SVN flood warning from NFO - how to track down which gameser

Post Reply
sfadmin
New to forums
New to forums
Posts: 1
https://www.youtube.com/channel/UC40BgXanDqOYoVCYFDSTfHA
Joined: Sun Mar 03, 2013 12:17 pm

SVN flood warning from NFO - how to track down which gameser

Post by sfadmin »

Posting here for John's help after recommendation from support staff. NFO logged an SVN flood attack coming from our VDS, and said we need to track down which of our 5 TF2 gameservers it came from. Since we're on a managed platform, how exactly would we do this? I noticed one of the servers was shut down this morning, so I assumed they did it for us in order to stop the flood.

We run metamod/sourcemod with a small collection of plugins on each of our TF2 servers. Outside of updating to the latest snapshots and making sure plugins are current, what else could we do?
User avatar
Edge100x
Founder
Founder
Posts: 12945
Joined: Thu Apr 18, 2002 11:04 pm
Location: Seattle
Contact:

Re: SVN flood warning from NFO - how to track down which gam

Post by Edge100x »

I remember posting that event last night. Looking at the traffic again in depth today, your server was likely responding to an attack instead of launching an attack itself. We can talk more about this in your support request, if you'd like (ask for it to be assigned to me), but I think that you likely will not need to follow up further on it.

For others as a reference, in general, when we see attacks launched from managed game servers, they are launched through specially-crafted plugins. Looking at the plugins on a server for something unusual that an admin may have added is usually the first step in trying to resolve an outbound attack.
Post Reply