DDoS

[VicKy]

How To Protect Server Or Cloud From Ddos Attack Its Very Important All Have Need
SO Please Explain

[Raheem]

Let's all share in this topic, I invite all to participate and give their own view.

OK, let me start.

You must before anything know that there are many types of DoS/DDoS attacks, UNLIMITED.
You can first think to block them via IPTables, but this will be an unsuccessful way in many cases for the following reasons:

1. There are many types of UDP based DoS/DDoS attacks. It will be hard to track every attack and analyze it to be able to put a successful filter. It's also time-consuming, to detect each case and filter it.
2. The packets maybe 100% the same as legit, and in this case, you cannot put any filter.
3. IPTables is too late, the packet already hit your device, mostly IPTable won't be able to protect to a good extend. But it's better than nothing.
4. You will need to learn how to use many modules in IPTables, to be able to do a good job using it.
5. IPTables already tested as a solution and failed. The failure of such a method can be seen in NFO Anti-DDoS protection, they automatically try to match good rules that will protect. But mostly their protection so easy to penetrate.

So you should not first think to protect yourself using IPTables. Because it's not that efficient. Will take your time, and give you nothing at the end. You will be still under DDoS/DoS.

I'll share more later, tell me your opinion

[lizoumapper]

Frankly,Talk with support hosting !

[Raheem]

Frankly,Talk with support hosting !

A good point to state.

Let me continue,

Personally, I ran a community from 2013~2015 and it was classic Mod plus some other mods. At this time I remember we were many inside the server and the server almost was full most of the time [No boost at all]. I would say, I never got DDoS/DoS attacks although I was using zero-protected VPS(s). You must ask yourself, why someone wastes his time/money... etc to just attack you. A point to be noted.

OK, I'm sorting the service providers into 3-zones (Based on protection level):

1. Asian (Russia, China... etc.)
2. US (USA, canada)
3. Europe (Germany, UK.. etc.)

Asian zone mostly has 0 protection against UDP attacks. Costly to get a well-protected device especially against UDP based attacks. So this zone does not invest much in this field. For example, the easiest servers to attack are those hosted in RU.

US zone, a good choice, and they are advanced in both protocols whether TCP or UDP based attacks. But usually, protection only provided to dedicated servers, not VPS/VDS. This means you will pay more.

Europe zone, has many levels and moderate prices. I'm stating some examples, Hetzener has medium protection against UDP-based attacks. There also OVH which has a little higher performance than Hetzener, but for a higher price.

OK, let's simplify things.

There are two things you need to know:

1. Exploits - Thanks to ReHLDS team who reverse-engineered CS HLDS, now the code is open source. There should be from time to time some people who trace exploits and use them against servers. Their aim either to create money from such exploits or just to bug others. In such cases, you should get enough information about the exploit and make an issue on ReHLDS github. And hopefully, the ReHLDS team will resolve it. Such issues related to the game engine or game core should be fixed by the game developer (in our case ReHLDS team). The hosting company not related to this.
2. DoS/DDoS - In this one, there should be good filtering devices installed before your dedicated server to protect it. You will need to communicate with your service provider and ask him to explain the levels of protection for the device.

So in general, you will need to pay more to get DoS/DDoS protected device, especially for UDP attacks.

Later, I'll share my opinion about OVH UDP protection. What their advantages/disadvantages, and is it the best solution to go with or not.

[Raheem]

OK, here I'm writing my experience with OVH UDP/TCP protection that can be useful for game servers.

Most attacks that can take down the CS1.6 server will be UDP based, the reason is that the game basically uses this protocol for transmitting data between user/server. As I said in #2, #4 most service providers do not provide good protection for this protocol. But one of the providers that claimed to have good UDP protection is OVH. In this post let's see the advantages/disadvantages to use their UDP protection.

OVH said that it has devices before your dedicated server, and they will filter the packets before allowing them to hit your machine. In the case of malicious packets, they will be dropped in earlier stages. OVH provides UDP protection in only special dedicated servers.

Advantages of their protection:

1. Easy to use, for simplicity all you need to do is to add the UDP port and the protection will be enabled on this port. Which means all packets will be filtered first.
2. It will mitigate as much as it can. You don't need to analyze packets... etc. but the devices placed before your dedicated server by them will do the job.

Disadvantages of their protection:

1. Lag during connection to your server, almost one of the most annoying things about their protection is that it lags all clients when they try to connect to the server. Sometimes this results in dropping clients.
2. The protection may fail many times, and this will result in dropping all clients. We recorded this in this topic viewtopic.php?f=22&t=3326. It may take a large time from their side to fix their issues.
3. During large attacks, they usually will not be able to filter legit/malicious packets well. For this reason, if a client is not trusted (defined by their protection devices), he may be dropped and he is a legit user. So false dropping is possible under medium to large attacks.
4. They do not offer UDP protection for VPS, this means you need to buy a dedicated server which is expensive +90$/month. In case you running one server this will be not suitable at all. (Can be resolved if you bought old devices from soyoustart, just a suggestion)

OK, so the overall score I may give to their protection 60~70%. Not a bad solution, but at the same time, not the same as they are claiming. Personally, I'm recommending them only in one case: If you cannot find protection that is higher than them.

I have spent some time debugging their protection (maybe 3 years ago), and as a conclusion, it's not the same as they saying. But at the end, I'm telling you to choose 0% protected or 60~70% what you will choose?

This all about their protection, you now got some ideas about them. I'll continue to post some more posts later.

[ngamerz]

So basically, I have to stick with OVH on this time, since that's only cheapest plus unmanaged VPS/Dedi provider in singapore. Nothing can beat OVH in singapore in terms of cheap.

[Raheem]

In case you wanna OVH protection at cheap prices then, you will need to get one of the following:

1. SoYouStart - Official brach that sells devices that got old. I think you will not find Asian zone.
2. FullTimeHosting - Reseller, I cannot find also Asian zone here.
3. ExtraVM - Reseller, he has Singapore.

Please note that dealing with resellers, not the best thing to do. They can anytime terminate your service without reason or you may lose the IP at any time. The best is to be with the original supplier directly, SoYouStart is official. But to be with official, you know you will need to pay more, check here. You can search for more, these what I know.

[lizoumapper]

In case you wanna OVH protection at cheap prices then, you will need to get one of the following:

1. SoYouStart - Official brach that sells devices that got old. I think you will not find Asian zone.
2. FullTimeHosting - Reseller, I cannot find also Asian zone here.
3. ExtraVM - Reseller, he has Singapore.

Please note that dealing with resellers, not the best thing to do. They can anytime terminate your service without reason or you may lose the IP at any time. The best is to be with the original supplier directly, SoYouStart is official. But to be with official, you know you will need to pay more, check here. You can search for more, these what I know.

And http://www.cloudways.com/

[Raheem]

Here I'm giving a review about Hetzener protection.

Why you may use them?

• Mainly, because their prices are low.

But what about their protection?

• They are using some good hardware before your dedicated server to protect it.
• They provide protection against both UDP/TCP and others. But mainly for HL/CS you are protecting your UDP (ex. 27015).
• Their protection is moderate (4-layer, OVH is 7-layer).
• You can easily enable it.

Do I recommend their protection? Yes if you are looking for something cheap (starting at 30 EUR/month).
The score may I give to them 40~50%.
The price is low, so don't expect 100%. At least for the price I see the protection level is fine.

I think they have data centers in Germany only. Maybe this is the bad thing about them.
I don't test them personally, if someone tested and finds they are better than my review, then please comment down. My recommendation, not bad and not expensive to try if you are a victim of DDoS.

[Raheem]

I'll talk about protected solutions in the US zone.

I said before that there are many good hosting in the US zone, you will need to search and try for the best solution. I'll state the two solutions I'm aware of.

Solutions for US zone:

1. Choopa
   • They protect TCP/UDP, so it can be useful in CS/HL server hosting.
   • Their protection is built by their engineers.
   • They only selling dedicated servers +100$/month, which will be suitable only for communities with +6 servers. You may also search for good resellers that resell their service as VPS/VDS (low prices).
2. Canada OVH Data center
   • OVH provide UDP protection in their Canada data center.
   • Consider using SoYouStart for lower prices (But it's also old devices). SoYouStart has a Canada location (+35 EUR/month).
   • Advantages/Disadvantages will be same as stated in #5

There are many good options in the US zone. I just give some examples and you need to explore yourself, search and ask.

You can ask here:

• WebHostingTalk
• LowEndTalk

There also others where you can ask, just search.