Bot attacks vs LP

Question

Bot attacks vs LP

Darkweasam opened this issue 5 years ago · 6 comments

Darkweasam commented 5 years ago

A bot attack can easily destroy the whole luckperms folder, I just had a bot attack and meanwhile the AntiBotDeluxe and the AntiVPN blocked them off, luckperms still created an user file for them and now I have 1,500,000 user files and I cannot open the LP/users folder due to the giant amount of files created. (Essentials, and world folder's userdata, other plugins dont have this issue, they dont have 1,5million files created, only LP)

A solution to this could be to create the file for the user after the first 60 Seconds he spent online or so

https://pastebin.com/tfgxFjNt
Here is the part of the log, as you can see there are plugins (and IPWhitelist) blocking off bot logins, though LP still creates a file for these bots

I am using bungee network
(and yes its correctly been set up like the link spammed in console says)
Bungee-mode: true, online-mode: false, IPWhitelist installed correctly

BrainStone · Answer 1 · 2019-07-09T18:42:56.000Z

Looks like you never setup your bungee network properly. You NEED to secure you backend servers. If everything is done correctly they are not an attack point.

This is not the place to be discussing that. However there are many good tutorials out there on how to secure your backend servers with firewalls or plugins and you really need to do that.

Trust me. Securing your backend servers will solve your issue. And doing that takes like 5 minutes of googling.

Andre601 · Answer 2 · 2019-07-09T17:21:24.000Z

A better option would be to run the server in online mode and not offline mode.
When you run a server in offline mode you'll intentionally take risks and downsides of it, including less security.

Darkweasam · Answer 3 · 2019-07-09T17:28:44.000Z

Obviously. Looks like you never used bungeecord. The end-servers HAS to be in offline-mode: true. Thats the point of the whole network. Only the bungee's proxy is in online-mode: true.

You cannot run a bungee network having online-mode enabled on the end servers

Trust me. I would love to enable online-mode on all my servers. But I cannot since its a network

Andre601 · Answer 4 · 2019-07-09T17:32:37.000Z

This still will not cause the problems you mentioned if you f.e. use ABD on the BungeeCord and also have setup things properly to deny direct access to the end servers.
You should also work on your atitude.

lucko · Answer 5 · 2019-07-14T08:48:40.000Z

Basically yeah, make sure you're firewalling your backend servers! Players should not be able to directly log into them :)

lucko · Answer 6 · 2019-07-14T08:49:19.000Z

For additional clarity here: LuckPerms is no more "susceptible" to bot attacks than any other plugin.

Share to