DOS attack with player logins?

Discussion in 'Bukkit Discussion' started by jwnordquist, Feb 21, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    jwnordquist

    Hello, just now my server got attacked by serveral hunderend logins and logouts, spaming the chat, and filling 60/60 server slots, here is a portion of the log:
    Code:
    2012-02-21 20:21:06 [INFO] Connected players:4popcorn§t, apsio123§t, Baggemannen§t, cheekysean§t, CWrocks§t, dunphyx9§t, falconblast123§t, FruitGushers§t, fuzzyfoxes§t, GiroroGouchou§t, guppyd94§t, Hoodle44§t, JadeGaming§t, Jake, kaleo808§t, ksmidge11§t, lukaspakter2012§t, mrsupermonkeyman§t, nateshark§t, owl1243§t, Pie_of_Guy§t, SuperWolfcash§t, swoopdawoop12§t, tannerseratt11§t, Th3RealhKronos§t, The_Blind_Seer§t, THUNDA_M00SE§t, titopotomas§t, turbanator401§t, Verdeon98§t, war420dog§t, willpakter§t, wonder1995§t, xiCoLD3N§t, zephyrus000§t
    2012-02-21 20:21:08 [INFO] [PLAYER_COMMAND] jwnordquist: /list  
    2012-02-21 20:21:08 [INFO] [PLAYER_COMMAND] JadeGaming: /ban unknowncrag SPAM 
    2012-02-21 20:21:10 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/nicks980.yml
    2012-02-21 20:21:10 [INFO] nicks980 [/50.103.153.193:53402] logged in with entity id 44901 at ([world] -34.5, 78.62000000476837, -36.5)
    2012-02-21 20:21:15 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/im4x1mu5.yml
    2012-02-21 20:21:15 [INFO] iM4X1MU5 [/67.255.187.50:51027] logged in with entity id 64070 at ([world] -27.5, 84.62000000476837, -25.5)
    2012-02-21 20:21:19 [INFO] Haydon_Nightfire [/68.155.72.156:59071] logged in with entity id 79468 at ([world] 1522.0, 28.0, 1655.0)
    2012-02-21 20:21:21 [INFO] Disconnecting Gori77a [/184.154.198.204:2132]: Failed to verify username!
    2012-02-21 20:21:21 [INFO] [PLAYER_COMMAND] jwnordquist: /list  
    2012-02-21 20:21:21 [INFO] Disconnecting pen1master [/71.91.79.149:2623]: Failed to verify username!
    2012-02-21 20:21:21 [INFO] elliotmcr [/98.214.154.230:55392] logged in with entity id 84325 at ([world] -26.5, 28.0, -27.5)
    2012-02-21 20:21:21 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/nopium.yml
    2012-02-21 20:21:21 [INFO] Nopium [/107.9.203.243:1360] logged in with entity id 84326 at ([world] -30.5, 82.62000000476837, -31.5)
    2012-02-21 20:21:22 [INFO] Disconnecting platypus11 [/24.126.154.167:3199]: Failed to verify username!
    2012-02-21 20:21:22 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/179551.yml
    2012-02-21 20:21:22 [INFO] 179551 [/98.201.29.211:3183] logged in with entity id 84904 at ([world] -23.5, 85.62000000476837, -34.5)
    2012-02-21 20:21:22 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/panguar.yml
    2012-02-21 20:21:22 [INFO] panguar [/76.122.208.108:4645] logged in with entity id 86343 at ([world] -29.5, 82.62000000476837, -34.5)
    2012-02-21 20:21:22 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/dragon1650522.yml
    2012-02-21 20:21:22 [INFO] dragon1650522 [/64.126.78.70:4051] logged in with entity id 86689 at ([world] -26.5, 84.62000000476837, -22.5)
    2012-02-21 20:21:23 [INFO] Disconnecting shara21099 [/76.102.28.79:1579]: Failed to verify username!
    2012-02-21 20:21:23 [INFO] Connection reset
    2012-02-21 20:21:23 [INFO] Disconnecting _SoLo [/212.156.9.68:2719]: Failed to verify username!
    2012-02-21 20:21:23 [INFO] Connection reset
    2012-02-21 20:21:23 [INFO] celsderg [/68.53.84.199:58424] logged in with entity id 89605 at ([world] 46.5, 27.69999998807907, -1906.0514165576285)
    2012-02-21 20:21:24 [INFO] Connection reset
    2012-02-21 20:21:24 [INFO] Disconnecting EliStoner [/24.228.20.217:4312]: Failed to verify username!
    2012-02-21 20:21:24 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/rapter33.yml
    2012-02-21 20:21:24 [INFO] Rapter33 [/75.138.188.163:3018] logged in with entity id 89961 at ([world] -34.5, 78.62000000476837, -31.5)
    2012-02-21 20:21:24 [INFO] Disconnecting rollo99 [/166.82.187.181:3560]: Failed to verify username!
    2012-02-21 20:21:24 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/ryanglavin.yml
    2012-02-21 20:21:24 [INFO] ryanglavin [/68.44.183.163:1109] logged in with entity id 91127 at ([world] -17.5, 86.62000000476837, -35.5)
    2012-02-21 20:21:25 [INFO] kaine360 [/76.29.30.181:1608] logged in with entity id 91550 at ([world] -26.5, 84.62000000476837, -26.5)
    2012-02-21 20:21:25 [INFO] Connection reset
    2012-02-21 20:21:25 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/abacaba.yml
    2012-02-21 20:21:25 [INFO] abacaba [/71.65.51.231:2547] logged in with entity id 91987 at ([world] -28.5, 83.62000000476837, -25.5)
    2012-02-21 20:21:25 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/reinier1.yml
    2012-02-21 20:21:25 [INFO] reinier1 [/71.231.112.139:3960] logged in with entity id 92344 at ([world] -32.5, 80.62000000476837, -28.5)
    2012-02-21 20:21:25 [INFO] Connection reset
    2012-02-21 20:21:25 [INFO] Disconnecting lukerichardson [/75.180.44.86:1116]: Failed to verify username!
    2012-02-21 20:21:25 [INFO] PeepingTom24 [/220.162.14.114:4331] logged in with entity id 93150 at ([world] 195.71263264917235, 43.02674555004246, 36.823731578393634)
    2012-02-21 20:21:26 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/faiilure.yml
    2012-02-21 20:21:26 [INFO] Faiilure [/68.83.23.43:2466] logged in with entity id 93980 at ([world] -20.5, 86.62000000476837, -34.5)
    2012-02-21 20:21:26 [INFO] Disconnecting grumpy127 [/98.27.139.247:4039]: Failed to verify username!
    2012-02-21 20:21:26 [INFO] endergeek123 [/24.61.214.23:2905] logged in with entity id 94456 at ([world] -26.5, 28.0, -27.5)
    2012-02-21 20:21:26 [INFO] Connection reset
    2012-02-21 20:21:26 [INFO] Disconnecting piepiemanman [/61.164.87.130:36874]: Failed to verify username!
    2012-02-21 20:21:26 [INFO] Connection reset
    2012-02-21 20:21:26 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/117legend.yml
    2012-02-21 20:21:26 [INFO] 117legend [/219.235.110.13:4708] logged in with entity id 94771 at ([world] -28.5, 83.62000000476837, -23.5)
    2012-02-21 20:21:26 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/subjecttrek.yml
    2012-02-21 20:21:26 [INFO] SubjectTrek [/96.228.249.41:51828] logged in with entity id 94772 at ([world] -26.5, 84.62000000476837, -22.5)
    2012-02-21 20:21:26 [INFO] The_Pie [/67.219.163.104:1625] logged in with entity id 94773 at ([world] -35.5, 76.62000000476837, -29.5)
    2012-02-21 20:21:26 [INFO] ponml123 [/75.134.125.126:2062] logged in with entity id 94774 at ([world] -30.5, 82.62000000476837, -29.5)
    2012-02-21 20:21:27 [INFO] Disconnecting andrewmoo [/131.247.19.122:1988]: Failed to verify username!
    2012-02-21 20:21:27 [INFO] heracles4 [/97.103.218.57:1398] logged in with entity id 96541 at ([world] -26.5, 28.0, -27.5)
    2012-02-21 20:21:27 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/slabs.yml
    2012-02-21 20:21:27 [INFO] slabs [/64.1.142.194:19104] logged in with entity id 96542 at ([world] -17.5, 86.62000000476837, -27.5)
    2012-02-21 20:21:27 [INFO] Connection reset
    2012-02-21 20:21:27 [INFO] Disconnecting tapout10 [/68.202.2.5:1330]: The Ban Hammer has spoken!
    2012-02-21 20:21:28 [INFO] Connection reset
    2012-02-21 20:21:28 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/mcfam444.yml
    2012-02-21 20:21:28 [INFO] mcfam444 [/24.230.187.206:4377] logged in with entity id 99083 at ([world] -33.5, 79.62000000476837, -33.5)
    2012-02-21 20:21:28 [INFO] Connection reset
    2012-02-21 20:21:28 [INFO] Disconnecting AthenaWalther [/71.159.248.178:2656]: The Ban Hammer has spoken!
    2012-02-21 20:21:29 [INFO] Disconnecting Oubrecht [/208.127.22.32:1589]: Failed to verify username!
    2012-02-21 20:21:29 [INFO] Connection reset
    2012-02-21 20:21:29 [INFO] Disconnecting blunt_cha1nsaw [/71.231.91.148:56164]: Failed to verify username!
    2012-02-21 20:21:29 [INFO] Read timed out
    2012-02-21 20:21:29 [INFO] piyrwouteq [/68.53.84.199:58563] logged in with entity id 102923 at ([world] -19.5, 86.62000000476837, -27.5)
    2012-02-21 20:21:29 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/braid3n1994.yml
    2012-02-21 20:21:29 [INFO] Disconnecting braid3n1994 [/98.214.154.230:55590]: Server is full
    2012-02-21 20:21:29 [INFO] apsio123 lost connection: disconnect.endOfStream
    2012-02-21 20:21:29 [INFO] There are 59 out of maximum 60 players online.
    2012-02-21 20:21:29 [INFO] Connected players:117legend§t, 179551§t, 4popcorn§t, abacaba§t, Baggemannen§t, celsderg§t, cheekysean§t, CWrocks§t, dragon1650522§t, dunphyx9§t, elliotmcr§t, endergeek123§t, Faiilure§t, falconblast123§t, FruitGushers§t, fuzzyfoxes§t, GiroroGouchou§t, guppyd94§t, Haydon_Nightfire§t, heracles4§t, Hoodle44§t, iM4X1MU5§t, JadeGaming§t, Jake, kaine360§t, kaleo808§t, ksmidge11§t, lukaspakter2012§t, mcfam444§t, mrsupermonkeyman§t, nateshark§t, nicks980§t, Nopium§t, owl1243§t, panguar§t, PeepingTom24§t, Pie_of_Guy§t, piyrwouteq§t, ponml123§t, Rapter33§t, reinier1§t, ryanglavin§t, slabs§t, SubjectTrek§t, SuperWolfcash§t, swoopdawoop12§t, tannerseratt11§t, Th3RealhKronos§t, The_Blind_Seer§t, The_Pie§t, THUNDA_M00SE§t, titopotomas§t, turbanator401§t, Verdeon98§t, war420dog§t, willpakter§t, wonder1995§t, xiCoLD3N§t, zephyrus000§t
    2012-02-21 20:21:29 [INFO] Connection reset
    2012-02-21 20:21:30 [INFO] jj0303 [/24.126.154.167:3323] logged in with entity id 106134 at ([world] -26.5, 28.0, -27.5)
    2012-02-21 20:21:30 [INFO] Disconnecting xmer [/76.31.76.38:3739]: Failed to verify username!
    2012-02-21 20:21:30 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/raf2100.yml
    2012-02-21 20:21:30 [INFO] Disconnecting raf2100 [/68.83.23.43:2610]: Server is full
    2012-02-21 20:21:30 [INFO] Disconnecting reckertiii [/24.61.214.23:3095]: Failed to verify username!
    2012-02-21 20:21:30 [INFO] Disconnecting VanceBoot [/141.85.227.101:63873]: Server is full
    2012-02-21 20:21:30 [INFO] Connection reset
    2012-02-21 20:21:31 [INFO] Connection reset
    2012-02-21 20:21:31 [INFO] Connection reset
    2012-02-21 20:21:31 [INFO] Connection reset
    2012-02-21 20:21:31 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/penguin76.yml
    2012-02-21 20:21:31 [INFO] Disconnecting penguin76 [/71.65.51.231:2664]: Server is full
    2012-02-21 20:21:32 [INFO] Disconnecting polioman [/76.102.28.79:1649]: Server is full
    2012-02-21 20:21:32 [INFO] Creating empty config: /home/minecraft/multicraft/servers/server21/plugins/Essentials/userdata/mat2486.yml
    2012-02-21 20:21:32 [INFO] Disconnecting mat2486 [/76.122.208.108:4764]: Server is full
    
    What would be done to prevent this, as im banning every ip trying to attack but its still not working...
     
    PapiDimmi likes this.
  2. Offline

    JohnTheRipper

    It's called PWN4G3, and quite a fun t0ol, although not many people have it because the dev makes you cough up $15-$50 for it.



    Ip and username banning is a good idea, but the tool is a little difficult to stop.
     
    PapiDimmi likes this.
  3. Offline

    jwnordquist

    quick google and i found a torrent for it :/
     
  4. Offline

    JohnTheRipper

    Most likely infected, but who knows.

    I still have my copy from when I was into this kind of stuff.

    MCbans actually has some good countermeasures build into it like login throttling, or you can get someone to write you a throttling plugin, I remember helping Supah with his anti-pwn4g3 plugin a few months ago.
     
  5. Offline

    chaseoes

    Apparently STAB stops it.
     
  6. Offline

    TheBeast808

    Get McBans, throttle user connections, problem solved.
     
  7. Offline

    LEOcab

    But then your server freezes for 5 seconds whenever someone tries to log in... That's the only reason I left MCBans, other than that it is a great thing to have. :(
     
  8. Offline

    JohnTheRipper

    I don't have this issue, and never have had it, it sounds like you have some other problem related to another plugin.
     
  9. Offline

    efstajas

    LEOcab battlekid They had server issues some time ago and they caused login lag. It should be gone now. However, I wouldn't recommend McBans since there are some strange things going on...
     
  10. Offline

    Sayshal

    I agree with efstajas.

    StopTalkingAutoBan has some sort of guard against this I beleive? Login spam blocking etc.
     
  11. Offline

    HunterT

    Woah, That's a pretty professional tool. It's hard to find nice working ProxySocks that can take the bandwidth.
    And yes, It is probably just as bad as a DDoS because they are constantly loading more RAM and bandwidth and processor power.
     
  12. Offline

    JohnTheRipper

    Noto gave me a cracked version of a proxy leacher when I bought PWN4G3. I can leech ~100,000 proxies in ~5 minutes, and filter out 100+ clean anonymous ones in another 5-10 minutes. However, I've found PWn4G3 to be extremely picky about the proxies it uses, and it needs a lot of bandwidth to run correctly, my connection can usually only handle a few full-on bots (but I've gotten 30+ into single servers before, it just needs to "warm up"). In general, the tool is extremely finicky, the best way to run it would be if you have a high bandwidth connection and a bunch of high bandwidth proxies.

    However, as for resource usage, it hammers the server in terms of RAM/CPU, but the tool itself doesn't consume much in terms of CPU/RAM since it's very lightweight.

    It's more fun as a spamming tool, because only weak shitty servers will crash from spam/logins. Honestly, it's more interesting to troll people with, because 99% of server owners have never seen it before and they are confused and unable to understand what's happening.
     
  13. Offline

    TheBeast808

    No it doesn't. I'm running it right now and that osn't happening.
     
  14. Offline

    greatman

    Simple trick to go around that is to whitelist your server for the attack time. I just received that type of attack 4-5 times in 2 days and whitelist blocks them easily.
     
  15. Offline

    TheBeast808

    What do you mean by "strange things"?
     
  16. Offline

    efstajas

    Well, lots of people say they're really badly organized. Also, there have been some admins that turned out to be griefers and some hackers leaked hundreds of email- addresses recently... I heard lots of stories.
     
  17. Offline

    JohnTheRipper

    Mcbans is a service that:

    • Has griefer admins (which I don't care about!)
    • Had a security breach (which I don't care about, I couldn't care less that my email (and password "might have") gotten leaked)
    • Sometimes, once in a while and not very often these days goes down (not a issue for me, they've been stable enough over the year or so I've been using them on and off)
    • Badly organized (somewhat true, but it hasn't affected the service's usefulness and stability for me, so I don't care)
    • Bad ban managment — I do agree with this one, servers shouldn't be capped at 3 REP (2 REP is much more reasonable), bans should be downgraded to local after a suitable amount of time (6-9 months, maybe a year), and the alt accounts feature is crap.
     
    Nathan C likes this.
  18. Offline

    jefe323


    I'm glad to see someone who agrees with me on this point
     
  19. Offline

    JohnTheRipper

    I'd like to mention that I still use MCbans, because it's been very useful to me, even if I don't like some of the features. Will it get fixed? I doubt it, but it works well enough for me.
     
  20. Hmm.....I wondered what happened.
     
    PapiDimmi likes this.
Thread Status:
Not open for further replies.

Share This Page