Looks like Counter-Strike 2D servers are not the only target of those slightly retarded kids. My webserver has been attacked today, leading to bad accessibility of all Unreal Software websites.
I blocked the attacking IP (50.72.86.162) now. I assume that it overloaded the webserver the entire day.

I want to note that this will be examined and it will draw legal consequences if I'm able to find out who is responsible for this.

Sorry to everyone who wasn't able to access the website because of this.

Yea...
That is bad.

Was it really only 1 IP? Doesn't apache/httpd automatically give out 500s for overloading requests? Perhaps you should set that up properly.

@ PyKemis: No I'm not sure if it was just one IP. I didn't examine the logfiles yet. I just know that there was a suspiciously high amount of TCP connections from the mentioned IP so I iptable banned it and the server worked well since that. Maybe a Syn-Flood or something else. I didn't examine it yet.

Before doing that I already tried a shitload of Apache configurations to solve the problem. Apache always reached the maximum number of connections within a few minutes, even if I set them to something like 3000 (a value which is never reached even closely... normally). I know how to setup a webserver properly, that's not the problem...

Take a report to FBI o.-

The reason I say that is because, during the attack, I tried to connect to unreal, and it did try to load the website.

If max connections have been initialized/declared then it should have sent me a 503--which I never got.

Your request has benn queued probably or the server wasn't able to send any response I guess.

DC, why wouldn't you limit opened TCP connections from one IP? I think no one probably needs more than 50 connections in the same time.

This one would work great against 80% of TCP attacks (change number to desired, of course, I stick with 9). Dropping when many IP addresses are performing DDoS attack on your server.

The attacker can hide/change his ip right?
Because this ip is Canadian.Canadian crasher doesn't make sense .

Canada wants to be seen as nobody cares about them. Ignore.

US.de loaded for me, but very slowly. I was still able to do everything I normally could but slowpoke. It's weird how people want to ruin a community full of kids which probably don't even care as long as the game works.

Sad.

@ oxytamine: Great idea. Thanks.

This made me lol so bad.

So what if it's Canadian? It could have been an Arabian IP.

SMB attacks could be easily blocked by this.

Since they all use same port. Also, let's limit connections to port 80, DDoS'ing this port is the most common attack since kids often use pre-compiled scripts/programs which flood port 80.

That's what I'm talking about - it will reject all the connections from specific IP if limit is reached (in this case limit is 20, I set 40).

DC have you confirmed that the attacker had only 1 IP? These solutions are good but are only towards dos.

erm.. I don't know what sense of attacking.

Or it could have been you posting gayporn everywhere.

Owait. Did I just? Yea.. I did, screw you.


That's one thing fixed then. Would you protect something against all attacks yet must wait for an actual solution. Or would you protect it from one attack right away!? Seriously dude, your posts are getting more and more useless.

I once told him that he is talking non-sense, but he did not listen.

Fucking retarded kids, I hope they burn in hell.

I'll never seem to understand sense of attacking a simple forum. DDoS attacks could be useful when you're making business (I once DDoS'ed e-Quality to death for a couple of hours, I lol'd), but it's completely useless when it turns out that you do not profit from DDoS'ing.

Hmm.. you seem to have a wild imagination. Stupid much? You're screwing yourself.