Codey

Thanks for this, the downtime on the CP archives was really frequent.

Just now, obs1d1an said:

We are using OVH, so I guess we'll switch off of CloudFlare. But I just recently received an Abuse Report from OVH Services just recently https://pastebin.com/CKES1G5s . 

You can delete the old server, as there's no point in trying to argue with OVH abuse team, and create a new one.

13 minutes ago, obs1d1an said:

Do you have any hosting providers to recommend?

Which one are you currently using? OVH without Cloudflare should be fairly sufficient. Otherwise I'd go for Blazingfast if you have any extra cash.

Same happened to Club Penguin Rewritten, move to a different hosting provider and stop using a service with an incompetent abuse team.

On 6/27/2017 at 1:19 PM, Ben said:

Unfortunately, because curl_exec is a blocking call, your server will actually hang whenever a post is made to the Discord webhook API. I did this a few weeks ago, and even with two users online, the effect on performance was noticeable, and this could very easily be abused by creating bots which login to the server repeatedly.

PHP is able to execute multiple curl requests at once, but there isn't a way (as far as I know), to carry on with your socket server loop before the requests are complete, not without using an extension which brings real multithreading to PHP, like pthreads.

A nice idea, and it works, to a degree, don't use this if your server has many players. :)

Just wanted to say the same thing, whenever Discord's API would act up or have high latency, Club Penguin Rewritten would freeze up entirely.

Use it for minor things.

1 hour ago, ReidTJ said:

For Bitmitigate, do I have to get Game Servers or can I get websites?

For your game servers, you can get the reverse proxies, while you can get the CDN for free.

You can check out Penguin Hub for all the required resources.

1 minute ago, Ben said:

Hiding your VPS' IP address is just security through obscurity and it's reccomended you always steer clear of these approaches, even though quite often they might be worth implementing anyway.

Ultimately your CPPS has a game client, which must connect to a game server, you can't hide the address. What you can do is make use of a reverse proxy to try and filter attacks, there are services online (which you pay for), which offer "DDoS protected" reverse proxies, as you would be pointing your game client to the proxy address, you would, in essence, be "hiding" your real game server IP.

There are also virtual server hosting providers such as OVH who provide DDoS protection as part of all of their plans (paid for by distributing the cost across all of their customers). Beware though, lots of hosting providers claim to be able to protect you from attacks, but can't, make sure to read up on reviews before getting ripped off.

You should read up on how to secure linux servers from different types of attack, before trying to setup any services which you run publicly, it only takes one google search to find out how to do things the correct way, and of course you're always welcome to make support topics here if you're stuck with anything.

would also like to mention https://bitmitigate.com/ which offers a free anycast CDN which caches static content, and reverse proxies for a cheap price, both DDoS protected.

If it does not have DDoS protection it can be attacked very easily using $5 booters. If you're owning a CPPS, it's very easy to fetch your IP and port using a packet editor.

You should also install software like fail2ban to block SSH bruteforce attempts.

Never played it, so i couldn't care less.

Discord of course.

Did you modify the bootstrap to point to your own domain?

As much as i like Vintage Penguin, i personally would've liked it more if it actually used the 2005-2007 client rather than giving the AS2 client a makeup.

1 hour ago, Zaseth said:

Look, If you don't like this thread then just don't comment on it. There's a paid version that is upto date.

No one uses PHP 3.7 anymore, so your topic is utterly useless.

So basically you released a fork of https://github.com/maurosoria/dirsearch and claimed it was yours. Maybe you should read the license.

There are quite a few ways to compromise someones security using a fake image which IPS allows. Please consider disabling adding images via urls.

Looks pretty good - although i don't have a mac so i can test it.