SA-MP Forums

Go Back   SA-MP Forums > SA-MP Server > Server Support

Reply
 
Thread Tools Display Modes
Old 02/09/2017, 06:06 AM   #41
PrettyDiamond
Big Clucker
 
Join Date: Jun 2015
Location: Germany
Posts: 53
Reputation: 5
Default Re: Firewall Cookie Flood Connection

You should to go to your folder /lib/modules/....and look here the real filename for this file where you have xxxx and change it to the correct module name
__________________
PrettyDiamond is offline   Reply With Quote
Old 02/09/2017, 06:31 AM   #42
Chaprnks
Gangsta
 
Chaprnks's Avatar
 
Join Date: Sep 2007
Location: Soviet America
Posts: 583
Reputation: 69
Default Re: Firewall Cookie Flood Connection

Quote:
Originally Posted by PrettyDiamond View Post
You should to go to your folder /lib/modules/....and look here the real filename for this file where you have xxxx and change it to the correct module name
It was actually more complicated than that.. at some point I half-ass upgraded the linux kernel, but still had grub thinking it was the old one.. Thankfully got it all settled without having to reformat *phew*

Thanks for the help
__________________
Chaprnks is offline   Reply With Quote
Old 02/09/2017, 04:49 PM   #43
PrettyDiamond
Big Clucker
 
Join Date: Jun 2015
Location: Germany
Posts: 53
Reputation: 5
Question Re: Firewall Cookie Flood Connection

Quote:
Originally Posted by Chaprnks View Post
It was actually more complicated than that.. at some point I half-ass upgraded the linux kernel, but still had grub thinking it was the old one.. Thankfully got it all settled without having to reformat *phew*

Thanks for the help
Im in same Boat as you my friend....my Debian was unmounted at all....and im still at Null Progress by all. My IP still flooded, my server still offline. I was thinking about change it to Windows, because @iLearner SV looks are working, but sometimes it is offline too, idk if he fixed at all the flood problem. IDK what more i can do, but i will search out, until i find the way to run my server again. Its funny, if i start it, in same minute some old players join it, then i look at SV CPU usage, goes to 100%, ping get high, packet loss, and finally timeout for all. So sad...nothing helps for me, i used the last Update from Kalcor, iptables rules, nothing works for me?
__________________
PrettyDiamond is offline   Reply With Quote
Old 02/09/2017, 05:01 PM   #44
Astralis
Guest
 
Posts: n/a
Default Re: Firewall Cookie Flood Connection

Well, your host is probably very bad. Get a decent one.

Either a game server from http://samp4you.com (which is working properly against any attacks) or a VPS.
  Reply With Quote
Old 02/09/2017, 06:05 PM   #45
Astralis
Guest
 
Posts: n/a
Default Re: Firewall Cookie Flood Connection

Quote:
Originally Posted by PrettyDiamond View Post
LoL...i'm my own host...pls dont come here and talk shit...you mean really ppl are so stupid and cannt distinguish between what is a good or bad host? After running a server free of problems, over years?

Why God some ppl here never read with attention then, after that think, then count some sheeps(like 100), then write!?
Then you don't know shit about how to manage your server. Think before talking.
  Reply With Quote
Old 02/09/2017, 10:09 PM   #46
RDM
Huge Clucker
 
Join Date: Apr 2014
Location: my github: https://github.com/Edresson
Posts: 236
Reputation: 36
Default Re: Firewall Cookie Flood Connection

Quote:
Originally Posted by PrettyDiamond View Post
Im in same Boat as you my friend....my Debian was unmounted at all....and im still at Null Progress by all. My IP still flooded, my server still offline. I was thinking about change it to Windows, because @iLearner SV looks are working, but sometimes it is offline too, idk if he fixed at all the flood problem. IDK what more i can do, but i will search out, until i find the way to run my server again. Its funny, if i start it, in same minute some old players join it, then i look at SV CPU usage, goes to 100%, ping get high, packet loss, and finally timeout for all. So sad...nothing helps for me, i used the last Update from Kalcor, iptables rules, nothing works for me?
As I mentioned the firewall works will drop 90% of the malicious packages!
but for being a software alternative, if the attack is greater than the amount of mbps available on your vps / dedicated server, the firewall will not help unfortunately,
and the same goes for the hardware, cpu and ram!

I recommend hiring a dedicated game on ovh, or hiring a vps from companies that sell. !

I have several Dedicated on ovh, the firewall game seems to support well, and would be the cheapest solution for now.


since hiring a dedicated and a hardware firewall apart in the ovh is much more expensive than a dedicated server game.


about 10 servers in my network suffer from such attacks and none went offline since the beginning of this attack!
RDM is offline   Reply With Quote
Old 31/01/2019, 04:45 AM   #47
SlowARG
Big Clucker
 
SlowARG's Avatar
 
Join Date: Feb 2014
Posts: 54
Reputation: 18
Default Re: Firewall Cookie Flood Connection

Yeah... bumping topics.

Few guys asked to me how to update "samp_prot" plugin, actually is quite easy.

Look at this Pseudo code generated by IDA Pro:

Code:
char __stdcall Load(int (__cdecl **a1)(_DWORD))
{
  int v1; // eax
  DWORD flOldProtect; // [esp+0h] [ebp-8h]

  dword_10012164 = *a1;
  dword_10012164("### samp_prot by Ubinoob loaded (ver 2)");
  dword_10012164("### Professional game hosting: https://LiveServer.pl");
  v1 = strcmp((const char *)0x4B5508, "0.3.7-R2");
  if ( v1 )
    v1 = -(v1 < 0) | 1;
  if ( v1 )
  {
    dword_10012164("### Invalid server version. Please install 0.3.7-R2-1 (linux) 0.3.7-R2-1-1 (windows).");
  }
  else
  {
    VirtualProtect((LPVOID)0x497CC8, 1u, 0x40u, &flOldProtect);
    VirtualProtect((LPVOID)0x497C74, 1u, 0x40u, &flOldProtect);
    dword_10012164("### Memory segments unprotected");
    MEMORY[0x497CC8] = -1869574000;  // unk1 ---> i query limit
    MEMORY[0x497CCC] = -28528;          // unk2 ---> +04
    MEMORY[0x497C74] = -1869574000;  // unk3 ---> p query limit
    MEMORY[0x497C78] = -28528;          // unk4 ---> +04
    dword_10012164("### Query system patched");
    MEMORY[0x4E58B8] = 0; // same as "cookielogging 0"
    dword_10012164("### Cookie logging disabled");
    MEMORY[0x4F5FD4] = 0; // same as "logqueries 0"
    dword_10012164("### Query logging disabled");
  }
  return 1;
}
We need to update all memory addresses being readed/writed. It can be easily done with IDA Pro or Cheat Engine (yeah, the old-known cheat engine).

Some signatures/patterns for Windows ONLY at the moment:

Code:
unk1		0F 85 80 06 00 00 8B 0D BC 5F 4F 00 68 08 97 4B 00 E8 ?? 37 FF FF 89 44
unk2		00 00 8B 0D BC 5F 4F 00 68 ?? ?? 4B 00 E8 ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
unk3		0F 85 D4 06 00 00 83 FF 0F 0F 85 CB 06 00 00 6A 10 68 08 5D 51 00 50 8B
unk4		00 00 83 FF 0F 0F 85 CB 06 00 00 6A 10 68 08 5D 51 00 50 8B 44 24 54 57
Some convars such as cookielogging and logqueries can be searched easily with cheat engine (cookielogging 100, and search for 100, cookielogging 999 and search for 999, and so on). Do ur homework

Last edited by SlowARG; 31/01/2019 at 05:13 PM.
SlowARG is offline   Reply With Quote
Old 20/01/2020, 04:27 PM   #48
Blake95
Little Clucker
 
Join Date: Nov 2016
Posts: 23
Reputation: 2
Default Re: Firewall Cookie Flood Connection

0.3.DL??
Blake95 is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Tool/Web/Other] Nobody's Firewall - Protection against query/cookie flood. SlowARG Tools and Files 18 30/10/2018 04:37 PM
[Firewall] Proteção contra novo ataque Cookie flood! RDM Português/Portuguese 3 26/08/2017 10:01 AM
Flood requests connection cookie. RDM Server Support 4 28/05/2015 04:29 PM


All times are GMT. The time now is 11:52 AM.


Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.