Does OA have the same DDOS attack Q3 does?

[Wishful Thinking!]

Yes, as the Subject line suggests, I would like to know if any server hosting people out there have had the same DDOS Attacks to their OA server that is killing Q3A right now (and has been since November 2011).

I used to run Q3A from a dedicated server that I rent in the city of Melbourne in Australia, however it was being attacked and I was forced to shut it down, having known of OA, I recently got back into playing it and wasn't sure if I should run that from my server as it might get attacked too, as does World of Padman and Urban Terror, all of which use the Q3 Engine.

So yeah, if anyone has any information on that, that would be great to know so I don't end up in over charge quota fees again (:

cheers.

Wishful Thinking!

[.Luke]

Wait, you can still find people online to play with outside of Quake Live? I have the Q3 1.32 release, but most servers I ever come across are just empty Deds with bots, and the same goes for OA, so I just stick to playing Single Player on both. (It probably wouldn't kill me to check out a few clans, though.)

Anyway, in my experience, I've read maybe one report of a DDOS attack before, but I've never experienced any myself on OA. It seems kinda rare for this community. If you have a clan of regular players, it might be somewhat safer to host a private ded-game that isn't advertised on the main server list; it could at least stop drive-by DDOSs. I still wonder what motivates spiteful jerks to even consider that a justifiable and mature retaliation, it's disgusting how hateful people can get over a video game.

[Wishful Thinking!]

well. I have been hosting Q3A for many years, and in November 2011, I noticed my monthly quota was being used a lot faster than what traffic accesses my rented dedicated server normally. After a lot of tracking, tracing, research and talking with other people I know that also host games a-like Quake 3, such as Urban Terror, and Padman. I soon learnt that I was being DDoS'ed, and blocking all incoming and outgoing ports did not solve the issue, It still managed to get through the many Firewall's that I had in place. I would of left it however in Australia server-hosting is very high priced, and so is data allowance, and is charged at very high price per GB used over your limit.

So, After battling the issue for a while, I ended up changed provider, and ran it from there, I was safe for about 2 months, until the DDoS attacker found me on the master server's listing, even though I blocked the ports again it still didn't stop the attacks, so at an additional cost I got installed a Hardware Firewall, of which worked, and I have not had any DDoS issues since, however, even though it is not directly affecting me, it has caused my dedicated server to have higher pings (10-20ms higher) and occasional lag spikes

Anyone that is playing on other game services, get a huge lag spike for a few seconds every so many minutes, I have contacted my provider about it, and they said there is nothing they can do, the DDoS attack has affected the entire node that my server is hosted on, and it is "out of their hands".

After all of this, More research shows that there is a way of fixing the DDoS attacks, but can only be done using IPTables on Linux. I use Windows Server, so Iam very new to Linux, and will be learning it so I can use IPTables to stop this issue. Here on The Open Arena Forums, I was just putting out the question for general interest if this DDoS issue exists in this game, being very much related to Quake 3 Arena, even games as far as Call of Duty, which was also made with the Quake 3 Engine, it also  has the issue too.

[RMF]

I assume this is what you mean:
http://lucb1e.com/?p=post&id=91

The example used here is called protocol 68 because the differences with OA are insignificant, and more people will know Q3 than OA. But the example is actually from oa.

So yes, it's still possible. The simple solution is limiting traffic per IP.

(Btw, I wrote that post.)

[grey matter]

The ioquake3 team fixed this long ago, by rate limiting the replies per IP (which you can also hack together with some iptables magic). I've posted the exact SVN revision somewhere here in the board as well. If in doubt, crawl the SVN log or take a look at the ioquake3 mailing list or ask in #ioquake3

Current World of Padman is not affected by this, Urban Terror has updated binaries, Smokin Guns should not be affected either.
From looking at the OpenArena code it seems like the ioquake3 fix has been incorporated. You can "set developer 1" and watch out for "SVC_Status: rate limit * exceeded, dropping request". For whatever reason only "getstatus" requests are rate limited on OA, ioquake3 also limits "getinfo" requests (their response is much smaller, so it might not be that useful for DDoS).

[sago007]

The problem as such might be fixed but if you pay for ingoing bandwidth it might still be a problem.

On my server I upserved around 200 GB of ingoing traffic per month resulting in around 4 GB of outgoing traffic. The attacker have little chance to see if its target are amplifying the attack or not.

Even though I don't pay for ingoing bandwidth and could not feel any lag, it is still quite annoying because the extra traffic might hide other problems.