Possibly under q3boom/q3fill attack -1 reply

Please wait...

Guest

I didn't make it!

0 XP

 
#1 10 years ago

Hello,

the deal is that I'm running a Jedi Academy server (several mods tried out, including JA+, FM3 and OJP) on a home-host from Windows (also tried Linux under Vmware to no avail). The problem is that for some reason, the player number can't get any higher than around 5 (sometimes 4, sometimes 6) else the server begins to lag in an odd way (the lag-o-meter shows that the bandwidth is green, i.e. low lag, with short lines of red, i.e. big lag).

At the same time, more people attempting to connect will get stuck on the "Awaiting gamestate" screen, which again, terribly begins to lag clients already connected, sometimes the connected clients would even randomly disconnect without their consent. Whenever there is a mapchange, the connected clients get stuck on the "Awaiting snapshot" screen.

Now, we've tried thousands of solutions including server reinstall, changing mods, and changing about a million values in the cfgs for both the server and the clients, to no avail. Sometimes, it would stop for a day or two after a change of IP, it also already stopped happening for about a month without anything being actually changed.

The server has been subject to two DDoS attacks before, done by two FFAers who were kicked out (it's a roleplaying server), they said something like "u will regret this", and the moment later the server, and my connection went down as I got under a DDoS attack. From time to time, the server would also get flooded by 20+ clients with random names such as "aahdasjsaaaas", which is what makes me believe someone is using a q3fill exploit on the server.

Now, I don't know what exactly it is that q3boom does, and I don't know if a patch for it isn't included in the JKA patch or something, or if this isn't caused by something else. However, I'd like to ask you all if you have any idea about this, how to fix it, or just about anything relevant. Thanks in advance.

EDIT: I also just remembered, admins often cannot use RCON when the "bug hits".




~*Seto*~

Trapped in the interchet

50 XP

19th October 2007

0 Uploads

334 Posts

0 Threads

#2 10 years ago

Q3fill connects fake players to the server. If there are none of those, then you aren't under this attack.

Q3infoboom crashes an unpatched server. If your server isn't crashing, then you aren't under/affected by this attack.

There is a tool that can function as an rcon blocker by spamming the server such that the rcon flood protect kicks in, but this attack is pretty weak and a little bit of persistence with your desired rcon command (ie, bind a key to do it) will overcome it pretty quickly.

Anyways, if you are running any mod, make sure you use the latest versions of them, or if you run basejka I recommend searching for Gamall's basejka fix on the jkfiles main site. By the way, is this a public server from a company or run from a home PC? If from a home PC, you may have limited bandwidth or your machine could be somewhat stressed out, which might explain lag when more than just a few connections are established.




Guest

I didn't make it!

0 XP

 
#3 10 years ago

Thanks for the reply. Aren't there any other known exploits?

I'm 100% positive that the server runs the newest JA+, OJP, FM3 versions as all were tried. This is a home-hosted server, however this didn't occur before (about 4 months back), on the same server under the same ISP, we got around 20 people with no problems - nothing changed since then.




NAB622

EAT ME!

50 XP

8th October 2005

0 Uploads

6,921 Posts

0 Threads

#4 10 years ago

What is your CPU and RAM speed? It does matter. I've had 14 people on my server once, and it ran fine. Later on, it was only able to hold about 5. (Personally, I blame windows updates...)

Have you scanned for spyware?




loda

the dude

50 XP

18th March 2005

0 Uploads

294 Posts

0 Threads

#5 10 years ago