What do these log messages mean? Is my server under DDoS attack?

Discussion in 'Troubleshooting Suggestions' started by Fredashay Klavierstein, Mar 13, 2016.

  1. My server has been crashing frequently today.
    Just prior to the last crash, I noticed this in the log (it repeats several times):

    Code:
    13.03 15:53:35 [Server] INFO Packet 1/0 (Packet_IncomingStatusRelated) was larger than I expected, found 18 bytes extra whilst reading packet 0
    13.03 15:53:35 [Server] INFO Bad packet id 47
    13.03 15:53:35 [Server] INFO Bad packet id 13
    13.03 15:53:35 [Server] INFO Bad packet id 49
    13.03 15:53:35 [Server] INFO Bad packet id 57
    13.03 15:53:35 [Server] INFO Bad packet id 56
    13.03 15:53:35 [Server] INFO Bad packet id 46
    13.03 15:53:35 [Server] INFO Bad packet id 50
    13.03 15:53:35 [Server] INFO Bad packet id 51
    13.03 15:53:35 [Server] INFO Bad packet id 46
    13.03 15:53:35 [Server] INFO Bad packet id 50
    13.03 15:53:35 [Server] INFO Bad packet id 48
    13.03 15:53:35 [Server] INFO Bad packet id 51
    13.03 15:53:35 [Server] INFO Bad packet id 46
    13.03 15:53:35 [Server] INFO Bad packet id 54
    13.03 15:53:35 [Server] INFO Bad packet id 56
    13.03 15:53:35 [Server] INFO Bad packet id 99
    13.03 15:53:35 [Server] INFO Bad packet id 221
    
    Further, even with all plugins deleted and nobody on the server, I'm seeing this in the log:

    Code:
    13.03 17:56:08 [Server] SVR/WARN --- Server Lag: Running 41687ms behind, skipping 833 ticks --- 
    13.03 17:56:10 [Server] SVR/WARN --- Server Lag: Running 2393ms behind, skipping 47 ticks --- 
    13.03 17:56:26 [Server] SVR/WARN --- Server Lag: Running 3603ms behind, skipping 72 ticks --- 
    13.03 17:56:50 [Server] SVR/WARN --- Server Lag: Running 9479ms behind, skipping 189 ticks --- 
    13.03 17:57:04 [Server] SVR/WARN --- Server Lag: Running 4757ms behind, skipping 95 ticks --- 
    13.03 17:57:36 [Server] SVR/WARN --- Server Lag: Running 17965ms behind, skipping 359 ticks --- 
    13.03 17:57:41 [Server] SVR/WARN --- Server Lag: Running 4505ms behind, skipping 90 ticks --- 
    13.03 17:58:00 [Server] SVR/WARN --- Server Lag: Running 4408ms behind, skipping 88 ticks ---
    
    Is my server undergoing a DDoS attack?
     
    Last edited: Mar 13, 2016
  2. Make sure only to ever get an official bukkit/spigot mod. Or use Paper.
    Last thing you want is a seemingly safe jar file that turns your server into
    just another node on a hacker's botnet. I'm not sure if that's a possibility
    but when you go downloading jars from suspect sources expect suspect
    performance issues. The lengthened packets as seen above seem very
    suspect for this kind of thing.
    Or something like a hacked mod that turns your server into a VPS
    service for another server. Possible? Maybe.

    Just a guess but if you're lagging like crazy with just your bukkit/spigot?

    /gamerule randomTickSpeed 3

    There's a tiny chance some attacking plugin or addon or your bro did
    /gamerule randomTickSpeed 10000 while you were not watching.

    The default is 3

    If ANY IPa were trying to DDoS spam your IP with connects they would show up in console
    as far as I know. Dont think you're being hacked but you may have a corrupt jar.

    Change your bukkit/spigot jar. I use Paper Spigot.
    https://paper.readthedocs.io/en/paper-1.10/
     
    Last edited: Oct 26, 2016

Share This Page