Messages

76

General Discussion / Re: Blockland Glass Hosting Service [DDoS Protected Servers Coming Soon]

« on: September 01, 2017, 02:18:05 PM »

y'all got any more of them... ddos protections.....

Have one left available on the test server, looking to be around $15/mo. Message me if you're interested.

I'm working to set up Glass Hosting to accept multiple plan types so that economy and premium servers can run side-by-side, as well as bulk payments and extended options.

77

Drama / Re: DDoS attacks on different servers?

« on: September 01, 2017, 10:40:39 AM »

So, it's someone who is familiar with Glass hosting/knows how it works, has general knowledge of how servers work.

As the person who runs Glass Hosting...

This is not a Glass Hosting issue. It's not even a Blockland issue, really. A DDoS attack can impact literally any device on the internet by sending more traffic than it can handle, which means that legitimate traffic can't get through.

Imagine if you hated Domino's pizza, so you got 1000 of your best friends to call and place fake orders at the same exact second. They'd either try to make 1000 pizzas (which would really ruin their day and slow down the people who actually wanted pizza) or they'd just shut down because they realize something is going on. And, because you yourself never called, they wouldn't be able to tell who has this vendetta against Domino's. They couldn't block the phone numbers of the callers because there's 1000 of them, they're constantly calling from a different number.

Replace "pizza" with connections.

These series of attacks are indeed focused on Blockland servers, as they are somewhat customized to bog down the Blockland server specifically, but at the end of the day it's still just a DDoS whether or not it's directly attacking Blockland or not.

Some more information that I found while doing my investigation yesterday.  I was playing Caxos' Military RP and it got really popular.  He said that it was hosted on BLG, and he got this message when it started to happen:

Now, I am not familiar with BLG hosting, so this may even be a normal message that everyone gets, I am not sure. 

After this he said he was being pinged by various IP addresses, the server was lagging horribly, but it never actually crashed completely.  He even said that his internet was down for a solid minute.  This might be normal considering his server was BLG dedicated, and that could explain why it didn't go down completely.  We were still able to talk to each other and while everyone else on the server lagged out, Caxos and I were still connected. 

Maybe they are getting the IP's from Glass hosting, through an exploit?

Also, I forgot to mention that the attacks only lasted for a definite amount of time before they stopped completely, this was evident when I did my investigation yesterday and while the notes say it lasted for almost 12 minutes, they were functioning normally again after 10.  Also, Caxos said that his internet went down for a solid minute.  Could be the program they are using?

That message means the network is overloaded to the point that it couldn't connect to the Blockland Glass API. This is the Glass add-on (not the hosting service) delivering this message. Play on your client and unplug your ethernet, you'll see similar messages.

It's really up to how long the attack persists and how many resources are available on how the server reacts. Some high-intensity servers have less margin and will crash. Some simpler ones will just lag out until the attack subsides.

IP addresses are in no way private, and they shouldn't be. It's like your sending a letter, each has to have a destination and a return address, and all the people who see the letter between the origin and destination are free to read those, and actually need to so that they can route your mail properly. To have your server listed on the master server, and have it join-able, it must be publicized. Take a look at the raw master server. This happening to ALL popular servers, not just those hosted by Glass Hosting. Correlation is not causation, if you have a big popular server, you're probably going to move it to a hosting service. We happen to host a lot of the top servers, so we're getting hit the most.

The attacks seem to either happen in 5/10/15 minute blocks or until the server stops being listed on the master server (which would probably happen in a similar timeframe of not being able to post). This is either a script that they're running or the DDoS service they're renting out sells time in 5 minute blocks.


I'm not sure what I've posted in which topic since we essentially have duplicates now, but it seems like the attack is focused on popular servers only. It's likely the most popular server at any time getting targeted.

I've seen a mix of attack types from Glass Hosting. Some send a bunch of invalid ping requests. My hosting provider on the DDoS resistant server noted a ICMP attack of 53Mbits in less than a second before it was quickly mitigated. Other attacks send a series of fake UDP connection requests, which could be somewhat mitigated in-engine by making sure these attacks are as least taxing as possible, but it appears that the connection is never established, just merely requested.

I'm speeding through setting up DDoS resistant servers from Glass Hosting, but they're cost prohibitive. It's really a pissing contest of who can spend more on their tech: the attacker or the target.

78

Drama / Re: PSA: Several servers are being DDoS attacked by a botnet.

« on: August 31, 2017, 09:00:18 PM »

Really don't think this belongs in the drama section. This isn't a set of personal attacks, it's targeted at Blockland as a whole. Visibility of GD would help communicate the issue.

I find it ironic that the BLID daprogs website is down.
And yes looking up BLID 111 shows 2 people, one who hasn't been online in 2 years (dimper) and the other one appariently has never been on (None).
¯\_(ツ)_/¯

Guess we just wait.

Port 111, not BLID 111.

79

Drama / Re: PSA: Several servers are being DoS attacked.

« on: August 31, 2017, 02:50:39 PM »

Trying to find who's doing it will be a waste of time. There's likely zero evidence other than a confession that would be useful.

80

Drama / Re: PSA: Several servers are being DoS attacked.

« on: August 31, 2017, 02:00:01 PM »

The first DDoS protected server is currently experiencing a DDoS attack with no drop in latency. 90k packets per second, 409.99 Mbps. Attack would need to be 24x as large to impact the server.

All attack traffic is originating from port 111. Sample traffic below:

Code: [Select]

2017-08-31 18:51:06 UTC IP 14.102.147.147:111 > 104.207.133.58:28000 UDP, length 4554780, packets 8192
2017-08-31 18:51:06 UTC IP 45.125.247.197:111 > 104.207.133.58:28000 UDP, length 4554780, packets 8192
2017-08-31 18:51:06 UTC IP 37.48.125.223:111 > 104.207.133.58:28000 UDP, length 4554780, packets 8192
2017-08-31 18:51:06 UTC IP 58.141.87.16:111 > 104.207.133.58:28000 UDP, length 4227100, packets 8192
2017-08-31 18:51:06 UTC IP 58.251.132.25:111 > 104.207.133.58:28000 UDP, length 5537820, packets 8192
2017-08-31 18:51:07 UTC IP 45.46.76.13:111 > 104.207.133.58:28000 UDP, length 4390940, packets 8192
2017-08-31 18:51:07 UTC IP 14.42.40.251:111 > 104.207.133.58:28000 UDP, length 4227100, packets 8192


81

General Discussion / Re: Blockland Glass Hosting Service [DDoS Protected Servers Coming Soon]

« on: August 31, 2017, 01:58:30 PM »

The first DDoS protected server is currently experiencing a DDoS attack with no drop in latency. 90k packets per second, 409.99 Mbps. Attack would need to be 24x as large to impact the server.

82

General Discussion / Re: Blockland Glass Hosting Service [DDoS Protected Servers Coming Soon]

« on: August 31, 2017, 11:11:32 AM »

First DDoS-protected server is live, Crown's Jailbreak. Will be tracking to see if the performance and price increase is worth it.

83

Drama / Re: PSA: Several servers are being DoS attacked.

« on: August 31, 2017, 09:34:53 AM »

viso's getting hit again, i'm not being hit yet

I think we should correlate attack times and position on server list when they happen. I’m thinking (from nature of traffic logs) that there’s only one attack at any given time and it’s on a top server, persisting until it crashes or disappears from the server list.

84

General Discussion / Re: Blockland Glass Hosting Service [DoS Attacks]

« on: August 30, 2017, 10:04:48 PM »

Issue is beyond software, really. Flooding the network and sending more information than the machine can handle.

I am looking in to switching to a new VPS provider that offers DDoS protection up to 10Gbps (we've been receiving 1.5Gbps). This could either replace the current provider or act in parallel at an increased price, I will continue to look in to it.

edit: Pricing indicates we would have to restructure the service to a degree and a small price increase. Transfer process (and related coding) could get complicated.

edit2: If you're interested in getting a DDoS protected server immediately and are willing to pay an increased rate, PM me.

85

Drama / Re: PSA: Several servers are being DoS attacked.

« on: August 30, 2017, 09:52:06 PM »

The attacks seem to last long enough just to crash the server (or make it disappear from the master list at least) and then it moves on to the next. Very systematic way of trying to "take down Blockland". I have been extremely busy with a 72 hour work week, so I haven't been able to delegate any time to investigating the data I'm getting from Glass Hosting.

86

Drama / Re: DDoS attacks on different servers?

« on: August 29, 2017, 04:38:41 PM »

A few Glass Hosting nodes are being hit, but not Glass itself. Will be posting updates in the Glass Hosting topic.

87

General Discussion / Re: Blockland Glass Hosting Service

« on: August 29, 2017, 04:37:12 PM »

us10 has been null routed by Linode due to an incoming DoS attack impacting their network performance. Several other servers receiving inbound DoS attacks, but they typically only last long enough to crash the server and then stop.

There really isn't much I can do moving forward except hope that this stops. This is indeed Linode's policy, and if this continues to happen there is nothing I can do about it. I will continue to search for solutions.

88

General Discussion / Re: BLIVE 1.3.0

« on: August 28, 2017, 09:47:53 PM »

That method is much better for self motivation but the product ends up.. odd. You will end up having to do major reworks in the future if you don't work on your back-end first.

89

General Discussion / Re: Blockland Glass Hosting Service

« on: August 28, 2017, 09:46:31 PM »

The issue has been mostly dismissed as them incorrectly flagging the outgoing traffic from us6, but there was also a lot of inbound traffic at the same time that could possibly be a DoS. Will keep an eye out moving forward, but us6 should be up and running again in a few minutes.

90

General Discussion / Re: Blockland Glass Hosting Service

« on: August 28, 2017, 08:10:09 PM »

Linode sent me a sample of the "attack traffic" they observed. It's the Blockland loading system. Either they incorrectly flagged the traffic or there is some exploit that causes the server to send back massive amounts of traffic. Still investigating.