Summary: We banned a player on our server for breaking rules. This player has now ddos'd our server over the last several weeks. We went ahead and upgraded our server with a company called OVH, however, this person is now attacking our server using repeated EOS queries causing the server to crash repeatedly.
Game Version: 20.3
Platform: PC
OS/Version: Windows Server 2019 Standard
CPU Model: AMD Ryzen 7 5800X 8-Core Processor (cores: 16)
System Memory: 64GB
GPU Model and VRAM: N/A Dedicated Server
Screen Resolution: N/A Dedicated Server
Video Settings: N/A Dedicated Server
Game mode: Dedicated Server
Did you wipe old saves? Yes
Did you start a new game? Yes
Did you validate your files? Yes
Are you using any mods? Yes
EAC on or off? On
Status: NEW
Bug Description: EOS ddos attack taking down server
Detailed steps to reproduce the bug:
1) Ban someone who has something to prove.
2) Person becomes upset.
3) Person attacks server with repeated ddos attacks, attacking the server through EOS query system, brags about it openly on other Discords.
Actual result:
Server being taken down by an upset player who was banned for breaking rules. Below are some of the lines I see when the server crashes repeatedly:
022-02-27T00:11:07 4888.148 INF Time: 80.97m FPS: 20.00 Heap: 2265.8MB Max: 2368.2MB Chunks: 0 CGO: 0 Ply: 0 Zom: 0 Ent: 0 (0) Items: 0 CO: 0 RSS: 3189.5MB
2022-02-27T00:13:41 5043.045 WRN [EOS] [LogHttp - Warning] 000001D363C75AB0: invalid HTTP response code received. URL: https://api.epicgames.dev/datarouter/api/v1/public/data/clients?AppID=85fffb61212b491999cd7fc03eb09bf6&AppVersion=1.14.1-18059966&AppEnvironment=8a44365d5ccb43328b4df2f8ca199e43&UploadType=eteventstream&SessionID=799CC8A5474456D793336983DF559987, HTTP code: 0, content length: 0, actual payload size: 0
2022-02-27T00:13:41 5043.045 WRN [EOS] [LogHttp - Warning] 000001D363C75AB0: request failed, libcurl error: 7 (Couldn't connect to server)
2022-02-27T00:13:41 5043.045 WRN [EOS] [LogHttp - Warning] 000001D363C75AB0: libcurl info message cache 0 (Connection 33 seems to be dead!)
2022-02-27T00:13:41 5043.045 WRN [EOS] [LogHttp - Warning] 000001D363C75AB0: libcurl info message cache 1 (Closing connection 33)
2022-02-27T00:13:41 5043.046 WRN [EOS] [LogHttp - Warning] 000001D363C75AB0: libcurl info message cache 2 (TLSv1.2 (OUT), TLS alert, Client hello (1):)
2022-02-27T00:13:41 5043.046 WRN [EOS] [LogHttp - Warning] 000001D363C75AB0: libcurl info message cache 3 ( Trying 35.170.121.150...)
2022-02-27T00:13:41 5043.046 WRN [EOS] [LogHttp - Warning] 000001D363C75AB0: libcurl info message cache 4 (TCP_NODELAY set)
2022-02-27T00:13:41 5043.046 WRN [EOS] [LogHttp - Warning] 000001D363C75AB0: libcurl info message cache 5 (connect to 35.170.121.150 port 443 failed: Bad access)
2022-02-27T00:13:41 5043.046 WRN [EOS] [LogHttp - Warning] 000001D363C75AB0: libcurl info message cache 6 ( Trying 52.3.215.227...)
2022-02-27T00:13:41 5043.046 WRN [EOS] [LogHttp - Warning] 000001D363C75AB0: libcurl info message cache 7 (TCP_NODELAY set)
See logs here for more info: https://pastebin.com/ZJwDiZrv
Expected result: Better network coding protection for servers by developers. Now that this information is publicly available on the 7daystodie.com forum, every person out there who gets banned for breaking a rule will now have an easy avenue to take down servers because they don't agree they should have been banned.
I have screenshots, IP addresses and Steam ID's of the person doing this and openly admitting to it on public Discord channels.
Any help is appreciated.