A good AntiHack plugin for the server.

Discussion in 'Bukkit Help' started by Switch0r, Apr 13, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    Switch0r

    Our server is every month under attack of some kind off ddos attack with multiple clients trying to bring down our server.
    Is there some good plugin for this? Trying to ban does not help because they have unlimited ips.
    Our server is always online-mode=true
    I put white list on atm untill it gets better.

    Heres a part of our log:

    2012-04-13 18:00:52 [INFO] Connection reset
    2012-04-13 18:00:53 [INFO] <**Paradoxic ingrid08> Teamavo doesnt spam like that
    2012-04-13 18:00:54 [INFO] Disconnecting camster512 [/125.88.125.201:3605]: Your IP address is banned from this server!
    2012-04-13 18:00:54 [INFO] /67.171.88.53:24033 lost connection
    2012-04-13 18:00:56 [INFO] Connection reset
    2012-04-13 18:00:56 [INFO] Disconnecting _SoLo [/24.193.87.149:4747]: Your IP address is banned from this server!
    2012-04-13 18:00:58 [INFO] Connection reset
    2012-04-13 18:00:59 [INFO] Disconnecting /174.55.113.145:1978: Took too long to log in
    2012-04-13 18:00:59 [INFO] Read timed out
    2012-04-13 18:00:59 [INFO] Disconnecting /222.171.60.156:8247: Took too long to log in
    2012-04-13 18:01:00 [INFO] Disconnecting /68.52.148.94:4721: Took too long to log in
    2012-04-13 18:01:00 [INFO] Read timed out
    2012-04-13 18:01:00 [INFO] Read timed out
    2012-04-13 18:01:00 [INFO] /76.21.221.146:1825 lost connection
    2012-04-13 18:01:00 [INFO] /98.251.68.233:1852 lost connection
    2012-04-13 18:01:00 [INFO] /24.60.7.187:52748 lost connection
    2012-04-13 18:01:00 [INFO] /68.52.148.94:1150 lost connection
    2012-04-13 18:01:00 [INFO] /173.71.90.186:3155 lost connection
    2012-04-13 18:01:00 [INFO] /50.4.152.113:3209 lost connection
    2012-04-13 18:01:00 [INFO] /176.227.194.99:2360 lost connection
    2012-04-13 18:01:00 [INFO] /71.230.129.200:3352 lost connection
    2012-04-13 18:01:01 [INFO] /50.4.152.113:3141 lost connection
    2012-04-13 18:01:01 [INFO] /146.115.61.107:3580 lost connection
    2012-04-13 18:01:01 [INFO] /98.190.63.15:1448 lost connection
    2012-04-13 18:01:01 [INFO] /76.107.97.24:4801 lost connection
    2012-04-13 18:01:01 [INFO] /71.230.129.200:3244 lost connection
    2012-04-13 18:01:01 [INFO] /67.83.59.211:1427 lost connection
    2012-04-13 18:01:01 [INFO] /204.111.67.252:28095 lost connection
    2012-04-13 18:01:01 [INFO] /80.167.238.77:42379 lost connection
    2012-04-13 18:01:01 [INFO] /204.16.197.145:1912 lost connection
    2012-04-13 18:01:01 [INFO] /96.235.20.8:17409 lost connection
    2012-04-13 18:01:01 [INFO] /24.23.221.187:52692 lost connection
    2012-04-13 18:01:01 [INFO] /76.172.53.176:2749 lost connection
    2012-04-13 18:01:01 [INFO] /24.6.120.108:3556 lost connection
    2012-04-13 18:01:01 [INFO] /121.11.149.250:4143 lost connection
    2012-04-13 18:01:01 [INFO] /222.171.60.156:13751 lost connection
    2012-04-13 18:01:01 [INFO] /76.119.87.99:3026 lost connection
    2012-04-13 18:01:01 [INFO] /220.162.14.114:2998 lost connection
    2012-04-13 18:01:01 [INFO] Disconnecting /176.227.194.99:1311: Took too long to log in
    2012-04-13 18:01:01 [INFO] Disconnecting /67.136.138.210:2716: Took too long to log in
    2012-04-13 18:01:01 [INFO] Read timed out
    2012-04-13 18:01:02 [INFO] Disconnecting /24.6.120.108:3105: Took too long to log in
    2012-04-13 18:01:02 [INFO] Read timed out
    2012-04-13 18:01:02 [INFO] Disconnecting /220.162.14.114:2783: Took too long to log in
    2012-04-13 18:01:02 [INFO] Disconnecting /71.230.129.200:2870: Took too long to log in
    2012-04-13 18:01:02 [INFO] Read timed out
    2012-04-13 18:01:02 [INFO] Disconnecting /98.240.248.18:1252: Took too long to log in
    2012-04-13 18:01:03 [INFO] Read timed out
    2012-04-13 18:01:03 [INFO] Disconnecting /67.177.104.230:59120: Took too long to log in
    2012-04-13 18:01:03 [INFO] Read timed out
    2012-04-13 18:01:03 [INFO] Read timed out
    2012-04-13 18:01:04 [INFO] Read timed out
    2012-04-13 18:01:06 [INFO] Disconnecting Kalfin [/24.188.14.173:2606]: You have been banned by §4MiNiMaLHaDeZz§f§e
    2012-04-13 18:01:08 [INFO] Read timed out
    2012-04-13 18:01:08 [INFO] <**Paradoxic ingrid08> And it aint even Teamavo
    2012-04-13 18:01:08 [INFO] /66.115.88.77:4920 lost connection
    2012-04-13 18:01:08 [INFO] Connection reset
    2012-04-13 18:01:09 [INFO] Disconnecting runthistown [/204.16.197.145:3076]: You have been banned by §f§4MiNiMaLHaDeZz§f§e
    2012-04-13 18:01:11 [INFO] Connection reset
    2012-04-13 18:01:14 [INFO] <**Paradoxic ingrid08> Its Team aVo
    2012-04-13 18:01:14 [INFO] Disconnecting /220.162.14.114:2897: Took too long to log in
    2012-04-13 18:01:15 [INFO] Disconnecting /67.136.138.210:2929: Took too long to log in
    2012-04-13 18:01:15 [INFO] Disconnecting /98.202.2.109:2065: Took too long to log in
    2012-04-13 18:01:15 [INFO] Disconnecting /65.44.78.226:19664: Took too long to log in
    2012-04-13 18:01:15 [INFO] Read timed out
    2012-04-13 18:01:15 [INFO] Read timed out
    2012-04-13 18:01:15 [INFO] Disconnecting /71.230.129.200:3119: Took too long to log in
    2012-04-13 18:01:15 [INFO] Disconnecting /50.46.144.100:52561: Took too long to log in
    2012-04-13 18:01:15 [INFO] Disconnecting /94.192.40.199:56706: Took too long to log in
    2012-04-13 18:01:15 [INFO] Disconnecting /24.188.14.173:2443: Took too long to log in
    2012-04-13 18:01:15 [INFO] Read timed out
    2012-04-13 18:01:16 [INFO] Read timed out
    2012-04-13 18:01:16 [INFO] /176.227.194.99:2848 lost connection
    2012-04-13 18:01:16 [INFO] /71.230.129.200:3538 lost connection
    2012-04-13 18:01:16 [INFO] /176.227.194.99:2550 lost connection
    2012-04-13 18:01:16 [INFO] /146.115.61.107:3730 lost connection
    2012-04-13 18:01:16 [INFO] /68.52.148.94:1276 lost connection
    2012-04-13 18:01:16 [INFO] /98.240.156.227:65463 lost connection
    2012-04-13 18:01:16 [INFO] /24.240.139.249:32092 lost connection
    2012-04-13 18:01:16 [INFO] /67.83.59.211:1624 lost connection
    2012-04-13 18:01:16 [INFO] /173.69.200.203:49779 lost connection
    2012-04-13 18:01:16 [INFO] /71.230.129.200:3454 lost connection
    2012-04-13 18:01:16 [INFO] /76.21.221.146:2228 lost connection
    2012-04-13 18:01:16 [INFO] /65.29.234.51:64874 lost connection
    2012-04-13 18:01:16 [INFO] /98.193.59.96:57320 lost connection
    2012-04-13 18:01:16 [INFO] /96.235.20.8:17536 lost connection
    2012-04-13 18:01:16 [INFO] /66.115.88.77:1445 lost connection
    2012-04-13 18:01:16 [INFO] /66.182.230.206:4445 lost connection
    2012-04-13 18:01:16 [INFO] /50.4.152.113:3341 lost connection
    2012-04-13 18:01:16 [INFO] /24.19.34.123:4100 lost connection
    2012-04-13 18:01:16 [INFO] /108.13.252.63:49935 lost connection
    2012-04-13 18:01:16 [INFO] /66.74.79.123:2435 lost connection
    2012-04-13 18:01:16 [INFO] /24.6.120.108:3732 lost connection
    2012-04-13 18:01:16 [INFO] /50.46.144.100:52682 lost connection
    2012-04-13 18:01:16 [INFO] /65.96.80.121:57998 lost connection
    2012-04-13 18:01:16 [INFO] Disconnecting /66.74.79.123:2005: Took too long to log in
    2012-04-13 18:01:16 [INFO] /94.192.40.199:56789 lost connection
    2012-04-13 18:01:16 [INFO] /67.181.174.97:52121 lost connection
    2012-04-13 18:01:16 [INFO] /94.192.40.199:56824 lost connection
    2012-04-13 18:01:16 [INFO] /117.40.132.201:3046 lost connection
    2012-04-13 18:01:16 [INFO] /125.88.125.201:2202 lost connection
    2012-04-13 18:01:16 [INFO] /202.42.65.132:30371 lost connection
    2012-04-13 18:01:16 [INFO] /121.11.149.250:4692 lost connection
    2012-04-13 18:01:16 [INFO] /222.171.60.156:17244 lost connection
    2012-04-13 18:01:16 [INFO] Connection reset
    2012-04-13 18:01:16 [INFO] Read timed out
    2012-04-13 18:01:16 [INFO] Read timed out
    2012-04-13 18:01:16 [INFO] Read timed out
    2012-04-13 18:01:17 [INFO] Disconnecting /67.177.104.230:59233: Took too long to log in
    2012-04-13 18:01:17 [INFO] Read timed out
    2012-04-13 18:01:17 [INFO] Disconnecting /202.42.234.4:57466: Took too long to log in
    2012-04-13 18:01:17 [INFO] Read timed out
    2012-04-13 18:01:17 [INFO] Read timed out
    2012-04-13 18:01:19 [INFO] Disconnecting /76.127.121.123:4692: Took too long to log in
    2012-04-13 18:01:19 [INFO] Read timed out
    2012-04-13 18:01:22 [INFO] /71.178.213.38:3013 lost connection
    2012-04-13 18:01:22 [INFO] Disconnecting /98.194.103.123:2822: Took too long to log in
    2012-04-13 18:01:22 [INFO] Read timed out
    2012-04-13 18:01:25 [INFO] <*Paradoxic Fess1996> No
    2012-04-13 18:01:25 [INFO] Read timed out
    2012-04-13 18:01:25 [INFO] Disconnecting /69.1.60.218:65049: Took too long to log in
    2012-04-13 18:01:26 [INFO] Disconnecting CADTyler [/176.227.194.99:3627]: You have been banned by §f§3ChasedMonkey§f§e
    2012-04-13 18:01:27 [INFO] Disconnecting /76.111.232.132:4609: Took too long to log in
    2012-04-13 18:01:28 [INFO] Read timed out
    2012-04-13 18:01:28 [INFO] Disconnecting /66.74.79.123:2256: Took too long to log in
    2012-04-13 18:01:28 [INFO] Connection reset
    2012-04-13 18:01:28 [INFO] Disconnecting /67.136.138.210:3158: Took too long to log in
    2012-04-13 18:01:29 [INFO] Read timed out
    2012-04-13 18:01:29 [INFO] Connection reset
    2012-04-13 18:01:30 [INFO] Disconnecting /76.127.121.123:1048: Took too long to log in
    2012-04-13 18:01:30 [INFO] Connection reset
    2012-04-13 18:01:30 [INFO] Disconnecting /98.193.59.96:57241: Took too long to log in
    2012-04-13 18:01:30 [INFO] Read timed out
    2012-04-13 18:01:30 [INFO] Read timed out
    2012-04-13 18:01:30 [INFO] Read timed out
    2012-04-13 18:01:30 [INFO] Disconnecting /202.42.234.4:57872: Took too long to log in
    2012-04-13 18:01:31 [INFO] Disconnecting bookgeek752 [/220.162.14.114:3325]: Your IP address is banned from this server!
    2012-04-13 18:01:31 [INFO] Disconnecting /79.171.125.98:2063: Took too long to log in
    2012-04-13 18:01:31 [INFO] Disconnecting /50.4.152.113:3240: Took too long to log in
    2012-04-13 18:01:32 [INFO] Read timed out
    2012-04-13 18:01:32 [INFO] Read timed out
    2012-04-13 18:01:32 [INFO] <*Paradoxic Fess1996> Its team Avocado*
    2012-04-13 18:01:32 [INFO] /98.221.152.44:2211 lost connection
    2012-04-13 18:01:32 [INFO] /67.136.138.210:3390 lost connection
    2012-04-13 18:01:32 [INFO] /98.251.68.233:2131 lost connection
    2012-04-13 18:01:32 [INFO] /146.115.61.107:3818 lost connection
    2012-04-13 18:01:32 [INFO] /98.226.126.164:4542 lost connection
    2012-04-13 18:01:32 [INFO] /24.23.221.187:52903 lost connection
    2012-04-13 18:01:32 [INFO] /121.11.149.250:3044 lost connection
    2012-04-13 18:01:32 [INFO] /68.52.148.94:1442 lost connection
    2012-04-13 18:01:32 [INFO] /76.107.97.24:1230 lost connection
    2012-04-13 18:01:32 [INFO] /71.230.129.200:3611 lost connection
    2012-04-13 18:01:32 [INFO] /68.42.108.151:58382 lost connection
    2012-04-13 18:01:32 [INFO] /222.171.60.156:20745 lost connection
    2012-04-13 18:01:32 [INFO] /24.19.34.123:4198 lost connection
    2012-04-13 18:01:32 [INFO] /204.111.67.252:28410 lost connection
    2012-04-13 18:01:32 [INFO] /24.193.87.149:1140 lost connection
    2012-04-13 18:01:32 [INFO] /24.60.7.187:53207 lost connection
    2012-04-13 18:01:32 [INFO] /204.16.197.145:4435 lost connection
    2012-04-13 18:01:32 [INFO] /76.21.221.146:2523 lost connection
    2012-04-13 18:01:32 [INFO] /76.127.121.123:1388 lost connection
    2012-04-13 18:01:32 [INFO] /65.29.234.51:65088 lost connection
    2012-04-13 18:01:32 [INFO] /98.240.156.227:49341 lost connection
    2012-04-13 18:01:32 [INFO] /24.6.120.108:3887 lost connection
    2012-04-13 18:01:32 [INFO] /69.1.60.218:65486 lost connection
    2012-04-13 18:01:32 [INFO] /98.227.131.60:58379 lost connection
    2012-04-13 18:01:32 [INFO] /173.69.200.203:49853 lost connection
    2012-04-13 18:01:32 [INFO] /174.55.113.145:2552 lost connection
    2012-04-13 18:01:32 [INFO] /24.4.36.54:54720 lost connection
    2012-04-13 18:01:32 [INFO] /71.230.129.200:3717 lost connection
    2012-04-13 18:01:32 [INFO] /98.202.2.109:2786 lost connection
    2012-04-13 18:01:32 [INFO] /69.1.60.218:49170 lost connection
    2012-04-13 18:01:32 [INFO] /94.192.40.199:56856 lost connection
    2012-04-13 18:01:32 [INFO] /67.177.104.230:59610 lost connection
    2012-04-13 18:01:32 [INFO] /220.162.14.114:3413 lost connection
    2012-04-13 18:01:32 [INFO] /24.6.120.108:3938 lost connection
    2012-04-13 18:01:32 [INFO] /222.171.60.156:23109 lost connection
    2012-04-13 18:01:32 [INFO] /24.23.221.187:53082 lost connection
    2012-04-13 18:01:32 [INFO] /98.240.248.18:1751 lost connection
    2012-04-13 18:01:32 [INFO] /121.11.149.250:2027 lost connection
    2012-04-13 18:01:32 [INFO] /89.207.68.10:47487 lost connection
    2012-04-13 18:01:32 [INFO] /98.227.131.60:58443 lost connection
    2012-04-13 18:01:32 [INFO] /80.167.238.77:42720 lost connection
    2012-04-13 18:01:33 [INFO] <**Paradoxic ingrid08> as in short
    2012-04-13 18:01:33 [INFO] /70.254.226.130:1423 lost connection
     
  2. Offline

    andrewpo

    Who hosts your server?
     
  3. Offline

    Switch0r

    I host it on a rented dedicated server
    We use Leaseweb and Hetzner
     
  4. Offline

    andrewpo

    Is it self-managed? Do you have a firewall (e.g. csf configserver if you use Linux)?
     
  5. Offline

    Switch0r

    Its not a real ddos attacking the os, its just spamming the server with unlimited ips.
     
  6. Offline

    andrewpo

    40 IPs connecting in a second is very odd - but what OS does your server use? And what firewall if applicable?
     
  7. Offline

    Switch0r

    Windows 2008 R2
    Windows Firewall
     
  8. Offline

    andrewpo

    If it's the same constant stream of IPs, nullroute requests from them.
     
  9. Offline

    Switch0r

    I was asking for a plugin if possible :)
     
  10. Offline

    andrewpo

    This doesn't look like the sort of issue a plugin could stop.
    The only thing that springs to mind is NoCheat but that seems irrelevant to this problem.

    Your best bet seems to be to identify the IPs that are causing trouble and nullroute their requests.
     
  11. Offline

    Switch0r

    I banned like 100 ips and they just make instant new ips, it doesent help.

    Maybe some register plugin could help.
     
  12. Offline

    andrewpo

    This could possibly be a botnet based attack then.
    Does it cause a noticeable impact in server performance?
     
  13. andrewpo and Switch0r like this.
  14. Offline

    Switch0r

    ok thanks, now we are getting somewhere.

    More help is welcome.
     
  15. Offline

    andrewpo

    Using a plugin to block spammers isn't going to do much good - they're still getting to the point where craftbukkit has to process the requests from each IP which could impact on performance.
     
  16. Offline

    Switch0r

    Dude are you trying to get mosts posts on bukkit :D
    You replied all topics here lol
    http://forums.bukkit.org/forums/bukkit-help.6/
     
  17. Offline

    andrewpo

  18. Offline

    Switch0r

    Do you ever play Minecraft ? :p
     
  19. Offline

    andrewpo

    Got a bit bored of it for now; I go through phases of loving it, kind-of-loving-it, liking it and being sick to death of constant requests to 'protect my house' and rollback griefing. D:
     
Thread Status:
Not open for further replies.

Share This Page