Doc
Valued Member!
My server has experienced a few unusual red chains lately and I investigated by viewing my servers active connections via the firewall software. What I found was rather disturbing.
Whilst most players had a fairly constant 30KB in/out connection and those on-the-fly connections for DayZ commander were demanding only about 29B, there was one anomaly. One player was connecting with an upload and download at constant ~600KB/s data transfer. I terminated the connection to the IP (which was connecting to arma2server.exe on port 2302 as standard).
I later traced the player down that was responsible for this connection and observed his actions - it was a normal player. Whenever he was online, however, he demanded the same high bandwidth of data transfer. In the end, I intervened and teleported to the player to talk to him. I warned him of the implications that if he was attempting to/already had breached the security of the server itself I would pursue legal actions (more of a scare tactic). On the off chance, I asked him how he connected and he said through Six launcher, I told him to use DayZ commander instead. Now when he connects, it's a regular 30KB/s in/out. I do not attribute the connection to six launcher/dayz commander at all and perhaps more to the fact of the scare tactics I adopted. This worries me as to why this connection existed in the first place in the way it did.
Since that incident, I have noticed another IP address making a connection in the exact same manner, with an absurdly high data rate again. This IP was not traced to any player. I have since blocked the IP from making any connections and improved the security settings of the server to help aid this.
I am now summarizing what may have caused this. Was it a failed DDoS on the server? If so, why was the first culprit playing on the server anyway? Or, was it an attempted security breach? Was the user trying to breach server access? Or, was the user requesting high volumes of data from hivemind as part of a strange cheat? Or, is this infact a normal thing?
Any advice would be greatly appreciated.
Doc
Whilst most players had a fairly constant 30KB in/out connection and those on-the-fly connections for DayZ commander were demanding only about 29B, there was one anomaly. One player was connecting with an upload and download at constant ~600KB/s data transfer. I terminated the connection to the IP (which was connecting to arma2server.exe on port 2302 as standard).
I later traced the player down that was responsible for this connection and observed his actions - it was a normal player. Whenever he was online, however, he demanded the same high bandwidth of data transfer. In the end, I intervened and teleported to the player to talk to him. I warned him of the implications that if he was attempting to/already had breached the security of the server itself I would pursue legal actions (more of a scare tactic). On the off chance, I asked him how he connected and he said through Six launcher, I told him to use DayZ commander instead. Now when he connects, it's a regular 30KB/s in/out. I do not attribute the connection to six launcher/dayz commander at all and perhaps more to the fact of the scare tactics I adopted. This worries me as to why this connection existed in the first place in the way it did.
Since that incident, I have noticed another IP address making a connection in the exact same manner, with an absurdly high data rate again. This IP was not traced to any player. I have since blocked the IP from making any connections and improved the security settings of the server to help aid this.
I am now summarizing what may have caused this. Was it a failed DDoS on the server? If so, why was the first culprit playing on the server anyway? Or, was it an attempted security breach? Was the user trying to breach server access? Or, was the user requesting high volumes of data from hivemind as part of a strange cheat? Or, is this infact a normal thing?
Any advice would be greatly appreciated.
Doc