Posting here for John's help after recommendation from support staff. NFO logged an SVN flood attack coming from our VDS, and said we need to track down which of our 5 TF2 gameservers it came from. Since we're on a managed platform, how exactly would we do this? I noticed one of the servers was shut down this morning, so I assumed they did it for us in order to stop the flood.
We run metamod/sourcemod with a small collection of plugins on each of our TF2 servers. Outside of updating to the latest snapshots and making sure plugins are current, what else could we do?
SVN flood warning from NFO - how to track down which gameser
-
- New to forums
- Posts: 1
- https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
- Joined: Sun Mar 03, 2013 12:17 pm
Re: SVN flood warning from NFO - how to track down which gam
I remember posting that event last night. Looking at the traffic again in depth today, your server was likely responding to an attack instead of launching an attack itself. We can talk more about this in your support request, if you'd like (ask for it to be assigned to me), but I think that you likely will not need to follow up further on it.
For others as a reference, in general, when we see attacks launched from managed game servers, they are launched through specially-crafted plugins. Looking at the plugins on a server for something unusual that an admin may have added is usually the first step in trying to resolve an outbound attack.
For others as a reference, in general, when we see attacks launched from managed game servers, they are launched through specially-crafted plugins. Looking at the plugins on a server for something unusual that an admin may have added is usually the first step in trying to resolve an outbound attack.