Stopping Mass lDDOS v Proxy & CS CS2

Hi,

I'm CMagic I'm new here, anyway.

I've been playing around with how the client works and the server. I've added quite a few things I'll most likely showcase on a project thread. It's getting really interesting.

With that being said, I have a few advanced questions.

So I've noticed most clients are subject to a mass login DDOS via a proxy which can essentially crash a server. Does anyone here know the common method to block this attack?

Also, what's CS & CS2. I am sort of limited in the areas of interface creation. It seems to do anything crazy advanced one needs to decompile CS, CS2 and be able to compile it?

Thanks Rune-server

You cannot really prevent connections to your server if hes using a different IP address.

You can always do things like detect his mac address and so on but this can be faked very easily so this is definitely not an option but more of a "confuse the hacker".
What you can do is improve your performance by scaling things up:

* Handle login requests on a separated thread
* You can design an architecture with a login server which is in charge of authentication (which is the most heavy process because you are either doing I/O operations or database queries). You can use kubernetes to scale your login server, make it run multiple instances of login server based on traffic (load balancing) so all traffic is split to services which will decrease the load on your login process, but this still causes a load on your database, and scaling database with data synchronization is definitely not an easy task. Think of it as not an attack, you have 100 million users right now, you have to handle it.
* Decrease unnecessary logic as much as possible in the login handling.
* Host on a company that knows what they are doing, a lot of companies like radware knows how to handle requests from suspicious sources such as free proxies or paid proxies that are usually used to send illegal spam requests. I highely recommend [Only registered and activated users can see links. Click Here To Register...] they definitely know what they are doing.

You can play with IPTables or other tools to detect illegal traffic, a lot of companies have machine learning algorithms on this, you can't really be to sure who is a spam and who is real.

Using RSA and updating the keys every few hours and make your players automatically update their client will require the hacker to update their "bot" to get the new keys and might stop him for a bit, but this is just temporary. if he wants to, he will always find a way to go through it.

Comapnies that handle with DDOS attacks have a lot of information, they can detect and block a whole subnet of proxy services, but if the hacker really wants, he can get an expensive dedicated vpn service with million of IPs if he has the money for it.

Other than that I don't really see any way, it's not just an issue in RSPS, its something that every one has an issue with, big companies with real traffic.

Hope it helped, if anyone else has any ideas i'd like to get updated too !

Quote:

---

Originally Posted by Jonyfx [Only registered and activated users can see links. Click Here To Register...]

You cannot really prevent connections to your server if hes using a different IP address.

You can always do things like detect his mac address and so on but this can be faked very easily so this is definitely not an option but more of a "confuse the hacker".
What you can do is improve your performance by scaling things up:

* Handle login requests on a separated thread
* You can design an architecture with a login server which is in charge of authentication (which is the most heavy process because you are either doing I/O operations or database queries). You can use kubernetes to scale your login server, make it run multiple instances of login server based on traffic (load balancing) so all traffic is split to services which will decrease the load on your login process, but this still causes a load on your database, and scaling database with data synchronization is definitely not an easy task. Think of it as not an attack, you have 100 million users right now, you have to handle it.
* Decrease unnecessary logic as much as possible in the login handling.
* Host on a company that knows what they are doing, a lot of companies like radware knows how to handle requests from suspicious sources such as free proxies or paid proxies that are usually used to send illegal spam requests. I highely recommend [Only registered and activated users can see links. Click Here To Register...] they definitely know what they are doing.

You can play with IPTables or other tools to detect illegal traffic, a lot of companies have machine learning algorithms on this, you can't really be to sure who is a spam and who is real.

Using RSA and updating the keys every few hours and make your players automatically update their client will require the hacker to update their "bot" to get the new keys and might stop him for a bit, but this is just temporary. if he wants to, he will always find a way to go through it.

Comapnies that handle with DDOS attacks have a lot of information, they can detect and block a whole subnet of proxy services, but if the hacker really wants, he can get an expensive dedicated vpn service with million of IPs if he has the money for it.

Other than that I don't really see any way, it's not just an issue in RSPS, its something that every one has an issue with, big companies with real traffic.

Hope it helped, if anyone else has any ideas i'd like to get updated too !

---

Interesting. Im thinking running a login q would be a good idea if the login requests meet a certain value those requests should be filtered out via a third party API to see whos using a proxy or not on world 1-x for example. Once the logins begin to meet a certain average value it will begin to allow requests as normal.

But, I am wondering about client script 1 & 2 as well. Id like to do advanced things with interfaces.

Quote:

---

Originally Posted by CMagic [Only registered and activated users can see links. Click Here To Register...]

Interesting. Im thinking running a login q would be a good idea if the login requests meet a certain value those requests should be filtered out via a third party API to see whos using a proxy or not on world 1-x for example. Once the logins begin to meet a certain average value it will begin to allow requests as normal.

But, I am wondering about client script 1 & 2 as well. Id like to do advanced things with interfaces.

---

Yes you can for exmaple use amazon SQS queue, each login request will be sent to the queue with a job, I think you will need 2 queues for that, outgoing queue and incoming queue).

SImple architecture that I can think of this:

Outgoing queue is basically the login requests, you send a login request job to the queue. on the other hand you can use serverless AWS lambda function which will be triggered once there are jobs in the queue and handle them (authenticate through database or other I/O operations), once the job is done, you will send a new job to the incoming queue and the server will poll from the incoming queue every X time for login reuqests that has been handled, and send a response to the client (make sure to create some unique ID for each login request so you will know how to map it and send it back to the client)

Quote:

---

So I've noticed most clients are subject to a mass login DDOS via a proxy which can essentially crash a server. Does anyone here know the common method to block this attack?

---

fix the server crashing issue and they wont bother doing it