SA-MP Forums

Go Back   SA-MP Forums > SA-MP Server > Server Support

Reply
 
Thread Tools Display Modes
Old 23/04/2018, 08:25 AM   #1
Adi007
Big Clucker
 
Join Date: Jul 2014
Location: Pitesti,Romania
Posts: 77
Reputation: 0
Default SA:MP Exploit?/Freeze problem/Flood?/Ghost Bug

Hello everybody!

I write this message on behalf of a large online gaming community in Romania, which currently has 5 SA:MP servers (Roleplay Gamemode).

About 2 weeks ago we were facing a serious problem. The samp servers receive certain attacks (I think attacks) and they get some freeze time. By "freeze" I refer to the fact that there is no synchronization between the server and the players... so the players are receiving the message "the server is not responding".
The servers remain freezing for various durations of time, for a few minutes, after which they get back and all players can connect. All this happens while the samp03svr process is not using abusive resources. At the time of "freezing" the servers do not shut down, the processes remain open, they do not get a crash. The problem happens randomly at various times of the day.

What i have already tried:

Server_Log.txt
There is nothing to see there, only:
[part] X left the server...

1. The first time I thought it could be a network attack, so I took a few tools to see if the problem was there. The dedicated server does not lose pings or SSH connections.
2. I checked server_log.txt and I did not see errors there (The server runs with the crashdetect plugin).
3. I checked if there were enough resources dedicated on the attack moment. RAM ok, CPU ok, space on SSD ok.
4. I checked mysql_error.log, everything clean.
5. We put the firewall solution on https://gta-mp.ro/forum/topic/420-vu...-sa-mp-037-r2/, no results...
6. We have disabled server query from server.cfg, the problem was still there...
7. I took server_logs from all the SA:MP servers and I did cross checks to see if there is any common IP connected before the server dropout, nothing suspicious.
8. I've done a few things on the net without a result.
9. I tried a previous version of GM, the problem still existed.
10. We made a log in which we record all commands executed in the idea we can catch something before the drop. The log looks ok and I even tried to type command by command, nothing worked.
11. I sat with the SSH console in front of the drops and did not catch anything suspicious. In the case of an infinite loop I would see the CPU going up (but it was ok).
12. I talked to many people who have DDoS codes, exploits and attacks and no one has any explanation.
13. There are probably other things I've tried and that I do not remember.


Mentions:
- The server runs with crashdetect plugin. There is no error/warning when the server freeze.
- The host has sufficient resources.
- No updates have been made recently to the gamemode, so it can't be considered a programming error.
- The network is always ok.
- No recent plugins have been added and no recent updates have been made to the old ones.


So ... has anyone ever faced a problem of this type recently? Is this a SA:MP exploit? Does anyone have any ideas other than those I've already tried? Thank You!

Don't have a forum account? If you have any answer/suggestion, contact me at: voxfilm13@gmail.com
Adi007 is offline   Reply With Quote
Old 26/04/2018, 04:20 AM   #2
Battlezone
Gangsta
 
Battlezone's Avatar
 
Join Date: Aug 2013
Location: Berlin
Posts: 853
Reputation: 139
Default Re: SA:MP Exploit?/Freeze problem/Flood?/Ghost Bug

According to your description of the issue, I have faced a similar thing 3 times on my server.
The CPU usage would drop to 0% and all players would just lose connection, none would be able to rejoin until I would restart the server.
It's probably the exploit Y_Less was talking and warning about.
__________________
Battlezone is offline   Reply With Quote
Old 26/04/2018, 08:40 AM   #3
Adi007
Big Clucker
 
Join Date: Jul 2014
Location: Pitesti,Romania
Posts: 77
Reputation: 0
Default Re: SA:MP Exploit?/Freeze problem/Flood?/Ghost Bug

Quote:
Originally Posted by Battlezone View Post
According to your description of the issue, I have faced a similar thing 3 times on my server.
The CPU usage would drop to 0% and all players would just lose connection, none would be able to rejoin until I would restart the server.
It's probably the exploit Y_Less was talking and warning about.
Could you give me a link please?
Adi007 is offline   Reply With Quote
Old 26/04/2018, 08:45 AM   #4
narwn
Little Clucker
 
Join Date: Oct 2017
Posts: 16
Reputation: 0
Default Re: SA:MP Exploit?/Freeze problem/Flood?/Ghost Bug

server version?
narwn is offline   Reply With Quote
Old 26/04/2018, 08:55 AM   #5
Adi007
Big Clucker
 
Join Date: Jul 2014
Location: Pitesti,Romania
Posts: 77
Reputation: 0
Default Re: SA:MP Exploit?/Freeze problem/Flood?/Ghost Bug

Quote:
Originally Posted by narwn View Post
server version?
0.3.7 R2-2


Note: The server does not crash and the samp03svr task is not closed during this exploit, it juse freeze and after a while it come back.

Some people told me that the "OnPlayerSpawn" callback could be the problem if some players come on the server and call this function for about 1000-2000 times / second. I tried to simulate this and called the function for 1000 times "OnPlayerSpawn(0);" (using CallLocalFunction) where 0 is my player ID. The result was that the server has kicked me (ID 0) for ackslimit exceeded, but only I was kicked, the rest of the players remained online.


The only thing I found about exploit and Y_LESS was this (about dialogs): http://forum.sa-mp.com/showthread.php?t=330118
Checked, this doesn't seem to be my problem.
Adi007 is offline   Reply With Quote
Old 26/04/2018, 09:12 AM   #6
Battlezone
Gangsta
 
Battlezone's Avatar
 
Join Date: Aug 2013
Location: Berlin
Posts: 853
Reputation: 139
Default Re: SA:MP Exploit?/Freeze problem/Flood?/Ghost Bug

Quote:
Originally Posted by Adi007 View Post
0.3.7 R2-2


Note: The server does not crash and the samp03svr task is not closed during this exploit, it juse freeze and after a while it come back.

Some people told me that the "OnPlayerSpawn" callback could be the problem if some players come on the server and call this function for about 1000-2000 times / second. I tried to simulate this and called the function for 1000 times "OnPlayerSpawn(0);" (using CallLocalFunction) where 0 is my player ID. The result was that the server has kicked me (ID 0) for ackslimit exceeded, but only I was kicked, the rest of the players remained online.


The only thing I found about exploit and Y_LESS was this (about dialogs): http://forum.sa-mp.com/showthread.php?t=330118
Checked, this doesn't seem to be my problem.
It's not that, I don't have any link but I believe I've seen Y_Less mentioning it on SA-MP discord, it's related to Raknet. From what I understood from a discussion with Jelly, an invalid packet is sent to the server, but they have to hook the client's raknet interface to be able to send out the packet. There's no possible fixes using plugins because they process packets after they're already received by the server.
__________________
Battlezone is offline   Reply With Quote
Old 26/04/2018, 07:15 PM   #7
Battlezone
Gangsta
 
Battlezone's Avatar
 
Join Date: Aug 2013
Location: Berlin
Posts: 853
Reputation: 139
Default Re: SA:MP Exploit?/Freeze problem/Flood?/Ghost Bug

It's striking again, still no answer from sa-mp team...
__________________
Battlezone is offline   Reply With Quote
Old 26/04/2018, 08:08 PM   #8
Assish
Little Clucker
 
Join Date: Apr 2018
Posts: 10
Reputation: 0
Default Re: SA:MP Exploit?/Freeze problem/Flood?/Ghost Bug

This happened to my server last week too I hope it won't start agin
Assish is offline   Reply With Quote
Old 26/04/2018, 08:42 PM   #9
[HLF]Southclaw
High-roller
 
[HLF]Southclaw's Avatar
 
Join Date: Apr 2009
Location: England
Posts: 4,836
Reputation: 1405
Default Re: SA:MP Exploit?/Freeze problem/Flood?/Ghost Bug

This is the issue that has been discussed on the Discord: https://github.com/********archive/RakNet/issues/102

edit: ugh, replace the asterisks in the above URL with Mark Zuckerberg's product name.

I don't think anyone has released a working PoC of this exploit yet, it would be useful to actually confirm that this exploit works as described so a fix can be patched in.
__________________



[HLF]Southclaw is offline   Reply With Quote
Old 27/04/2018, 02:10 PM   #10
Battlezone
Gangsta
 
Battlezone's Avatar
 
Join Date: Aug 2013
Location: Berlin
Posts: 853
Reputation: 139
Default Re: SA:MP Exploit?/Freeze problem/Flood?/Ghost Bug

I also noticed that the VSZ used jumps from 200mb to 800+mb after the server gets attacked with the exploit, and from 180mb to 780mb for the RSS as well (comparing to the server usage in its normal state), maybe this could help..
__________________
Battlezone is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
samp exploit? heavy outgoing flood. ColonelBurton Server Support 4 26/11/2014 11:01 PM
Exploit SA-MP - Query Flood junkbuster Server Support 11 10/01/2012 05:11 AM


All times are GMT. The time now is 05:15 PM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.