A "bot" is a software agent, daemon or script that runs autonomously and automatically. While this can be useful in a cluster of servers (working as one in a redundant fashion), moving "busy" daemons or services to "less busy" servers in real time, mostly they are used maliciously to continually hammer servers on the net looking for exploits and in turn, reporting or acting on those found exploits.
"Bot Netting" is slang for the latter. Unless you fully block the offending user, he/she/it will have access to continue hunting for more ways to be annoying or destructive. Blocking their steam ID just prevents the game server from allowing them in. They can still "see" your server in the typical ways and continue to hack at it endlessly if they choose. The only way to get rid of them is to block their IP fully. Years ago I used to spend countless hours in the middle of the night manually managing all the IP blocks - individually and by segment. After many years, with no obvious reduction in "hammering" (almost 12,000 hack attempts a day across my whole farm at one point), I had enough and decided just to ban large portions of the internet. My business hosts these servers, and I'm a local business - maybe a 100 mile radius. So if some guy in France cannot play dod on my server, sorry, but too bad. You'll have to balance your effort to maintain a block list versus the precision at which you will implement such a thing. Obviously blocking 600 IP addresses manually is more work than banning 5 IP segments that cover 596 of those IP addresess. I choose the latter. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Monday, May 10, 2010 4:48 PM To: Half-Life dedicated Linux server mailing list Subject: Re: [hlds_linux] Protect L4D2 servers Thanks for your fast reply. The problem is that the attacker lives in my country, and I am sure he has dynamic IP that changes everytime he connects to the internet. I have banned his STEAM ID in all our servers, dunno if that helps. I have also installed the following source mods: 01 "Basic Info Triggers" (1.3.2-dev) by AlliedModders LLC 02 "Basic Chat" (1.3.2-dev) by AlliedModders LLC 03 "Forlix FloodCheck" (1.7) by Forlix (Dominik Friedrichs) 04 "RCON Lock" (0.6.6) by devicenull 05 "Player Commands" (1.3.2-dev) by AlliedModders LLC 06 "Fun Commands" (1.3.2-dev) by AlliedModders LLC 07 "Basic Commands" (1.3.2-dev) by AlliedModders LLC 08 "Admin File Reader" (1.3.2-dev) by AlliedModders LLC 09 "Client Preferences" (1.3.2-dev) by AlliedModders LLC 10 "Basic Votes" (1.3.2-dev) by AlliedModders LLC 11 "Reserved Slots" (1.3.2-dev) by AlliedModders LLC 12 "Basic Ban Commands" (1.3.2-dev) by AlliedModders LLC 13 "Fun Votes" (1.3.2-dev) by AlliedModders LLC 14 "Sound Commands" (1.3.2-dev) by AlliedModders LLC 15 "Admin Help" (1.3.2-dev) by AlliedModders LLC 16 "Basic Comm Control" (1.3.2-dev) by AlliedModders LLC 17 "Admin Menu" (1.3.2-dev) by AlliedModders LLC 18 "Anti-Flood" (1.3.2-dev) by AlliedModders LLC 19 <Failed> "Kigen's Anti-Cheat" (1.2.1.0) by Kigen 20 Disabled: "Nextmap" (1.3.2-dev) by AlliedModders LLC I dont know why kigen anti cheat fails to load :\ I have also did the following comamnds: iptables -A INPUT -p udp --dport 27015 -m length --length 28 -j DROP to all my server ports. All of this helped because I talked today with the attacker and he could not crash my server. here is the chat log: - > BaR - >: so.. you blocked DDOS attack - > BaR - >: can you block bot netting? - > BaR - >: i don't think so ;) - > BaR - >: you'r ports still opren - > BaR - >: openm* - > BaR - >: open* -.- - > BaR - >: #1 you can't block the port "when player join a game" - > BaR - >: and with this port i can crash.. What does he mean bot netting? and didnt the following commands blocked the ports: iptables -A INPUT -p udp --dport 27015 -m length --length 28 -j DROP ? thanks! _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
