing harmless.

IN OUR ****ING FACE

Regards, a pissed off team who've instigated **** all!

*****************************************ing**********ING******ERS
Quote from bishtop :yeah id say that its something that needs to be sorted out as best as possible. ignorance to the problem will only give more power to those that are ddos'ing servers

Muhahahaha omg what an so apaling call for knowledge. Tomorrow you will probably state the opposite, like last time i read about things like this : ignorance was cool, and sharing knowledge with other people was terrorism

...and u will want to answer there is good knowledge and there is bad knowledge, or something like that... c'mon do it, that'll be fun.


bla bla bla bla ... long live Beaver, Bamse and WKD, because it takes that kind of stupidity level, to wake up a stupid forum community
-
(Bose321) DELETED by Bose321 : fuck test
hush hush

The problem here is that in every thread about WKD, it turns into a room full of monkeys throwing fecies at each other. So these threads are closed. That should not be seen as shoving things under the carpet - it should be seen as keeping the room slightly sanitary as opposed to applauding the monkeys ruining the place.
Another point is that people want revenge on the remaining WKD members. But as with the ones who have been banned now, I need proof to take away access to their account and license for which they paid. If I start doing that without knowing for sure who is in voilation of the agreement, I myself am in violation. Diligence is required. I can't blindly and / or out of rage start banning people.

help the community help us

You say we don't want the community to come together and fix this problem. Well, all I can say is that of course I want the community to come together and solve this problem! It didn't really seem possible so far though (see the monkey reference).
If a normal discussion about how to deal with these attacks can be held, then great.

so how to deal then?

This is the problem that has already been touched upon by several others. DoS attacks (specifically the types where the sender's ip address is faked) are hard to deal with, if the attacks are bigger than your internet connection speed. For this reason we have moved to another datacenter so we can deal with bigger attacks. Our old host couldn't provide the capacity and in fact were affected by the attacks as well. They did eventually place some filters on their edge routers, but a SYN attack for example wouldn't be stopped by them.

In the case of people who rent a host somewhere, you will probably not have access to the firewall, so you must contact the host's support and see if they can help out. Most UDP floods for example can easily be blocked by them and is the least they could do. If they cannot handle that (the UDP floods I've seen weren't that enormous) then maybe it's time to look for another host.

I think this is also one of the reasons why with the big games, you cannot run your own hosts. They need to be run by approved and contracted game host providers who are setup to deal with these things (you don't think LFS is the only game where this is a problem do you?)

For the rest .. there isn't much else you can do yourself though. Even when you identify culprits and we ban them, it doesn't mean they can no longer run an attack on you. The experience is that they continue as long as it's enjoyable to do so. This is why some people and me included advice not to make too much noise about it. They feed on that.
maybe if you're hosting a league server, make it hidden and only provide server stuff to the ones who are racing. Also disable remote might help.
This thread is closed

How are we supposed to protect our hosts?
(55 posts, closed, started )
FGED GREDG RDFGDR GSFDG