Solved DOS Packet attack makes server hang and crash

Discussion in 'Spigot Plugin Development' started by mkcoldwolf, Feb 9, 2020.

  1. I am a network owner, and i have been dueing to the server stability for over a year, i have been switched from single bungee to multi-bungee with redis, transfer the load from MySQL to redis, and making a network spamming protection so hard, but well, hackers still have their way to crash the spigot server with notices anythings on server, i dont understand and i dont know what is the method they make the server hang and cras, but i can only confirm that is their client doing it, something like jigsaw client and etc. to one tap crash the server, because one player is enough to crash us, its really defeating us when hosting something like UHC, i guess those player are using something like packet spam and send illegal packet to spigot and eat up the resources instantly, for an example, here is the server log
    Code (Text):

    [21:02:09] [Server thread/INFO]: [0;33;22m[21mCo-Owner [mPVPZxalan gl[m
    [21:02:10] [Thread-41/INFO]: UUID of player OZeroTwoO is 50ada406-3a75-48e0-8cad-5eca98cf1f6e
    [21:02:10] [Server thread/INFO]: OZeroTwoO[/*****:45289] logged in with entity id 276 at ([world_spawn]16.302859273971986, 58.0, -28.699999988079078)
    [21:02:12] [Server thread/INFO]: OZeroTwoO lost connection: Disconnected
    [21:02:14] [Server thread/INFO]: thx_hypixel lost connection: Disconnected
    [21:02:18] [Server thread/INFO]: ZeroTwoIsTheBest lost connection: Disconnected
    [21:02:43] [Server thread/INFO]: Hello_john lost connection: Disconnected
    [21:04:51] [Thread-42/INFO]: UUID of player WZeroTwoW is 7b85fc37-a8dc-45e6-9fdc-cfb05942217a
    [21:04:51] [Server thread/INFO]: WZeroTwoW[/*****:39017] logged in with entity id 277 at ([world_spawn]0.6163665564804583, 62.0, 5.300000011920926)
    [21:04:59] [Server thread/INFO]: WZeroTwoW lost connection: Disconnected
    [21:07:04] [Thread-44/INFO]: UUID of player thx_hypixel is 627667fa-3ce4-4960-afc9-f1fc26c88708
    [21:07:05] [Server thread/INFO]: thx_hypixel[/*****:37963] logged in with entity id 278 at ([world_spawn]18.69999998807907, 58.0, 6.673704757873654)
    [21:07:15] [Thread-45/INFO]: UUID of player Totoki_ is 8b9f8986-8d4e-44da-aca3-bc768cc8c571
    [21:07:16] [Server thread/INFO]: Totoki_[/*****:35481] logged in with entity id 279 at ([world_spawn]-2.025756866293793, 64.0, 9.345015207501309)
    [21:07:41] [Server thread/INFO]: thx_hypixel was slain by Totoki_ using [§b§lParkour Block]
    [21:07:57] [Server thread/INFO]: Totoki_ was slain by thx_hypixel using [§b§lParkour Block]
    [21:08:17] [Server thread/INFO]: thx_hypixel was slain by Totoki_ using [§b§lParkour Block]
    [21:08:59] [Server thread/INFO]: PVPZxalan was slain by thx_hypixel using [§b§lParkour Block]
    [21:09:22] [Server thread/INFO]: PVPZxalan was slain by thx_hypixel using [§b§lParkour Block]
    [21:09:51] [Server thread/WARN]: Totoki_ moved wrongly!
    [21:09:58] [Server thread/INFO]: thx_hypixel was slain by Totoki_ using [§b§lParkour Block]
    [21:10:00] [Thread-46/INFO]: UUID of player mkhack is ce4b02cc-fc25-4c05-9d65-8faa980b0a3b
    [21:10:00] [Server thread/INFO]: mkhack[/*****:36971] logged in with entity id 280 at ([world_spawn]0.5, 56.0, 0.5)
    [21:10:17] [Server thread/INFO]: [mmkhack UHC?[m
    [21:10:24] [Server thread/INFO]: Totoki_ was slain by thx_hypixel using [§b§lParkour Block]
    [21:10:33] [Server thread/INFO]: thx_hypixel lost connection: Internal Exception: java.io.IOException: Error while read(...): Connection reset by peer
    [21:10:35] [Server thread/INFO]: Totoki_ lost connection: Disconnected
    [21:10:58] [Thread-48/INFO]: UUID of player 55667 is 3368a971-f190-49e9-ade2-de854282d9fc
    [21:10:58] [Server thread/INFO]: 55667[/*****:53959] logged in with entity id 281 at ([world_spawn]-0.037792139876292735, 62.5, 18.054477829281257)
    [21:11:03] [Server thread/INFO]: 55667 lost connection: Disconnected
    [21:11:04] [Server thread/INFO]: luccacaus lost connection: Disconnected
    [21:11:07] [Server thread/INFO]: PVPZxalan lost connection: Disconnected
    [21:13:26] [Thread-49/INFO]: UUID of player luccacaus is f4f6576a-c9f8-4cdd-b9d6-19f242565431
    [21:13:26] [Thread-50/INFO]: UUID of player thx_hypixel is 627667fa-3ce4-4960-afc9-f1fc26c88708
    [21:13:26] [Thread-51/INFO]: UUID of player WZeroTwoW is 7b85fc37-a8dc-45e6-9fdc-cfb05942217a
    [21:13:26] [Thread-52/INFO]: UUID of player BBBBBA is de1f86b9-7baf-45f2-877b-49c377121339
    [21:13:26] [Thread-53/INFO]: UUID of player Totoki_ is 8b9f8986-8d4e-44da-aca3-bc768cc8c571
    [21:13:26] [Thread-54/INFO]: UUID of player mkcoldwolf is 113bdf3e-ec61-4b5e-a626-c60680669acb
    [21:13:26] [Server thread/INFO]: luccacaus[/219.100.37.238:40293] logged in with entity id 282 at ([world_spawn]-2.699999988079071, 62.0, 20.69999998807907)
    [21:13:27] [Server thread/INFO]: thx_hypixel[/*****:60817] logged in with entity id 283 at ([world_spawn]0.4749773217806049, 56.0, 0.7326047946917909)
    [21:13:27] [Server thread/INFO]: WZeroTwoW[/*****:45537] logged in with entity id 284 at ([world_spawn]0.5, 62.0, 16.69999998807907)
    [21:13:27] [Server thread/INFO]: BBBBBA[/*****:35609] logged in with entity id 285 at ([world_spawn]0.5, 62.0, 16.69999998807907)
    [21:13:27] [Server thread/INFO]: Totoki_[/*****:51735] logged in with entity id 286 at ([world_spawn]3.234847147735244, 64.0, 8.814336985797167)
    [21:13:27] [Server thread/INFO]: mkcoldwolf[/*****:49193] logged in with entity id 287 at ([world_spawn]0.5, 62.0, 16.69999998807907)
    [21:13:34] [Server thread/INFO]: luccacaus lost connection: You are sending too many packets, :(
    [21:13:34] [Server thread/WARN]: handleDisconnection() called twice
    [21:13:37] [Thread-55/INFO]: UUID of player PVPZxalan is 47112929-539d-4584-bc38-5628b39e98df
    [21:13:39] [Thread-56/INFO]: UUID of player luccacaus is f4f6576a-c9f8-4cdd-b9d6-19f242565431
    [21:14:07] [Thread-57/INFO]: UUID of player alan0x0 is dee3c926-bb0e-4002-86b3-5db136bd3166
    [21:14:10] [Thread-58/INFO]: UUID of player PVPZxalan is 47112929-539d-4584-bc38-5628b39e98df
    [21:14:15] [Thread-59/INFO]: UUID of player luccacaus is f4f6576a-c9f8-4cdd-b9d6-19f242565431
    [21:14:29] [Thread-60/INFO]: UUID of player PVPZxalan is 47112929-539d-4584-bc38-5628b39e98df
    [21:14:33] [Thread-61/INFO]: UUID of player mkcoldwolf is 113bdf3e-ec61-4b5e-a626-c60680669acb
    [21:14:38] [Thread-62/INFO]: UUID of player thx_hypixel is 627667fa-3ce4-4960-afc9-f1fc26c88708
    [21:14:44] [Spigot Watchdog Thread/ERROR]: The server has stopped responding!
    [21:14:44] [Spigot Watchdog Thread/ERROR]: Please report this to http://www.spigotmc.org/
    [21:14:44] [Spigot Watchdog Thread/ERROR]: Be sure to include ALL relevant console errors and Minecraft crash reports
    [21:14:44] [Spigot Watchdog Thread/ERROR]: Spigot version: git-Spigot-21fe707-e1ebe52 (MC: 1.8.8)
    [21:14:44] [Spigot Watchdog Thread/ERROR]: ------------------------------
    [21:14:44] [Spigot Watchdog Thread/ERROR]: Server thread dump (Look for plugins here before reporting to Spigot!):
    [21:14:44] [Spigot Watchdog Thread/ERROR]: ------------------------------
    [21:14:44] [Spigot Watchdog Thread/ERROR]: Current Thread: Server thread
    [21:14:44] [Spigot Watchdog Thread/ERROR]:     PID: 16 | Suspended: false | Native: false | State: RUNNABLE

    ......
    Thousand of error report, sinces thread have text limit, i have cut it, for the full log, i have uploaded as a file
    ......

    [21:14:44] [Spigot Watchdog Thread/ERROR]: ------------------------------
    [21:14:44] [Spigot Watchdog Thread/INFO]: Attempting to restart with ./start.sh
    [21:14:44] [Spigot Watchdog Thread/INFO]: alan0x0 lost connection: Server is restarting
    [21:14:44] [Spigot Watchdog Thread/INFO]: mkhack lost connection: Server is restarting
    [21:14:44] [Spigot Watchdog Thread/INFO]: thx_hypixel lost connection: Server is restarting
    [21:14:44] [Spigot Watchdog Thread/INFO]: WZeroTwoW lost connection: Server is restarting
    [21:14:44] [Spigot Watchdog Thread/INFO]: BBBBBA lost connection: Server is restarting
    [21:14:44] [Spigot Watchdog Thread/INFO]: Totoki_ lost connection: Server is restarting
    [21:14:44] [Spigot Watchdog Thread/INFO]: mkcoldwolf lost connection: Server is restarting
    [21:14:44] [Spigot Watchdog Thread/INFO]: Stopping server
    [21:14:44] [Spigot Watchdog Thread/INFO]: [MccwLobbyCore] Disabling MccwLobbyCore v0.0.3
    [21:14:44] [Spigot Watchdog Thread/INFO]: [MythicMobs] Disabling MythicMobs v4.5.5-2586
    [21:14:44] [Spigot Watchdog Thread/INFO]: [MythicMobs] Disabling Mythic Mobs...
    [21:14:44] [Spigot Watchdog Thread/INFO]: [MythicMobs] All active settings have been saved.
    [21:14:44] [Spigot Watchdog Thread/INFO]: [MythicMobs] v4.5.5-2586 has been Disabled!
    [21:14:44] [Spigot Watchdog Thread/INFO]: [Multiverse-Core] Disabling Multiverse-Core v2.4-b527
    [21:14:44] [Spigot Watchdog Thread/INFO]: [Multiverse-Core] - Disabled
    [21:14:44] [Spigot Watchdog Thread/INFO]: [HolographicDisplays] Disabling HolographicDisplays v2.4.0
    [21:14:44] [Spigot Watchdog Thread/INFO]: [ViaVersion] Disabling ViaVersion v2.1.3
    [21:14:44] [Spigot Watchdog Thread/INFO]: [ViaVersion] ViaVersion is disabling, if this is a reload and you experience issues consider rebooting.
    [21:14:44] [Spigot Watchdog Thread/ERROR]: [ViaVersion] Failed to remove injection handler, reload won't work with connections, please reboot!
    [21:14:44] [Spigot Watchdog Thread/INFO]: [BAMradio] Disabling BAMradio v1.8
    [21:14:44] [Spigot Watchdog Thread/ERROR]: Error occurred while disabling BAMradio v1.8 (Is it up to date?)
    java.lang.NullPointerException
        at yt.bam.bamradio.radiomanager.RadioManager.stopPlaying(RadioManager.java:110) ~[?:?]
        at yt.bam.bamradio.radiomanager.RadioManager.onDisable(RadioManager.java:180) ~[?:?]
        at yt.bam.bamradio.BAMradio.onDisable(BAMradio.java:94) ~[?:?]
        at org.bukkit.plugin.java.JavaPlugin.setEnabled(JavaPlugin.java:323) ~[spigot-1.8.8.jar:git-Spigot-21fe707-e1ebe52]
        at org.bukkit.plugin.java.JavaPluginLoader.disablePlugin(JavaPluginLoader.java:364) [spigot-1.8.8.jar:git-Spigot-21fe707-e1ebe52]
        at org.bukkit.plugin.SimplePluginManager.disablePlugin(SimplePluginManager.java:424) [spigot-1.8.8.jar:git-Spigot-21fe707-e1ebe52]
        at org.bukkit.plugin.SimplePluginManager.disablePlugins(SimplePluginManager.java:417) [spigot-1.8.8.jar:git-Spigot-21fe707-e1ebe52]
        at org.bukkit.craftbukkit.v1_8_R3.CraftServer.disablePlugins(CraftServer.java:336) [spigot-1.8.8.jar:git-Spigot-21fe707-e1ebe52]
        at net.minecraft.server.v1_8_R3.MinecraftServer.stop(MinecraftServer.java:460) [spigot-1.8.8.jar:git-Spigot-21fe707-e1ebe52]
        at org.spigotmc.RestartCommand.restart(RestartCommand.java:81) [spigot-1.8.8.jar:git-Spigot-21fe707-e1ebe52]
        at org.spigotmc.RestartCommand.restart(RestartCommand.java:40) [spigot-1.8.8.jar:git-Spigot-21fe707-e1ebe52]
        at org.spigotmc.WatchdogThread.run(WatchdogThread.java:85) [spigot-1.8.8.jar:git-Spigot-21fe707-e1ebe52]
    [21:14:44] [Spigot Watchdog Thread/INFO]: [MccwServerCore] Disabling MccwServerCore v0.0.5
    [21:14:44] [Spigot Watchdog Thread/INFO]: [MccwServerCore] Closeing MccwServerCore V0.0.5 Developed by mkcoldwolf
    [21:14:45] [Spigot Watchdog Thread/INFO]: [MccwServerCore] Thank you for using 《MCCW Technology》@CopyRight
    [21:14:45] [Spigot Watchdog Thread/INFO]: [TablistCleaner] Disabling TablistCleaner v1.0
    [21:14:45] [Spigot Watchdog Thread/INFO]: [PlugMan] Disabling PlugMan v2.1.5
    [21:14:45] [Spigot Watchdog Thread/INFO]: [PermissionsEx] Disabling PermissionsEx v1.23.4
    [21:14:45] [Spigot Watchdog Thread/INFO]: WEPIF: PermissionsEx detected! Using PermissionsEx for permissions.
    [21:14:45] [Spigot Watchdog Thread/INFO]: [Arcadianmc_Music_Player] Disabling Arcadianmc_Music_Player v0.0.1
    [21:14:45] [Spigot Watchdog Thread/INFO]: [Arcadianmc_Music_Player] Closing Arcadianmc Music Player...
    [21:14:45] [Spigot Watchdog Thread/INFO]: [VoidGenerator] Disabling VoidGenerator v1.0
    [21:14:45] [Spigot Watchdog Thread/INFO]: VoidGenerator has been disabled.
    [21:14:45] [Spigot Watchdog Thread/INFO]: [WorldEdit] Disabling WorldEdit v6.1.2;b3fbe8b
    [21:14:45] [Spigot Watchdog Thread/INFO]: [Citizens] Disabling Citizens v2.0.24-SNAPSHOT (build 1605)
    [21:14:45] [Spigot Watchdog Thread/INFO]: Saving players
    [21:14:45] [Spigot Watchdog Thread/INFO]: Saving worlds
    [21:14:45] [Spigot Watchdog Thread/INFO]: Saving chunks for level 'world'/Overworld
    [21:14:45] [Spigot Watchdog Thread/INFO]: Saving chunks for level 'world_the_end'/The End
    [21:14:45] [Spigot Watchdog Thread/INFO]: Saving chunks for level 'world_nether'/Nether
    [21:14:45] [Spigot Watchdog Thread/INFO]: Saving chunks for level 'Theworld'/Overworld
    [21:14:45] [Spigot Watchdog Thread/INFO]: Saving chunks for level 'CSGO'/Overworld
    [21:14:45] [Spigot Watchdog Thread/INFO]: Saving chunks for level 'CSGO_Mirage'/Overworld
    [21:14:45] [Spigot Watchdog Thread/INFO]: Saving chunks for level 'world_spawn'/Overworld
    [21:14:45] [Spigot Watchdog Thread/INFO]: Saving chunks for level 'SourceMap'/Overworld
     
    in the above log, we can confirm that player luccacaus is spamming with packets with switching his account and ip everytime, as you see the log
    and finally, spigot crashed because of resources used up
    is there a way to understand what packet he is spamming to crash the server and limit the packet he can send? we really need help on this problems.. i not only want to know what plugin can prevent this problem, i want to know the principle of this attack, how to block this, and some more information, ofc, u can send me a plugin with source code so i can check myself, really thanks a lots again...
     

    Attached Files:

    • log.txt
      File size:
      48.1 KB
      Views:
      72
  2. Try spigot help instead.

    If I were to guess this is the only relevant part of the trace...
    Code (Text):

    MetaBook.addPage(CraftMetaBook.java:234)
    [21:14:44] [Spigot Watchdog Thread/ERROR]:         org.bukkit.craftbukkit.v1_8_R3.inventory.CraftMetaBookSigned.<init>(CraftMetaBookSigned.java:49)
    [21:14:44] [Spigot Watchdog Thread/ERROR]:         org.bukkit.craftbukkit.v1_8_R3.inventory.CraftItemStack.getItemMeta(CraftItemStack.java:329)
    [21:14:44] [Spigot Watchdog Thread/ERROR]:         net.minecraft.server.v1_8_R3.PacketDataSerializer.i(PacketDataSerializer.java:200)
    [21:14:44] [Spigot Watchdog Thread/ERROR]:         net.minecraft.server.v1_8_R3.PlayerConnection.a(PlayerConnection.java:1942)
    [21:14:44] [Spigot Watchdog Thread/ERROR]:         net.minecraft.server.v1_8_R3.PacketPlayInCustomPayload.a(SourceFile:55)
    [21:14:44] [Spigot Watchdog Thread/ERROR]:         net.minecraft.server.v1_8_R3.PacketPlayInCustomPayload.a(SourceFile:8)
    You probably need a plugin like CustomPayloadFixer to prevent people from using the exploit. I don’t mean this in an insulting way but if this is actually what’s happening here, this exploit has been around for like 5 years or more, it should be common knowledge at this point. You should probably be running a more recent version which has probably patched this if you don’t know how to secure a 1.8 server.
     
    • Winner Winner x 1
  3. AH thanks!, got it, thanks for pointing out where i can check the packet error from, the lastest version does not fix this bug too i think, but ill mark it solved and find fix for this myself, Thanks a lots!!!!!!