RX and MH attack.

=(V)= Server 2: MH2 NW3
Image
Post Reply
User avatar
=(V)=Mar
Colonel
Posts: 2602
Joined: Fri Oct 11, 2013 7:27 pm
Has thanked: 9 times
Been thanked: 20 times

RX and MH attack.

Post by =(V)=Mar »

► Show Spoiler
Looks like someone was flooding the server port. Both RX and MH, BT wasn't affected or logs were already overwritten.

Can you block it RJ?
User avatar
=(V)=RocketJedi
Lieutenant Colonel
Posts: 11559
Joined: Fri Oct 11, 2013 8:41 pm
Location: New York
Has thanked: 72 times
Been thanked: 17 times
Contact:

Re: RX and MH attack.

Post by =(V)=RocketJedi »

you need to do a packet capture on nfo when this happens ill post about it .. doubt they will do anything.

i submitted the logs the ip is from poland. not the same isp as miko
Image

Image

=(V)=BloodyRabbit wrote: Tue Oct 10, 2017 3:13 pm That was EPIC! I just creamed all over my panties!!!
User avatar
=(V)=Mar
Colonel
Posts: 2602
Joined: Fri Oct 11, 2013 7:27 pm
Has thanked: 9 times
Been thanked: 20 times

Re: RX and MH attack.

Post by =(V)=Mar »

Saw this on an old log of RX8 server:
XServerQuery: Received 'secure' query from 81.190.224.179.
XServerQuery: Query: \secure\hzvn8c
XServerQuery: Received 'secure' query from 81.190.224.179.
XServerQuery: Query: \secure\54G82u
XServerQuery: Received 'secure' query from 81.190.224.179.
XServerQuery: Query: \secure\7S5M2J
XServerQuery: Received 'secure' query from 81.190.224.179.
XServerQuery: Query: \secure\KOg4Cf
Same ISP as first post.
User avatar
=(V)=RocketJedi
Lieutenant Colonel
Posts: 11559
Joined: Fri Oct 11, 2013 8:41 pm
Location: New York
Has thanked: 72 times
Been thanked: 17 times
Contact:

Re: RX and MH attack.

Post by =(V)=RocketJedi »

blocked both

put ip in browser and got this
You do not have the required permissions to view the files attached to this post.
Image

Image

=(V)=BloodyRabbit wrote: Tue Oct 10, 2017 3:13 pm That was EPIC! I just creamed all over my panties!!!
User avatar
=(V)=Mar
Colonel
Posts: 2602
Joined: Fri Oct 11, 2013 7:27 pm
Has thanked: 9 times
Been thanked: 20 times

Re: RX and MH attack.

Post by =(V)=Mar »

Found this on old RX log

Code: Select all

XServerQuery: Received 'secure' query from 84.83.176.234.
XServerQuery: Query: \secure\IHVFEW
XServerQuery: Received 'secure' query from 84.83.176.234.
XServerQuery: Query: \secure\GGOZRS
XServerQuery: Received 'secure' query from 84.83.176.234.
XServerQuery: Query: \secure\MARFHA
XServerQuery: Received 'secure' query from 84.83.176.234.
XServerQuery: Query: \secure\MGMATN
It is from 333Network ?
You do not have the required permissions to view the files attached to this post.
User avatar
=(V)=RocketJedi
Lieutenant Colonel
Posts: 11559
Joined: Fri Oct 11, 2013 8:41 pm
Location: New York
Has thanked: 72 times
Been thanked: 17 times
Contact:

Re: RX and MH attack.

Post by =(V)=RocketJedi »

looks like it. should re move their query servers? There was a concern when they started their backup query server when everyone thought the epic query servers were going down that it would be used for attacks.
Image

Image

=(V)=BloodyRabbit wrote: Tue Oct 10, 2017 3:13 pm That was EPIC! I just creamed all over my panties!!!
User avatar
=(V)=Mar
Colonel
Posts: 2602
Joined: Fri Oct 11, 2013 7:27 pm
Has thanked: 9 times
Been thanked: 20 times

Re: RX and MH attack.

Post by =(V)=Mar »

Search "secure" (6 files)
  BT\server-old.log (88 hits)
	Line 232: XServerQuery: Received 'secure' query from 69.64.59.248.
	Line 233: XServerQuery: Query: \secure\AFVVWH
	[...]
	Line 262: XServerQuery: Received 'secure' query from 84.83.176.234.
	Line 263: XServerQuery: Query: \secure\CRDEOB
	[...]
  MH\server-old.log (18 hits) 
	Line 655: XServerQuery: Received 'secure' query from 69.64.59.248.
	Line 656: XServerQuery: Query: \secure\AIFPMV
	[...]
  MH\server.log (70 hits)
	[...]
	Line 7486: XServerQuery: Received 'secure' query from 84.83.176.234.
	Line 7487: XServerQuery: Query: \secure\OXYLCC
	[...]
  RX\server-old.log (96 hits)
	Line 349: XServerQuery: Received 'secure' query from 69.64.59.248.
	Line 350: XServerQuery: Query: \secure\DBYNNE
	[...]
	Line 4766: XServerQuery: Received 'secure' query from 84.83.176.234.
	Line 4767: XServerQuery: Query: \secure\WMVLHL
	[...]
  RX2Rosebum\server-old.log (88 hits)
	[...]
	Line 3259: XServerQuery: Received 'secure' query from 69.64.59.248.
	Line 3260: XServerQuery: Query: \secure\SLZYSW
	[...]
	Line 3265: XServerQuery: Received 'secure' query from 84.83.176.234.
	Line 3266: XServerQuery: Query: \secure\HXLNVS
	[...]
  Siege\server-old.log (96 hits)
	[...]
	Line 259: XServerQuery: Query: \secure\LJFSMS
	Line 260: XServerQuery: Received 'secure' query from 84.83.176.234.
	[...]
	Line 261: XServerQuery: Query: \secure\ 
	Line 262: XServerQuery: Received 'secure' query from 69.64.59.248.
	[...]
@=(V)=RocketJedi
Please block these IPs from all servers:
69.64.59.248
84.83.176.234
User avatar
=(V)=Mar
Colonel
Posts: 2602
Joined: Fri Oct 11, 2013 7:27 pm
Has thanked: 9 times
Been thanked: 20 times

Re: RX and MH attack.

Post by =(V)=Mar »

Also NFO registered an Attack too, but just to Siege:

*Dunno how to see the IP of the attacker.
You do not have the required permissions to view the files attached to this post.
User avatar
=(V)=RocketJedi
Lieutenant Colonel
Posts: 11559
Joined: Fri Oct 11, 2013 8:41 pm
Location: New York
Has thanked: 72 times
Been thanked: 17 times
Contact:

Re: RX and MH attack.

Post by =(V)=RocketJedi »

=(V)=Mar wrote: Sat Apr 08, 2017 9:47 am
Search "secure" (6 files)
  BT\server-old.log (88 hits)
	Line 232: XServerQuery: Received 'secure' query from 69.64.59.248.
	Line 233: XServerQuery: Query: \secure\AFVVWH
	[...]
	Line 262: XServerQuery: Received 'secure' query from 84.83.176.234.
	Line 263: XServerQuery: Query: \secure\CRDEOB
	[...]
  MH\server-old.log (18 hits) 
	Line 655: XServerQuery: Received 'secure' query from 69.64.59.248.
	Line 656: XServerQuery: Query: \secure\AIFPMV
	[...]
  MH\server.log (70 hits)
	[...]
	Line 7486: XServerQuery: Received 'secure' query from 84.83.176.234.
	Line 7487: XServerQuery: Query: \secure\OXYLCC
	[...]
  RX\server-old.log (96 hits)
	Line 349: XServerQuery: Received 'secure' query from 69.64.59.248.
	Line 350: XServerQuery: Query: \secure\DBYNNE
	[...]
	Line 4766: XServerQuery: Received 'secure' query from 84.83.176.234.
	Line 4767: XServerQuery: Query: \secure\WMVLHL
	[...]
  RX2Rosebum\server-old.log (88 hits)
	[...]
	Line 3259: XServerQuery: Received 'secure' query from 69.64.59.248.
	Line 3260: XServerQuery: Query: \secure\SLZYSW
	[...]
	Line 3265: XServerQuery: Received 'secure' query from 84.83.176.234.
	Line 3266: XServerQuery: Query: \secure\HXLNVS
	[...]
  Siege\server-old.log (96 hits)
	[...]
	Line 259: XServerQuery: Query: \secure\LJFSMS
	Line 260: XServerQuery: Received 'secure' query from 84.83.176.234.
	[...]
	Line 261: XServerQuery: Query: \secure\ 
	Line 262: XServerQuery: Received 'secure' query from 69.64.59.248.
	[...]
@=(V)=RocketJedi
Please block these IPs from all servers:
69.64.59.248
84.83.176.234
hmmm

https://cache.gametracker.com/server_in ... 248:12245/

https://www.gametracker.com/server_info ... .234:7777/
https://www.gametracker.com/server_info ... .234:7737/
managed by darkelarious this name sounds familiar

time to remove 333 networks looks like people were right about attacks coming from there

banned at router
Image

Image

=(V)=BloodyRabbit wrote: Tue Oct 10, 2017 3:13 pm That was EPIC! I just creamed all over my panties!!!
User avatar
=(V)=RocketJedi
Lieutenant Colonel
Posts: 11559
Joined: Fri Oct 11, 2013 8:41 pm
Location: New York
Has thanked: 72 times
Been thanked: 17 times
Contact:

Re: RX and MH attack.

Post by =(V)=RocketJedi »

=(V)=Mar wrote: Sat Apr 08, 2017 10:00 am Also NFO registered an Attack too, but just to Siege:

*Dunno how to see the IP of the attacker.
Geographic Information for 173.82.151.131:
Canyon Country, California (City Details)
Country: United States (US)
State: California (CA)
City: Canyon Country

Zip Code: 91387
Area Code: (661) Latitude: 34.4065
Longitude: -118.4015
173.82.151.131 Host Information:
ASN Host Id: AS35916 ASN Host: MULTACOM CORPORATION
Image

Image

=(V)=BloodyRabbit wrote: Tue Oct 10, 2017 3:13 pm That was EPIC! I just creamed all over my panties!!!
Post Reply

Return to “Server 2 - =(V)= MONSTERHUNT2 NaliWeapons3+RX8 *FINAL*”