Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Comprehensive attack protection (OOG and more)

Newbie Spellweaver
Joined
Jun 21, 2020
Messages
61
Reaction score
35
Protection against OOG attacks based on iptables:
First of all, we create the firewall script rules, you can name it as you wish.
Code:
[COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m length --length 500:65535 -j LOG --log-prefix "PW"[/COLOR]
With this rule, we record all game packages from port 29000 in sizes from 500 to 65535 bytes.
Code:
[COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m length --length 500:65535 -m recent --name packets --set
[/COLOR][COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m length --length 500:65535 -m recent --name packets --update --seconds 1 --hitcount 100 -j REJECT[/COLOR]
With these rules, we block the user if the server received from him more than 100 packets of size 500 - 65535 bytes in 1 second on the 29000 (game) port.
Code:
[COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m length --length SIZE -m recent --name packet1 --set[/COLOR]
[COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m length --length SIZE -m recent --name packet1 --update --seconds 15 --hitcount 3 -j REJECT[/COLOR]
With these rules, we block users who send more than 3 packets in 15 seconds to port 29000. SIZE - packet size in bytes.

How to track packet size in bytes?
After the first rule, where we log all the game packages, you can see them in the / var / log / syslog file or with the dmesg command in the server console.
When an attack goes on, syslog will have many identical packets in a short time.
Code:
[COLOR=#90959A][68003.357231] PW IN=ipip1 OUT= MAC= SRC=USER IP ADRESS DST=*.*.*.* LEN=547 TOS=0x00 PREC=0x00 TTL=241 ID=13328 DF PROTO=TCP SPT=22511 DPT=63947 WINDOW=254 RES=0x00 ACK PSH URGP=0[/COLOR]
In the example above, the packet size is 'LEN = 547'.


With OOG protection sorted out. Let's move on to other ways to compete with NewDestiny.
Brutus accounts. Everything is completely simple here:
#block brute force login
Code:
[COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m conntrack --ctstate NEW -m recent --name brute --set
[/COLOR][COLOR=#90959A]iptables -A INPUT -p tcp -m multiport --dports 29000 -m conntrack --ctstate NEW -m recent --name brute --update --seconds 30 --hitcount 3 -j REJECT[/COLOR]
With this rule, we block the user's IP for 30 seconds if he made more than 3 requests to connect to port 29000.

Hacking server protection recommendations:
  • Make a complete restriction on ports other than gaming through iptables.
  • Make a connection to the server using ssh key (s) with a code word.Use the latest versions of mysql, apache2 and other important packages.
  • After loading through OOG, use logrotate, otherwise, when backing up the logs, the RAM of your server will be fully used. This may be a consequence of hacking.
  • Do not use third-party software on the game server.
  • Use a non-standard player password filter. For several hours on our authorization there were over 50,000 invalid authorization attempts. 30% of our players matched usernames from these username / password pairs.

We prefer fair competition, we do not have time and extra finance for attacks. Do not mess with these people, it can end badly.

Source:


 
Newbie Spellweaver
Joined
Dec 23, 2011
Messages
45
Reaction score
11
Error: iptables: Invalid argument. Run `dmesg' for more information.

SoulStar - Comprehensive attack protection (OOG and more) - RaGEZONE Forums


How to fix?
 
Skilled Illusionist
Joined
Nov 24, 2013
Messages
325
Reaction score
22
judging from it telling you theres an invalid argument, looks like you need to look at how the command is formatted, make sure everything is correct and re-run
'dmesg' might give to more insight as to which part needs to be looked at but googling iptables for your specific server distro should work the same.

Error: iptables: Invalid argument. Run `dmesg' for more information.

SoulStar - Comprehensive attack protection (OOG and more) - RaGEZONE Forums


How to fix?
 
Junior Spellweaver
Joined
Aug 17, 2021
Messages
144
Reaction score
31
Error: iptables: Invalid argument. Run `dmesg' for more information.

SoulStar - Comprehensive attack protection (OOG and more) - RaGEZONE Forums


How to fix?

hello there,

as the error says your command parameters are incorrect, just lower the hitcount value from 100 to something like 20, which i think may be the limit of hitcount.
 
Back
Top