FastLogin icon indicating copy to clipboard operation
FastLogin copied to clipboard

Published 20 hours ago verified publisher icon games647

Doss attack

Open Malachiel87 opened this issue 6 years ago • 12 comments

hi i just noticed people recently have fun attacking my server to port 80, so fastlogin is unable to comunicate with mojang server trowing this error https://gist.github.com/xion87/e6e8775da95d06153a3e617e33ea1665 I am using fastlogin 1.11-SNAPSHOT-62a8b93 at bungee/login/hub1/hub2 there is any thing that i can do for prevent it? i am using ovh dedicate

Malachiel87 avatar Oct 20 '19 14:10 Malachiel87

First of all this error is about DNS requests. (port 53 I believe) Furthermore how the port 80 related to this. FastLogin connecting to the Mojang API strictly using HTTPS (TLS -> port 443). Even then port 443 is the target server port, not the local port used to hold this connection. You can verify this for example using the Linux tool ss -t.

TuxCoding avatar Oct 20 '19 14:10 TuxCoding

so i can just limit the maximum connection to that port? or what you suggest? using iptables maybe

Malachiel87 avatar Oct 20 '19 15:10 Malachiel87

Yes you can block that port, but maybe you should allow outgoing TCP connections in case any plugin requires HTTP (not HTTPS) connection. However, nowadays with certificate services like Let's Encrypt all services should use HTTPS every time.

TuxCoding avatar Oct 20 '19 15:10 TuxCoding

Besides IPTables are also easier solutions like ufw. IMO it's easier to manage it.

TuxCoding avatar Oct 20 '19 15:10 TuxCoding

the problem that i use also ptero panel for manage my server and are all dockered

Malachiel87 avatar Oct 20 '19 15:10 Malachiel87

[/127.0.0.11:53] query timed out after 5000 milliseconds

Could please check if your local DNS server port is closed to the public? This sounds more like an attack (or just a crashed) on the local resolver.

TuxCoding avatar Oct 20 '19 15:10 TuxCoding

it happen only when i get the email from ovh that my server is under attack

Malachiel87 avatar Oct 20 '19 15:10 Malachiel87

I don't know how OVH DDOS protection works, but maybe it blocks DNS requests on the OVH DNS server if that happens. You could try to switch to different DNS provider.

TuxCoding avatar Oct 20 '19 18:10 TuxCoding

I use cloudflare as dns provider... Maybe is that

Il dom 20 ott 2019, 20:26 games647 [email protected] ha scritto:

I don't know how OVH DDOS protection works, but maybe it blocks DNS requests on the OVH DNS server if that happens. You could try to switch to different DNS provider.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/games647/FastLogin/issues/276?email_source=notifications&email_token=AA3RZTHAOUZ5RMQQJTTNPNLQPSPDVA5CNFSM4JCUPBB2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEBYQORA#issuecomment-544278340, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA3RZTGSD2O6XLFVP4T7IP3QPSPDVANCNFSM4JCUPBBQ .

Malachiel87 avatar Oct 20 '19 18:10 Malachiel87

No I meant the DNS server that is used by your server and not pointing to your server.

EDIT: So your server trying to resolve addresses to connect to websites for example.

TuxCoding avatar Oct 20 '19 19:10 TuxCoding

What about defining "143.204.5.174 sessionserver.mojang.com" in your hosts file?

sgdc3 avatar Oct 22 '19 15:10 sgdc3

same issue https://gist.github.com/xion87/dffdb1ede8af568b1b4854c1629607d0

Malachiel87 avatar Oct 29 '19 17:10 Malachiel87