English Last server to appear in the serverlist

20 replies
Goto Page
To the start Previous 1 2 Next To the start
Up
mrc
User
Offline Off
Idk why this is happening but my server takes too long to appear in the serverlist. Usually it appears only after all the servers are loaded plus more few seconds, and it's annoying because nobody will wait that long to find my server. There is no firewall set, just the native antiddos from my VPS, Ive tryied running with and without nohup, with realport command and nothing. Anybody know what I can try to fix it? If you wait it appear and then refresh the list the server show instantly. Weird. I need help!
CS2D World @ www.CS2D.com.br
13.04.18 08:13:54 pm
Up
Nekomata
User
Offline Off
Where is your VPS located?
13.04.18 08:55:50 pm
Up
mrc
User
Offline Off
miami, florida (USA East)
CS2D World @ www.CS2D.com.br
13.04.18 10:01:35 pm
Up
Nekomata
User
Offline Off
That might be an issue. Also do you have a lot of LUA scripts, etc? Server performance may affect it showing up on the server list.
13.04.18 10:21:28 pm
Up
mrc
User
Offline Off
No. The latency and tickrate are perfect, the only problem is with the serverlist.
CS2D World @ www.CS2D.com.br
13.04.18 10:22:55 pm
Up
M3_Quick
User
Offline Off
@user mrc: it is due to firewall security groups configured in your virtual machine or in your administration panel.(security group
).
Pd. You must configure the IP range allowed for your servers to appear quickly and if you have an antidic configuration, it should also be checked. √


Pd. Remember that when you add an antiddos configuration, what you add is actually another ip that receives the traffic and sends it to your server and that generates additional latency.

in a few words so that your server appears quickly you must open the correct port ranges, eliminate the ip antiddos, and configure the ports within your operating system that you want.
edited 2×, last 13.04.18 10:30:07 pm
ServerLove.foromx.net
13.04.18 10:29:04 pm
Up
mrc
User
Offline Off
I used:

systemctl stop firewalld
systemctl disable firewalld

then it solved my problem, BUT I think my server isnt secure for DDoS. I'll take a look on it. Do you have any suggestion so I can configure here?
edited 1×, last 13.04.18 10:35:25 pm
CS2D World @ www.CS2D.com.br
13.04.18 10:31:45 pm
Up
M3_Quick
User
Offline Off
your operating system is windows or linux?

If you want you can contact me by discord, I am willing to help you with your problem.
ServerLove.foromx.net
13.04.18 10:41:05 pm
Up
mrc
User
Offline Off
I edited my previous post, disabling the firewall solve the problem, BUT probably my server isnt secure anymore right? Do you know how to configure it to be protected and list fast?
CS2D World @ www.CS2D.com.br
13.04.18 10:50:07 pm
Up
saleel al sawarim
User
Offline Off
user mrc, user M3_Quick knows all the settings so that the server appears from the second 1 when opening the list of servers, i think you should contact him
Al Qaeda*~ bin laden
13.04.18 10:52:18 pm
Up
DC
Admin
Offline Off
You shouldn't let a firewall check game traffic. That's a bad idea in general. It may lead to bad pings.
It should be sufficient to add a firewall exception for the UDP port of your CS2D server. This way all other traffic will still be checked by the firewall.

I assume what's going on if you have the firewall enabled is this:
• people send an info request via the server list (this happens automatically when opening the server list)
• your server's firewall rejects the request because it's from an unknown address
• after a while U.S.G.N.'s NAT hole punching algorithm kicks in. This means the client (who opened the server list) will send a request to a U.S.G.N. master server which will then tell your server to send a message to the client. The master server can only reach your server because your server already sent data to the master server beforehand. After your server sent a message to the client, subsequent info request can pass the firewall.

NAT hole punching takes some time. And depending on circumstances it may only work on the second server list load / on re-load. This would explain why your server appears but with a huge delay.
www.UnrealSoftware.de | www.CS2D.com | www.CarnageContest.com | Use the forum & avoid PMs!
13.04.18 10:57:22 pm
Up
mrc
User
Offline Off
@user DC: but adding an exception for my 36963 udp port (for example) wouldnt make my CS2D server vulnerable if the attacker uses the 36963 udp port to attack?
CS2D World @ www.CS2D.com.br
13.04.18 10:59:26 pm
Up
DC
Admin
Offline Off
If you didn't specify any specific rules for CS2D it probably won't help you anyway. I'm not very experienced in this topic though.
www.UnrealSoftware.de | www.CS2D.com | www.CarnageContest.com | Use the forum & avoid PMs!
14.04.18 12:53:39 am
Up
M3_Quick
User
Offline Off
there is no configuration in the firewall that can stop the attacks, if the attack exceeds your download speed, your server and your connection will fall in all modes. the firewall configuration blocks the scripts / ddos not the packets themselves.

The only solution is to have a super fast download speed so that the attack does not flood your network card with incoming requests.
IMG:http://oi63.tinypic.com/2gul6s2.jpg


my connection is 967.18, if the attack is 967.19, my server will fall with or firewall configuration.




2x edit: Antiddos solutions are not designed for online games at the moment.

Quote:
I assume what's going on if you have the firewall enabled is this:
• people send an info request via the server list (this happens automatically when opening the server list)
• your server's firewall rejects the request because it's from an unknown address
• after a while U.S.G.N.'s NAT hole punching algorithm kicks in. This means the client (who opened the server list) will send a request to a U.S.G.N. master server which will then tell your server to send a message to the client. The master server can only reach your server because your server already sent data to the master server beforehand. After your server sent a message to the client, subsequent info request can pass the firewall.


that does not matter on a website since websites are generally used as an antiddos system and take a while to load.

• ip Antiddos system:

IMG:https://nexnetsolutions.com/wp-content/uploads/2013/04/DDoS-1024x637.png


there are also pages that do not take long to load as youtube, but those pages have a connection of approximately 100 terabytes and support almost any attack.

On the other hand, it is easier to make an attack instead of stopping it


• pro ddos atack:
IMG:http://mundo-hackers.weebly.com/uploads/9/8/5/0/98506118/ddos-ataque-grafica-610x413_orig.png



there are many threads about these cases so I gave a little clearer explanation.
edited 2×, last 14.04.18 01:30:26 am
ServerLove.foromx.net
14.04.18 01:35:01 am
Up
DC
Admin
Offline Off
@user M3_Quick: DDoS is just one of many possible attacks. There are many other attacks which can be stopped with the right firewall rules. Even DDoS can be weakened with the right rules. Depending on the strength of the attack of course. If the attack takes all the bandwidth a firewall won't help for obvious reasons.

Also there is no relation between what you quoted from me and what you wrote. N.A.T. hole punching is neither an attempt to protect something nor related to DDoS in any way. It's just a way to make servers behind routers/firewalls accessible.
www.UnrealSoftware.de | www.CS2D.com | www.CarnageContest.com | Use the forum & avoid PMs!
14.04.18 02:11:45 am
Up
mrc
User
Offline Off
My VPS can handle the ddos attacks but the cs2d_dedicated don't, it crashes or freezes until the attack end, but the VPS keep normal. With the firewall enabled nothing happens with the cs2d_dedicated when attacked but the server doesnt appear fast in the list as I already said. So whats the best choice?
CS2D World @ www.CS2D.com.br
14.04.18 02:25:39 am
Up
M3_Quick
User
Offline Off
@user DC: it is not the only attack that locks cs2d servers, but it is the most common.
the only isolated case that I know is that of one of rodion, which disabled the linux servers without protection.
with a little program that that kind development.
Anyway, I do not think this is the case.

edit: @user DC: I am clear that NAT has nothing to do with the firewall or with ddos, only that he points out that he previously used an IP address antidoos and showed him how that IP worked, since that generated an additional delay and his servers were slow to appear .
anyway, in your comment you're right, My ability to express myself in this language is bad and I do not understand myself well.


@user mrc: look for a vps with a good cpu since incoming requests usually saturate the cpu before your bandwidth and that causes your dedicated to freeze during the attack lasts.

that was the solution that worked best for me, you can also use a small firewall configuration that weakens the attack a bit.
edited 2×, last 14.04.18 04:49:12 am
ServerLove.foromx.net
14.04.18 10:45:02 am
Up
DC
Admin
Offline Off
Yup, that's right. CS2D will cause a very high CPU load when trying to handle all UDP packets from a DDoS attack.

I assume that the firewall simply discards unknown incoming UDP traffic like described before. This way malicious UDP packets don't arrive at CS2D and do not cause CPU load there.

The firewall can most likely handle more packets with less CPU load. That's why it works.

Maybe there is a way to adjust the firewall rules? e.g.: first X UDP packet(s) from an unknown source IP are always allowed to pass and if CS2D replies within a few seconds the address gets white listed otherwise black listed. Not sure if the firewall you're using allows such complex rules.
www.UnrealSoftware.de | www.CS2D.com | www.CarnageContest.com | Use the forum & avoid PMs!
14.04.18 04:49:21 pm
Up
mrc
User
Offline Off
firewalld from centos 7.
CS2D World @ www.CS2D.com.br
14.04.18 07:31:03 pm
Up
M3_Quick
User
Offline Off
@user mrc: Centos 7 ;o
Perhaps something like this helps in reducing the number of connection attempts:

Code:
1
2
iptables -I INPUT -p udp --dport 27015 -m string --to 55 --algo kmp --hex-string '|fe ff ff ff 31 32 33 20|' -j DROP
iptables -I INPUT -p udp --dport 27015 -m string --to 55 --algo kmp --hex-string '|ff ff ff ff 55 00 00 00 00|' -j DROP


in reality this should not cause delay and eliminates a percentage of unwanted packages.


ServerLove.foromx.net
To the start Previous 1 2 Next To the start