1. These forums are still being retired! Please use GitHub discussions or Discord. You cannot create new threads or new accounts now. If you need to contact some user of the forums, you should do it sooner, rather than later. This notice was last updated on May 30th, 2021.

Reverse Proxy Help, Urgent!

Discussion in 'Help and Support' started by OFF, Jan 28, 2014.

  1. OFF

    OFF
    Account Probation Banned Rating Banned

    Joined:
    Nov 28, 2013
    Messages:
    208
    Okay so due the fact my server kept being attacked with packets I have decided to move hosts & get DDoS Protection, now that I have this protection which includes a proxy (Reverse Proxy IP), everyone who logs on the server will have the PROXY IP instead of their WAN, so whenever I ban someone, everyone will get banned due the fact that the server logs everyone on the same IP address.

    So the company told me to do this:
    "You will need to modify your server source code to use the 'X_FORWARDED_FOR' header. Alternatively, have your users register on a web page and log their IP there."

    I was wondering how I could fix this issue. Since I don't really know what to edit in the actual source.
     
  2. Kjkillercom

    Kjkillercom Level 8

    Joined:
    Oct 18, 2013
    Messages:
    247
    Just ban players by their UUID instead of their IP address.
     
  3. OFF

    OFF
    Account Probation Banned Rating Banned

    Joined:
    Nov 28, 2013
    Messages:
    208
    Infinest client has a function to change that easily, so players could simply come back on. Which would make this issue rather difficult to deal with.
     
  4. CyberzOwl

    CyberzOwl Level 2

    Joined:
    Nov 24, 2013
    Messages:
    38
    Hmm try reinstalling your server and cleaning logs. Or possibly talk to your server host for more information.
     
  5. Kjkillercom

    Kjkillercom Level 8

    Joined:
    Oct 18, 2013
    Messages:
    247
    I'm gonna be honest with you, you're SOL otherwise. UUID is pretty much the only other choice you got. There's White lotus but that's currently in Alpha and you would need to be a supporter to test it when the time comes.
    Personally, instead of using the reverse proxy crap, I would of found out the IP that was spamming you and blocked it via Peerblock. Would of been free and less of a headache.
    Well, if you know C# you could probably modify the server as suggested by the company, but, that's not exactly a worth while approach.
     
  6. CyberzOwl

    CyberzOwl Level 2

    Joined:
    Nov 24, 2013
    Messages:
    38
    You could use xbans to and ban by name. Then kick the player.
     
  7. Kjkillercom

    Kjkillercom Level 8

    Joined:
    Oct 18, 2013
    Messages:
    247
    Pretty worthless for true griefers and trolls. They would come on a second later with a fresh character. I only have my admins use that as a temporary measure.
     
  8. CyberzOwl

    CyberzOwl Level 2

    Joined:
    Nov 24, 2013
    Messages:
    38
    Well Teeria is SSC so there's not much in the way of grief there more so hackers and trolls.
     
  9. OFF

    OFF
    Account Probation Banned Rating Banned

    Joined:
    Nov 28, 2013
    Messages:
    208
    The point is, all I have to do is change something into the source which will make the actual server show people their real IP address instead of the reversed proxy IP, else it will see everyone with the IP listed on my forum signature. So one ban, bans everyone :|
     
  10. Commaster

    Banned

    Joined:
    Oct 3, 2012
    Messages:
    149
    I don't think it will work as the Bans database is based on IPs (Primary key).
     
  11. Kjkillercom

    Kjkillercom Level 8

    Joined:
    Oct 18, 2013
    Messages:
    247
    I thought Rowid was the primary key... Anyways, if that was the case you could easily put in a fake IP with the UUID.
     
  12. Olink

    Olink Admin note: Actually a really nice person now

    Joined:
    Jul 21, 2011
    Messages:
    1,397

    I'm sorry, but what? Is this supposed to solve anything because it won't. This doesnt stop people from using a proxy and still having a different ip for each time. You took the wrong solution to your problem and sadly we cant help you.
     
  13. OFF

    OFF
    Account Probation Banned Rating Banned

    Joined:
    Nov 28, 2013
    Messages:
    208
    It's not meant to prevent people from using a proxy onto the server, everyone get's listed using the PROXY IP. So for example when I log into the account test1, the IP address will be 198.251.80.211, and whenever someone else logs into the server their IP will be 198.251.80.211 aswell because it's using a proxy instead of the VPS IP.

    [​IMG]

    So whenever someone get's banned nobody will have access to the server. And I can't seem to find a way to let it show people their IP address instead of the server it's PROXY IP.


    [EDIT]


    The owner of the company told me this.
    A GRE tunnel won't work - it will show the proxy IP as well.

    I am sure someone else who uses Terraria has used a reverse proxy before? Perhaps theres a plugin you can use to map the 'X_FORWADED_FOR' header.

    Regards,

    Andrew Hilson
     
  14. ChaoMasterx

    ChaoMasterx Level 1

    Joined:
    Nov 23, 2013
    Messages:
    17
    Only one suggestion: Get a new host who knows what the **** they are doing!
     
  15. OFF

    OFF
    Account Probation Banned Rating Banned

    Joined:
    Nov 28, 2013
    Messages:
    208
    Well I've heard that there is no fix for this at all?
     
  16. Kjkillercom

    Kjkillercom Level 8

    Joined:
    Oct 18, 2013
    Messages:
    247
    Without modifying Tshock, you're screwed. Personally I would dump the service and write it off as a $10 goof.
    Don't take this the wrong way but you need to do a bit more research before buying a product or service. You obviously got this service without researching how it works or how it would effect your server.
     
  17. Olink

    Olink Admin note: Actually a really nice person now

    Joined:
    Jul 21, 2011
    Messages:
    1,397
    No, we get that. The issue is that you moved to a new service, one that is supposed to stop ddos. However you cant ban by ip because everyone uses the same ip due to your poor research. But since anyone can change their IP, whats the point of using this service at all considering that if you COULD ban by ip, they would just change it. Also, chances are your service wont stop ddos, since its distributed.
     
  18. Wolfje

    TShock Admin TShock Mod Zero Day Plugin Author

    Joined:
    Jul 2, 2013
    Messages:
    191
    You will also find that your provider is probably only going to stop very basic forms of DDoS - it comes in practically any incarnation. I can tell you right now no provider's edge routers are going to DPI enough to block out the consumption of terraria player slots - it would have to know the Terraria protocol enough to differentiate between the two.

    X_FORWARDED_FOR is useless in this case - all you receive is the arse end of a socket connection request from an IP that may or may not belong to the host that actually requested it. Come to think about it, there are a good deal of proxies out there listed on the DNSBL, I remember k0rd writing a DNSBL banner plugin, not sure if it's still there but if it is, you're better off using that.

    FWIW most provider's DDoS "protection" is to null-route your box if you get too many SYN packets from too many places at once.
     
  19. DankBud

    DankBud Level 8

    Joined:
    Jul 23, 2011
    Messages:
    228
    Yep, what Wolf said. If you are getting that big of a ddos, I suggest looking for a new host. The one you have is just going to keep nulling you, most DDoS protection usually only protects up to small-medium attacks anyway, but it is good know that some kid with a 100Mbps booter cant just shut your server down. Since a ddos affects all customers on your node, its more cost effective to just to suspend you. You could keep the vps you have now and get a small vps with ddos protection and use a gretunnel but that's a pain.

    Try out a http://www.nfoservers.com/ vps, it's what a few guys on here use and i personally have no problems with ddos (I don't monitor my server 24/7 tho).
    http://www.kimsufi.com/en/ and http://www.soyoustart.com/us/ http://www.ovh.com/us/index.xml are all the same provider but different hardware, people say these boxes can take quite a beating.
    http://fragready.com/ heard great things about these guys and they have a nice dual quad with 8 gigs of ram for 55$, not bad.