Dealing with Mass Suiciders and Lamers

From UnrealAdminWiki

Revision as of 20:34, 29 October 2004; view current revision
←Older revision | Newer revision→

This tutorial was created by Deadmeat, a site member of UnrealAdmin.org

Contents

Introduction

Our UT server recently got the attention of a clan named [LAMP], who's sole purpose seems to be to chase everyone off of UT servers. They started coming onto our TDM server and commiting massive suicides on both teams to keep the game from ending before the time limit.

Well, after kick/banning the he!! out of them, including blocking a lot of subnets, I got pissed enough to truly get the last laugh. I located their ISP's, collected together a lot of log information, and reported it as a Denial of Service attack to the ISP... To date, of the two major a$$holes, one had his ISP suspend service and one's ISP is still investigating. We have not had a visit from them since...

Anyway, I thought I'd share the basic information on how to do this. It's general enough that it should work for either UT or UT2k3. Note that going after a suiciders ISP is not something to do for every incident, but it is a great tool to have for persistent suiciders.


What is a Denial of Service Attack?

First, some basic background to be able to talk to the ISP folks. A Denial of Service Attack (DoS) is not simply a slow down the machine by pinging or loading down the machine. Do a seach on the web for "Denial of Service Definition" and you'll find that it's basically any incident that results in the loss of a service they would normally have. My users expect to have a game that proceeds in the normal manner, suiciders deny them of this service. Therefore it IS a DoS attack. These are definitely against any ISP's rules of conduct. The two ISPs I've talked to agree that this is the case.


Collecting Information

Ok, what do you need to go after the suiciders. First, if you are not doing it... add a good chat logger/player IP tracking mode to your server. There are several to choose from, we use ChatLog V1.1 which does both.

Also learn where your logs are stored and how to access them if you don't already. Then, look thru the logs and figure out how the information is stored. In ChatLog's case: Players IP info is stored on lines starting with [PLAYER] and chat info is stored with lines starting with [timestamp] ... You will need to extract this info in communicating with the ISPs.

Ok, when a persistent suicider starts showing up. Try to deal with them in the normal fashion. Kick and/or KickBan them on an individual IP. If they show up again, try banning by subnet. You can do this by going into the UT Ban admin screens and replacing the last numbers of the IP with a *, e.g., 123.123.123.*. Keep a log of your responses to the user to pass on to the ISP.

If the suicider keeps coming back, do the following: Get a list of his IP addresses from the logs. For each IP address, do the Windows DOS prompt command:

ping -a 1.2.3.4

Note down the DNS name that is associated with it. Chances are they are all going to end in the same domain name, e.g. isp.net.

For 90+% of all ISPs, you should be able to go to the www address of the domain name and get a web page. Look thru this site for the "Report Abuse" contact information, it will be there, but might be buried deep. Look in the customer service or support sections. Note that this may not be the actual ISP, but the ISP's ISP... but in any case, they should be able to connect you with the proper authority.


Presenting the Information to the ISP

Now, put together a report to send to the ISP, start with a simple statement like:

A server I administrate has had a Denial of Service Attack from several IPs owned by you. Here are the IPs and dates:

[List times and IPs from log]

Next describe the nature of a suicide attack and what you tried to do to prevent it.

Finally, if possible, attach a log extract of all the chat and player info for each attack. Add some information at the top of the extract to explain the log format. If the abuse report is a web form, either offer to supply this info or point them to a web spot they can get this information.

OK, that said, here are some other tips to keep suiciders from spoiling your server:

First, consider adding the AntiLamer mod to the server (don't know if there's a UT2K3 version or not...). This mod will limit the number of suicides per person counted against the team score. One minor issue is that on some maps, people can legitimately suicide (Rockets/goo/Being blown off by friend of foe) a fair number of times. (We've got some Shock Whores who make it an art form to knock people off Morpheus...). But it seems to be the best anti suicide attack mod out there..

Next, make sure that you always have a time limit for your games. Suiciders LOVE an unlimited time game...

Well, that's it. I hope this helps folks out. I know that it certainly helped clean up our server.

the UnrealAdmin Page
History
  • Dealing w…nd Lamers