Preventing ddos attacks in the game
Hello, we recently opened a game server in C#, but we had to close it due to ddos attacks. Is there a way to prevent these attacks? Most likely VDS is using too much power to reject incoming requests and the server is crashing.
73 Replies
Put it behind a proxy with a DDOS prevention service?
Cloudflare comes to mind
We already have an anti-ddos system that we use, but I think the server must be crashing because it is rejecting the IP package request☠️
I think it is necessary to check the sent packet/request before it reaches the server and, if necessary, block it without wasting power.
if your DDOS prevention isn't preventing the DDOS you might want to investigate that further
If anyone wants to review the code
$paste
If your code is too long, you can post to https://paste.mod.gg/, save, and copy the link into chat for others to see your shared code!
Supercell? Are you making a clash of clans private server?
isn't cloudflare http only?
It is, thought we're dealing with http at first
I was looking at this a bit, and you aren't using thread safe collections for stuff, and there's a lot of potentially concurrent collection manipulation, which can lead to very bad stuff server side. Are you sure it's DDos attacks?
Like "PacketCounters" for example, it a shared dictionary that every conenction is messing with, which could easily lead to app crashes or infinite loops (effectively crashing your app, since it will never accept another connection).
brawl stars
Yes, there may be some errors in the code, but unfortunately it crashes against attacks. If you want, I can send you the clean version of the code so you can understand it better.
Here is the clean version of the file
That version still has the same problem. All of the dictionaries in TCPGateway have this problem. As far as I can tell, only ActiveConnections is modified under locks. These can 100% lead to a crash if lots of connections are open (without DDoS being involved).
Any particular reason you aren't using async for stuff like this? I can help a lot looking for thread safety issues (rather than threads, Begin/End pairs, and timers)
Frankly, I am not the owner of the project and I can say that I am just learning C#.
If you want to take a look at the project https://github.com/Erder00/royale-brawl-v29
GitHub
GitHub - Erder00/royale-brawl-v29: bs server for v29.258 based on r...
bs server for v29.258 based on royale brawl. Contribute to Erder00/royale-brawl-v29 development by creating an account on GitHub.
The attackers sent a certain packet and I saw that there were 55 clients and players.
Interesting. So it's always the same packet?
The banned IP continues to send packets, which is most likely due to resource consumption.
I guess so
Banned IP continues to attack
If I give examples of packages, creating an account, staying online in the lobby (55 players)
fake players
And I realized that even a ddos attack by gpt is enough to crash the game.
If we can ensure that banned IPs do not reach the server/or do not respond even if they do, will the problem be solved?
I doubt that very much. If a single IP sending a single packet is crashing the server, it's not a DDos problem.
It's bugs in the recieving code.
Unless the packet is somehow crashing the TCP pipeline on the server, which seems unlikely.
I mean, this code definitely has a lot of problems.
Like Messaging.OnRecieved doesn't validate the message even has a header. It just expects it's exactly 7 bytes long and starts doing stuff based on that.
I don't know that trying to block DDoS attacks is going to solve the problem. Or even trying to block a single IP (if someone is trying to hurt your service, it's trivial to get dozens, if not tens of thousands of IP address)
The attacker told me that it was very easy to stop the attack
Sure, this particular attack, maybe.
But you'd have to tell me what that attack is before I can help stop it. 🙂
Also, it doesn't sound like it really has anything to do with DDoS (just poor packet handling on the server side), so the title of this chat is probably not going to get much help.
So he's just sending a bunch of a boring "10101" packet?
I don't know about the packages but I think yes
Presumably you can just put the IP in the "ipblacklist.txt" file and it should block that particular IP address.
And then restart the process.
It doesn't work unfortunately
It keeps sending packets, the system spends some power to reject it, and when that power runs out, I think it crashes.
What do you mean "power"?
Also, once a connection is accepted, I don't see anything in the code that would close it.
If that's your current problem, that's a fairly trivial thing to fix.
Yes, I think the connection is not interrupted even if the IP is banned.
Just but some logic in OnReceive.
Like VDS's RAM
That's possible, of course. But you'd have to add more diagnostics to figure that out.
Also, the BlackList code isn't threadsafe either.
Do you know this person and could kindly ask him to stop, by any chance? 🙂
Unfortunately he is a stupid person
These people even told me that they would crash the brawl stars battle servers 💀
You can always just try a firewall on the server to block that IP, so that it can't even get into the code.
If it's just one guy. That's the most surefire way, at this point.
But if they are determined to crash this server, that won't stop them for long. 😦
I think they are using a botnet
If they actually have a botnet, it's going to take a lot of work to bulletproof this code.
Writing server code is hard.
Especially when custom implementing connection session management/messaging/crypto.
Even when I ran the attack code made by GPT, the server crashed
I will try to find more examples of attacks on you
If you want to stop one IP address. That's easy. If you are trying to make it so that no one can crash this server, that's... going to take several months of work.
(And will likely involve third party DDoS mitigations, since that's very, VERY hard to do in code)
What am I supposed to gather from that screenshot? Are those logins not legitmate?
Account creation attack is likely
Now what do you think we need to do as a result?
How can I make these IPs send packets to the server when they are banned?
I wonder if ddos protection can at least be done with python code 😄
DDoS protection is basically Cloudflares entire business model. Like a multi million dollar hard problem to solve. You are not going to be able to solve it with a python script.
As I read, there is only 1 IP address. Why dont you just filter it by iptables? Just reject or drop this connection
That's what i suggested earlier, just set a firewall rule on the server for this dude and be done with it.
Fixing code bugs will take a big amount of time, especially if it is not written by you
Yes
Open an issue on github and provide the developer this feedback
They use a botnet, but it also crashed with our crappy attacks
Ok, you need to pick one problem and solve it. Bouncing between piles of problems is making it hard to solve any of them.
Can you tell me a little bit about what I need to do right now?
If you want, you can make a list of the problems you know about (ideally in the issues list in your repo even), and then tackle them one at a time.
You haven't clearly articulated a single problem yet. "Guy is doing bad stuff to my server, help me fix it" basically.
My first suggestion would be to go through the process of finding out what's going on, either by logging more or debugging. If you find yourself with multiple problems. Write them down so you can focus on one at a time. Once you know what's happening, you can come back and ask for help on a specific problem. 🙂
Sure, yah, that's one of your many, many problems.
That isn't even an attack, it's just sending you a message.
No
Sending packets to specific IP address, please review the code.
I've reviewed the code. There are dozens, if not hundreds of ways for a malicious actor to either crash the server or cause it to behave incorrectly.
I don't have time to rewrite the entire code base for you. If you find a problem, people here can help fix it.
If you think something is crashing, add logs around it, run that, and see if you are right. If not, log more and more and more until you can find the line or value that's breaking stuff.
Heck there are dozens of ways for non-malicious attackers to accidentally crash the server (all the unsafe collection access i've mentioned)
Now, I will try to develop the code more, but I do not want banned IPs to send requests/packets to the server. Will I do this with code or is it a different job?
Because the banning process doesn't seem to work properly
@cned
And if only a certain amount of packets are being sent, is it easy to prevent this?
And is that allowed by their ToS?
For information: See Supercell's Fan Content Policy.
The code in tcp seems fine, other than the persisten connection problem. The udo client has no protection, and does the same logic, and that’s harder to block in code since it’s a connection less protocol. The best bet is to hand this outside code, at a firewall level, since that will be more reliable and you wont have to waste code processing the connection at all.
So are you saying to use something like a firewall? I don't quite understand.
Yes. Whatever hosting you are using will have a way to block connections.
Aws
I’ve not used AWS, so I’m not familiar with there networking configuration options.
Can this be done automatically?
Doubtful.
Magically knowing when you get a bad packet isn’t going to be something anything can do.
What can I do if I learn the package?
Either fix the code that’s handling that packet wrong, or try to block the ip of the sender and hope they don’t move.
I think I understand, I will let you know if there is any development.
Well, an idea came to my mind (I think it's illogical)
@cned So how is this code?
All you had to do was add an if check in the old OnReceive method... This code is wildly different and still doesn't solve the problem. Once in the HandleClient loop, nothing ever exits it. I think you might want to start with a smaller project if you are just learning C#.
I am doing this project to earn money, I will start different projects to learn, thank you for your support, I think the best thing is to buy ddos protected vds.
learning by trying to implement security for a real system is not a good idea, leave that to people who know what they're doing
This problem has nothing to do with ddos.
I'm going to step away from this, because I'm not sure how this project vibes with the ToS of Brawl Stars.
For information: See Supercell's Fan Content Policy. 🙂