Home/ Questions/Q 5849107
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T12:57:12+00:00

my java server is currently being DDoSed by thousands of different ip’s. To counter

  • 0

my java server is currently being DDoSed by thousands of different ip’s. To counter it, i’ve been blocking the ip’s through the dedicated servers firewall. However just more and more keep coming. This attack is flooding my login server causing players to not be able to login.

I’ve asked on other places such as a forum for my type of java application, and i’ve gotten barely any answers. However they told me it’s a form of DDoS, also another user referred me to this however I don’t believe this would work. http://www.java2s.com/Open-Source/Java-Document/Net/mina-2.0.0-M1/org/apache/mina/filter/firewall/ConnectionThrottleFilter.java.htm

So apparently it’s a DoS on my login server, anyone have any clues? I’ll provide the login server’s main framework below.

try {
    shutdownClientHandler = false;
    clientListener = new java.net.ServerSocket(serverlistenerPort, 1, null);
    misc.println("Login server is now online!");
    while (true) {
    try {
        java.net.Socket s = clientListener.accept();
        s.setTcpNoDelay(true);
        String connectingHost = s.getInetAddress().getHostName();
        if (true) {
            if (checkLog("flooders", connectingHost)) {
                //misc.println("Flooder Detected, closing connection.");
                s.close(); // Closes the connection immediately.
            } else {
                connections.add(connectingHost);
                if (checkHost(connectingHost)) {
                    misc.println("Connection from "+connectingHost+":"+s.getPort());
                    try {
                        playerHandler.newPlayerClient(s, connectingHost);
                    } catch (Exception E) {misc.println("Login Server crash detected. Protecting...");
                    s.close();
                }
            } else {
                misc.println("ClientHandler: Rejected "+connectingHost+":"+s.getPort());
                s.close();
            }
        }
        } else {
            misc.println("ClientHandler: Rejected "+connectingHost+":"+s.getPort());
            s.close();
        }
        Thread.sleep(30;
    } catch (Exception e) {
        logError(e.getMessage());
    }
    }
} catch (java.io.IOException ioe) {
    if (!shutdownClientHandler) {
        misc.println("World is already online!");
    } else {
        misc.println("ClientHandler was shut down.");
    }
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There are a few options to try to deal with a DDoS, but you need to make certain certain parts are optimized.

    For example, your checkLog function needs to be amazingly fast, so you may want to use a ‘hashmap’ perhaps, so you can quickly check, but, to ensure everything goes fast you may want to look at the ConcurrentHashMap (http://download.oracle.com/javase/1,5.0/docs/api/java/util/concurrent/ConcurrentHashMap.html), so you can better read and write to it.

    You could also look at load-balancing your front-end, so that one server isn’t having to do everything.

    Depending on what actions needs to be done on the server, find a quick way to verify that someone has been authenticated, but this could slow down your server if you don’t have special hardware to better handle decryption of a token, for example.

    You may also want to look at using NIO (http://tutorials.jenkov.com/java-nio/index.html), to better scale to a large number of connections.

    • 0