packet server crasher?
hey, so for the past 2-3 days we've been having issues with some 13yo who keeps making our server unplayable and idk how to deal with it
basically when he joins everybodys ping jumps to values like 5000-15000 and the tps drops to as low as 0.7 (lol)
i dont think hes ddosing the server, since i'm running two servers on the same machine and while the first one lags the second one stays unbothered
im running purpur 1.19.4 build 1985 (latest one for 1.19.4)
the logs are spammed with something like this:
it spams so much that it makes my server logs go >3gb with the server running for 4-5 hours with 10 players
the attack can go for hours even after he lefts the server or after a restart
idk how to fix or make it stop, the guy is also an a-hole and wont listen to anything we say
can somebody help?
31 Replies
Thanks for asking your question!
Once you have finished, please close your thread.
Make sure to provide as much helpful information as possible such as logs/what you tried and what your exact issue is
command to close
/close
!close
!solved
Requested by jelnuszek#0
!logs
Please check your server log for errors from your plugins.
If you need further help understanding the errors, please send us the whole log file.
Where can I find the server log?
Logs are stored in
<server_directory>/logs/. Search for a file explorer in your server's management interface and navigate to that directory. Once you've opened that up, search for the latest.log file. Some providers have a separate page for logs and may hide the "logs" folder.
On Aternos:
• Go to https://aternos.org/log/.
On Minehut and server.pro:
• Go to the "files" tab in the left menu.
• Navigate to the root directory of your server.
• From there navigate to /logs/latest.log.
What should I do with the log?
• First of all, read it! I mean, that's what you do all the time when you run a server, isn't it? Try to locate any errors that have anything to do with the issue you are facing.
• If you got the latest.log file or created a .txt file with the necessary errors you can upload these directly to the channel, but we prefer if you upload them to https://mclo.gs/.
• If you have trouble downloading the log file, copy/paste the text to a paste service (like mclogs). Copy the link that it gives you and send it to us. (Don't worry, McLogs hides your users' IPs.)Admincraft Canned Responses
i hope this is enough, whole log has over 29m lines but it spams the same thing over and over again
i couldnt post it all cuz it would lag my pc
when i copied it
He spams invalid packs to the server which then probably causes the lag either because they are to Manny or because of the logging of the error
When it happens look from where the connection attempts are coming and block the ip or create IP Ratelimit rules
i use vps, oracle free tier
the ip of the guy?
yeah i do
not really :/
grimac rip
well grimac aint that bad
sad its getting discontinued tho
its grims packet listener logging it
(ngl vulcan uses packetsevents aswell)
so theres no real fix except for banning him?
Iptables ratelimite per IP and if its distributed global which can lead to no new players to join but exiting ones should be fine
okay thank you guys so much for the help
one more thing that makes me curious is why arent other small servers getting targeted
i mean, if theres no fix except for banning, and someone could use vpn to do that then i guess its really easy to harass many servers for long periods of time, even the ones which get 100-200 players a day
but then i googled the issue and havent seen any solution...
it truly makes me confused lol
could be a grim ac bug
ima replace grim with something else
i'll see how it goes
I would guess that you aren't the only one who is getting targeted but if you have mitigations like ratelimit and other plugins/methods to prevent that kind of stuff it's getting harder to do stuff like that. And bigger servers have more options to prevent such attacks
is your server IP public (just directly linked to a domain) or proxied through services like tcpshield etc
i set up tcpshield today but some people can join and some cant
ppl are complaining lol
pointless
if u set it up after already giving out ip
well..
so tcpshield is not going to help with dealing with this guy right?
It’s too late for tcpshield to help since they already have your ip
depending on what he’s doing it may have helped if you used it before opening your server
It's an offline mode server
This kind of exploit is normal for offline mode servers
ik... i bought the game myself but i have a lot of players who didnt
oh lol
what exploit is being used?
tcpshield is for antiddos
denying connections does jack shit
if they just ddos the host/machine ur on
If they hit you with a volumetric attack which should be easily filtered by every major hosting company, but that was just some packet spam with invalid packet IDs which I would expect TCP shield to get rid of
i installed tcpshield after the attacks, i dont know if it does something or not
Did you also configure the firewall correctly so you only can join via TCP shield and not directly anymore?
yeah
Then It should be fine I guess
so i banned him on the firewall thing, banned him in-game on nickname and ip (if he could still join somehow), removed grim and installed themis (maybe i'll return to grim later but idk) installed epicguard to block vpn and also block regular connections outside the country, changed the ip of the machine and completed tcpshield & cloudflare setup so the ip wont be leaked again
i think this will be enough lmao
thank you guys again so much for the help, i dont know what i would do without you :serduszko:
Only moderators and the Post owner can mark this as solved!