(Ignore thread unless relevant to you.) Related to host downtime due to DDoS

Dear server owners, if you have any evidence or suspicious activity regarding users that may have inflicted DDoS upon server entry by server hopping/address grab, or weird behavior in general, post your observations here.

Airio server console admins if you face any errors related to server stop-start or this DDoS routine please feel free to raise any issues here.

I don't have any proof, but I think I know who did it. There are too many suspicious people. Besides, even a normal person can do this. All it needs to do is learn the IP addresses of the servers. This is very easy to learn. These attacks have happened before. I think it's been a few months. Scawen made special settings for the hosts. But they seem to have gotten ahead of this. While I thought they would get bored and give up the attacks within a few days, the opposite happened. It looks like we will be exposed to these attacks for a few weeks.

It would be wrong to blame anyone in this forum. Even if you know a person is doing this, there is nothing you can do. You have to try to get along with the attackers. Do you have any other options?

Quote from RealistAdam :

I don't have any proof, but I think I know who did it. There are too many...

Realistically speaking, the only way to stop the attacks (if we infer that it's not going away soon) is to make the TR playerbase (nice, regular guys like you) to force the ddoser to show his hand. How we achieve that I won't suggest, as I am against that, but I don't see any other way out of this, especially since there's not really been a clear motive - it's not purely targeting one server like e.g TC.

So we're all fighting this blind. So any amount of leads would help, so at least if someone were to attempt to curb the attacks, they'd have some sort of reference point with the usernames. That's the purpose really.

What will we do to find the people who carried out the attacks? Will Scawen report them? Or if they have licenses, will they cancel their licenses? The first option seems ridiculous. The second option, if done, will make them even angrier. It's best not to deal with them. Or you need to get along with the attackers. Because there's nothing you can do. You will understand this.

I have had a server for over a year. We have been exposed to these attacks from the very beginning.

After 1 year, ddos ​​problems could be prevented. But that doesn't stop them. There was no server that was attacked by ddos ​​as much as me.

We established good faith relations with the attackers. If we didn't do this, they would continue the attacks. This may seem like a conflict of interest, but there really is no other choice.

Revealing their identities will make them angrier. I think you should close this issue.

If their identities were to be revealed, it wouldn't be very hard to trace them back to their place of living, a kind report to the local police station would warrant enough intimidation to stop them. It is an extreme options, I concur, however, if that's what must be done. DDoS'ing is a crime everywhere in the world.

Doxxing someone is bad, I agree, however if they're willing to do this to a small community like LFS for years, it's pretty deserved IMO.

We cannot detect those who do this by guessing. Evidence will also be required. Documents vs. This seems unlikely.

Also, the development team had sent me an email in the past. LFS does not have the necessary resources to exercise its legal rights. I share it here;

Hello,

Unfortunately from time to time we get ddos attacks. There is very
little we can do, as we already try to guard against them as best we can
within our means. You are probably aware that we are a tiny company and
we do not have the time, money or resources to take legal action.

LFS Tech

Sorry Sean, that just sounds ridiculous and discussing it in public here doesn't really help the odds of succesful bait & switch

Quote from johneysvk :

Sorry Sean, that just sounds ridiculous and discussing it in public here doesn't really help the odds of succesful bait & switch

Fair, removed.

Hello LFS team. I upload a screenshot of the host control on the web. As you can see, the activity log does not appear in the console. You also cannot see the IP addresses of connected users. Also on our demo server I noticed that the number of users was higher.

I had the same blank log yesterday, but a restart of the server fixed it

Quote from Racon :

I had the same blank log yesterday, but a restart of the server fixed it

Same 👍

Don't misunderstand my opinion, but there has been no attack since the [TC] CityDriving server was closed. Apparently it could be the work of someone banned from the server.

Quote from RealistAdam :

Don't misunderstand my opinion, but there has been no attack since the [TC] CityDriving server was closed. Apparently it could be the work of someone banned from the server.

Incorrect. Random servers still get ddosed. RTFR retro cup is delayed because of it right now...
Sometimes 1 server, sometimes half the server list gets wiped out.

What if the person is blackmailing the LFS devs to achieve something.
Just wait until Scawen replies.

Quote from Bass-Driver :

What if the person is blackmailing the LFS devs to achieve something.
Just wait until Scawen replies.

Hmm good point, been very quiet on the statement side of things

Hello LFS team. Today I managed to get Airio up and running on my team's servers. At the moment they are working well. I would have to control its stability with more users. Another thing... I could see the IPs displayed from the web control.

I just saw the following error in the AIRIO console

24.09.09 21:18:38 #1 AIRIO ERROR : Ya se ha agregado el elemento. Clave en el diccionario: 'China' Clave agregada: 'China'
of type System.ArgumentException
en System.Collections.Hashtable.Insert(Object key, Object nvalue, Boolean add)
en System.Collections.Hashtable.Add(Object key, Object value)
en LiveForSpeed.InSim.Airio.Airio.GetCountryCode(String country) en d:\Development Files\LFS_Airio\General.cs:línea 419
en LiveForSpeed.InSim.Airio.Airio.Command3(String part1, String part2, String part3) en d:\Development Files\LFS_Airio\Command3.cs:línea 761
en LiveForSpeed.InSim.Airio.Airio.ProcPreMsg(String comm, Boolean flood) en d:\Development Files\LFS_Airio\Command.cs:línea 79
en LiveForSpeed.InSim.Airio.Airio.Message_Handler(Connection sender, Message m) en d:\Development Files\LFS_Airio\Actions.cs:línea 54

Quote from ford taunus 2.3t :

I just saw the following error in the AIRIO console

24.09.09 21:18:38 #1 AIRIO ERROR : Ya se ha agregado el elemento. Clave en el diccionario: 'China' Clave agregada: 'China'
of type System.ArgumentException
en System.Collections.Hashtable.Insert(Object key, Object nvalue, Boolean add)
en System.Collections.Hashtable.Add(Object key, Object value)
en LiveForSpeed.InSim.Airio.Airio.GetCountryCode(String country) en d:\Development Files\LFS_Airio\General.cs:línea 419
en LiveForSpeed.InSim.Airio.Airio.Command3(String part1, String part2, String part3) en d:\Development Files\LFS_Airio\Command3.cs:línea 761
en LiveForSpeed.InSim.Airio.Airio.ProcPreMsg(String comm, Boolean flood) en d:\Development Files\LFS_Airio\Command.cs:línea 79
en LiveForSpeed.InSim.Airio.Airio.Message_Handler(Connection sender, Message m) en d:\Development Files\LFS_Airio\Actions.cs:línea 54

Thanks, noted. We are looking into the corrupt Airio instances. Will get back to you if theres a fix