All Discussions > Tools & Servers > Source Dedicated Server (Linux) > Topic Details
[sbf] rabab Jan 8, 2022 @ 12:36pm
IP rate limiting client
Anyone know what this is? I've been getting these messages for some time now. I can't find anything online with definitive useful info. I also noticed my second server running on the same host/ip doesn't get this. The server that does is running on 27015.

IP rate limiting client 76.76.21.21:80 at 301 hits (2 buckets, 300 global count).
IP rate limiting client 76.76.21.21:80 sustained 20306 hits at 676.9 pps (3 buckets, 304 global count).
IP rate limiting client 76.76.21.21:80 at 301 hits (3 buckets, 300 global count).
IP rate limiting client 76.76.21.21:80 sustained 21546 hits at 718.2 pps (2 buckets, 302 global count).
IP rate limiting client 76.76.21.21:80 at 301 hits (2 buckets, 300 global count).
IP rate limiting client 76.76.21.21:80 sustained 21464 hits at 715.5 pps (3 buckets, 304 global count).
IP rate limiting client 76.76.21.21:80 at 301 hits (3 buckets, 300 global count).
IP rate limiting client 51.79.240.179:30119 at 301 hits (6 buckets, 302 global count).
IP rate limiting client 185.93.3.105:16078 at 301 hits (11 buckets, 320 global count).
IP rate limiting client 185.93.3.105:16078 at 513 hits (8 buckets, 314 global count).


Thanks!
< >
Showing 1-6 of 6 comments
Sepp Jan 8, 2022 @ 10:52pm 
I also had those...also only on servers running on the default port 27015. I suspect these are coming from users with malicious intent (randomly trying to crash servers or trying other exploits...which is why it's usually seen on port 27015). It is probably of no concern since the message states that the packets coming from the client are rate limited. Also the numbers you get suggest it is a very low amount. It might also be that those users are just using a 3rd party tool for querying servers which is sending the query packets "too aggressively".
I moved my servers away from 27015 as I suspected that those messages might be the reason for the lag I was getting from time to time on the server.
#1
[N]ebsun Jan 9, 2022 @ 11:53pm 
yes it looks like those ip's were trying to do something malicious and were hitting a rule that eventually got them rate limited.

abuseipdb has a couple of reports of a port scan from the first ip
same for the second ip
last ip has a ton or reports for mail spam

If you have any control over that server, you can put something like fail2ban to detect and block IP addresses that attempt malicious activity
Last edited by [N]ebsun; Jan 9, 2022 @ 11:54pm
#2
[sbf] rabab Jan 21, 2022 @ 10:10pm 
Thank you for your responses! Helpful!
#3
76561198818844580 Aug 22, 2022 @ 5:25pm 
Zaso ne tredda
#4
76561198818844580 Aug 22, 2022 @ 5:25pm 
Trenda
#5
MdeA Sep 21, 2022 @ 3:00pm 
omg
#6
< >
Showing 1-6 of 6 comments
Per page: 1530 50

All Discussions > Tools & Servers > Source Dedicated Server (Linux) > Topic Details
Date Posted: Jan 8, 2022 @ 12:36pm
Posts: 6
Start a New Discussion

Discussions Rules and Guidelines