Doss attack

[Malachiel87]

hi i just noticed people recently have fun attacking my server to port 80, so fastlogin is unable to comunicate with mojang server trowing this error https://gist.github.com/xion87/e6e8775da95d06153a3e617e33ea1665 I am using fastlogin 1.11-SNAPSHOT-62a8b93 at bungee/login/hub1/hub2 there is any thing that i can do for prevent it? i am using ovh dedicate

[games647]

First of all this error is about DNS requests. (port 53 I believe) Furthermore how the port 80 related to this. FastLogin connecting to the Mojang API strictly using HTTPS (TLS -> port 443). Even then port 443 is the target server port, not the local port used to hold this connection. You can verify this for example using the Linux tool ss -t.

[Malachiel87]

so i can just limit the maximum connection to that port? or what you suggest? using iptables maybe

[games647]

Yes you can block that port, but maybe you should allow outgoing TCP connections in case any plugin requires HTTP (not HTTPS) connection. However, nowadays with certificate services like Let's Encrypt all services should use HTTPS every time.

[games647]

Besides IPTables are also easier solutions like ufw. IMO it's easier to manage it.

[Malachiel87]

the problem that i use also ptero panel for manage my server and are all dockered

[games647]

[/127.0.0.11:53] query timed out after 5000 milliseconds

Could please check if your local DNS server port is closed to the public? This sounds more like an attack (or just a crashed) on the local resolver.

[Malachiel87]

it happen only when i get the email from ovh that my server is under attack

[games647]

I don't know how OVH DDOS protection works, but maybe it blocks DNS requests on the OVH DNS server if that happens. You could try to switch to different DNS provider.

[Malachiel87]

I use cloudflare as dns provider... Maybe is that

Il dom 20 ott 2019, 20:26 games647 notifications@github.com ha scritto:

I don't know how OVH DDOS protection works, but maybe it blocks DNS requests on the OVH DNS server if that happens. You could try to switch to different DNS provider.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/games647/FastLogin/issues/276?email_source=notifications&email_token=AA3RZTHAOUZ5RMQQJTTNPNLQPSPDVA5CNFSM4JCUPBB2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEBYQORA#issuecomment-544278340, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA3RZTGSD2O6XLFVP4T7IP3QPSPDVANCNFSM4JCUPBBQ .

[games647]

No I meant the DNS server that is used by your server and not pointing to your server.

EDIT: So your server trying to resolve addresses to connect to websites for example.

[sgdc3]

What about defining "143.204.5.174 sessionserver.mojang.com" in your hosts file?

[Malachiel87]

same issue https://gist.github.com/xion87/dffdb1ede8af568b1b4854c1629607d0