DDoS Attacks

Installation Problems Support
Post Reply
User avatar
VicKy
Mod Tester
Mod Tester
Pakistan
Posts: 87
Joined: 4 years ago
Contact:

DDoS Attacks

#1

Post by VicKy »

How to protect my Server from DDoS Attack?

Last edited by z0h1r-LK 9 months ago, edited 1 time in total.
Reason: Add topic text :)

Image

User avatar
Raheem
Mod Developer
Mod Developer
Posts: 2213
Joined: 7 years ago
Contact:

#2

Post by Raheem »

Let's all share in this topic, I invite all to participate and give their own view.

OK, let me start.

You must before anything know that there are many types of DoS/DDoS attacks, UNLIMITED.
You can first think to block them via IPTables, but this will be an unsuccessful way in many cases for the following reasons:
  1. There are many types of UDP based DoS/DDoS attacks. It will be hard to track every attack and analyze it to be able to put a successful filter. It's also time-consuming, to detect each case and filter it.
  2. The packets maybe 100% the same as legit, and in this case, you cannot put any filter.
  3. IPTables is too late, the packet already hit your device, mostly IPTable won't be able to protect to a good extend. But it's better than nothing.
  4. You will need to learn how to use many modules in IPTables, to be able to do a good job using it.
  5. IPTables already tested as a solution and failed. The failure of such a method can be seen in NFO Anti-DDoS protection, they automatically try to match good rules that will protect. But mostly their protection so easy to penetrate.
So you should not first think to protect yourself using IPTables. Because it's not that efficient. Will take your time, and give you nothing at the end. You will be still under DDoS/DoS.

I'll share more later, tell me your opinion :thinking:
He who fails to plan is planning to fail
User avatar
z0h1r-LK
Mod Developer
Mod Developer
Morocco
Posts: 535
Joined: 5 years ago
Location: The Red City ❤
Contact:

#3

Post by z0h1r-LK »

Frankly,Talk with support hosting !
User avatar
Raheem
Mod Developer
Mod Developer
Posts: 2213
Joined: 7 years ago
Contact:

#4

Post by Raheem »

lizoumapper wrote: 3 years ago Frankly,Talk with support hosting !
A good point to state.

Let me continue,

Personally, I ran a community from 2013~2015 and it was classic Mod plus some other mods. At this time I remember we were many inside the server and the server almost was full most of the time [No boost at all]. I would say, I never got DDoS/DoS attacks although I was using zero-protected VPS(s). You must ask yourself, why someone wastes his time/money... etc to just attack you. A point to be noted.

OK, I'm sorting the service providers into 3-zones (Based on protection level):
  1. Asian (Russia, China... etc.)
  2. US (USA, canada)
  3. Europe (Germany, UK.. etc.)
Asian zone mostly has 0 protection against UDP attacks. Costly to get a well-protected device especially against UDP based attacks. So this zone does not invest much in this field. For example, the easiest servers to attack are those hosted in RU.

US zone, a good choice, and they are advanced in both protocols whether TCP or UDP based attacks. But usually, protection only provided to dedicated servers, not VPS/VDS. This means you will pay more.

Europe zone, has many levels and moderate prices. I'm stating some examples, Hetzener has medium protection against UDP-based attacks. There also OVH which has a little higher performance than Hetzener, but for a higher price.

OK, let's simplify things.

There are two things you need to know:
  1. Exploits - Thanks to ReHLDS team who reverse-engineered CS HLDS, now the code is open source. There should be from time to time some people who trace exploits and use them against servers. Their aim either to create money from such exploits or just to bug others. In such cases, you should get enough information about the exploit and make an issue on ReHLDS github. And hopefully, the ReHLDS team will resolve it. Such issues related to the game engine or game core should be fixed by the game developer (in our case ReHLDS team). The hosting company not related to this.
  2. DoS/DDoS - In this one, there should be good filtering devices installed before your dedicated server to protect it. You will need to communicate with your service provider and ask him to explain the levels of protection for the device.
So in general, you will need to pay more to get DoS/DDoS protected device, especially for UDP attacks.

Later, I'll share my opinion about OVH UDP protection. What their advantages/disadvantages, and is it the best solution to go with or not.
He who fails to plan is planning to fail
User avatar
Raheem
Mod Developer
Mod Developer
Posts: 2213
Joined: 7 years ago
Contact:

#5

Post by Raheem »

OK, here I'm writing my experience with OVH UDP/TCP protection that can be useful for game servers.

Most attacks that can take down the CS1.6 server will be UDP based, the reason is that the game basically uses this protocol for transmitting data between user/server. As I said in #2, #4 most service providers do not provide good protection for this protocol. But one of the providers that claimed to have good UDP protection is OVH. In this post let's see the advantages/disadvantages to use their UDP protection.

OVH said that it has devices before your dedicated server, and they will filter the packets before allowing them to hit your machine. In the case of malicious packets, they will be dropped in earlier stages. OVH provides UDP protection in only special dedicated servers.

Advantages of their protection:
  1. Easy to use, for simplicity all you need to do is to add the UDP port and the protection will be enabled on this port. Which means all packets will be filtered first.
  2. It will mitigate as much as it can. You don't need to analyze packets... etc. but the devices placed before your dedicated server by them will do the job.
Disadvantages of their protection:
  1. Lag during connection to your server, almost one of the most annoying things about their protection is that it lags all clients when they try to connect to the server. Sometimes this results in dropping clients.
  2. The protection may fail many times, and this will result in dropping all clients. We recorded this in this topic viewtopic.php?f=22&t=3326. It may take a large time from their side to fix their issues.
  3. During large attacks, they usually will not be able to filter legit/malicious packets well. For this reason, if a client is not trusted (defined by their protection devices), he may be dropped and he is a legit user. So false dropping is possible under medium to large attacks.
  4. They do not offer UDP protection for VPS, this means you need to buy a dedicated server which is expensive +90$/month. In case you running one server this will be not suitable at all. (Can be resolved if you bought old devices from soyoustart, just a suggestion)
OK, so the overall score I may give to their protection 60~70%. Not a bad solution, but at the same time, not the same as they are claiming. Personally, I'm recommending them only in one case: If you cannot find protection that is higher than them.

I have spent some time debugging their protection (maybe 3 years ago), and as a conclusion, it's not the same as they saying. But at the end, I'm telling you to choose 0% protected or 60~70% what you will choose?

This all about their protection, you now got some ideas about them. I'll continue to post some more posts later.
He who fails to plan is planning to fail
ngamerz
Member
Member
Philippines
Posts: 37
Joined: 4 years ago
Location: Philippines From South Korea

#6

Post by ngamerz »

So basically, I have to stick with OVH on this time, since that's only cheapest plus unmanaged VPS/Dedi provider in singapore. Nothing can beat OVH in singapore in terms of cheap.
User avatar
Raheem
Mod Developer
Mod Developer
Posts: 2213
Joined: 7 years ago
Contact:

#7

Post by Raheem »

In case you wanna OVH protection at cheap prices then, you will need to get one of the following:
  1. SoYouStart - Official brach that sells devices that got old. I think you will not find Asian zone.
  2. FullTimeHosting - Reseller, I cannot find also Asian zone here.
  3. ExtraVM - Reseller, he has Singapore.
Please note that dealing with resellers, not the best thing to do. They can anytime terminate your service without reason or you may lose the IP at any time. The best is to be with the original supplier directly, SoYouStart is official. But to be with official, you know you will need to pay more, check here. You can search for more, these what I know.
He who fails to plan is planning to fail
User avatar
z0h1r-LK
Mod Developer
Mod Developer
Morocco
Posts: 535
Joined: 5 years ago
Location: The Red City ❤
Contact:

#8

Post by z0h1r-LK »

Raheem wrote: 3 years ago In case you wanna OVH protection at cheap prices then, you will need to get one of the following:
  1. SoYouStart - Official brach that sells devices that got old. I think you will not find Asian zone.
  2. FullTimeHosting - Reseller, I cannot find also Asian zone here.
  3. ExtraVM - Reseller, he has Singapore.
Please note that dealing with resellers, not the best thing to do. They can anytime terminate your service without reason or you may lose the IP at any time. The best is to be with the original supplier directly, SoYouStart is official. But to be with official, you know you will need to pay more, check here. You can search for more, these what I know.
And http://www.cloudways.com/
User avatar
Raheem
Mod Developer
Mod Developer
Posts: 2213
Joined: 7 years ago
Contact:

#9

Post by Raheem »

Here I'm giving a review about Hetzener protection.

Why you may use them?
  • Mainly, because their prices are low.
But what about their protection?
  • They are using some good hardware before your dedicated server to protect it.
  • They provide protection against both UDP/TCP and others. But mainly for HL/CS you are protecting your UDP (ex. 27015).
  • Their protection is moderate (4-layer, OVH is 7-layer).
  • You can easily enable it.
Do I recommend their protection? Yes if you are looking for something cheap (starting at 30 EUR/month).
The score may I give to them 40~50%.
The price is low, so don't expect 100%. At least for the price I see the protection level is fine.

I think they have data centers in Germany only. Maybe this is the bad thing about them.
I don't test them personally, if someone tested and finds they are better than my review, then please comment down. My recommendation, not bad and not expensive to try if you are a victim of DDoS.
He who fails to plan is planning to fail
User avatar
Raheem
Mod Developer
Mod Developer
Posts: 2213
Joined: 7 years ago
Contact:

#10

Post by Raheem »

I'll talk about protected solutions in the US zone.

I said before that there are many good hosting in the US zone, you will need to search and try for the best solution. I'll state the two solutions I'm aware of.

Solutions for US zone:
  1. Choopa
    • They protect TCP/UDP, so it can be useful in CS/HL server hosting.
    • Their protection is built by their engineers.
    • They only selling dedicated servers +100$/month, which will be suitable only for communities with +6 servers. You may also search for good resellers that resell their service as VPS/VDS (low prices).
  2. Canada OVH Data center
    • OVH provide UDP protection in their Canada data center.
    • Consider using SoYouStart for lower prices (But it's also old devices). SoYouStart has a Canada location (+35 EUR/month).
    • Advantages/Disadvantages will be same as stated in #5
There are many good options in the US zone. I just give some examples and you need to explore yourself, search and ask.

You can ask here: There also others where you can ask, just search.
He who fails to plan is planning to fail
User avatar
Raheem
Mod Developer
Mod Developer
Posts: 2213
Joined: 7 years ago
Contact:

#11

Post by Raheem »

So let's summarize what I said till now.

Before running a CS/HL server (CS1.6/HL/CSCZ/CSS/CSGO) you need to think about DDoS/DoS protection. CS/HL servers are subjected to UNLIMITED types of DoS/DDoS attacks, that can take down your server for some time. Most of the attacks that can take down your server are UDP-based. This is why when you search for hosting you need to ensure if it has UDP mitigation or not.

Anti-DDoS solutions will cost the hosting provider extra money. This is the reason why you will need to pay more for a DDoS-protected service. And some providers do not invest in protection, and some do not provide UDP protection but provide only TCP. All providers aim to minimize their cost to earn more, and you need to search for good hosting that has good protection.

You need to know that you may be with the main hosting provider like to be with OVH directly, and you may be with a reseller that buys their service and resell it as VPS/VDS. Be noted that yes you will pay less with a reseller, but you are subjected to disturbing things. I give you a short story about resellers. ExtraVM is a reseller, I was using it for some time and sometimes when I get DDoSed he suspended the service telling me that I used the VPS to launch a DDoS, and the fact is that I was a victim. After the suspension, I lost all things, and databases got corrupted... etc. Was a horrible experience that why I'm telling you this. One more thing to note always, resellers can anytime change your server IP without any valid reason. This something to fear as you know if IP changes you will lose many players. So please before you say I'll choose a reseller because of the lower cost, think about the harm that they can do for you after a short period.

Regardless of the reason why someone will attack you, you must protect yourself to a good extend. As I discussed that IPTables is not a practical solution. So you need to look for some robust/practical solutions, and I already discussed some in this topic. You need to try one of them and evaluate it yourself.

So to rest in peace, follow what I said. And put in your mind, protection is relative and we just need to make the attacker believe he fails so he does not try to attack again and again. He still can restrike but as said earlier, it's better than the 0-protected level.
He who fails to plan is planning to fail
ngamerz
Member
Member
Philippines
Posts: 37
Joined: 4 years ago
Location: Philippines From South Korea

#12

Post by ngamerz »

Raheem wrote: 3 years ago So let's summarize what I said till now.

Before running a CS/HL server (CS1.6/HL/CSCZ/CSS/CSGO) you need to think about DDoS/DoS protection. CS/HL servers are subjected to UNLIMITED types of DoS/DDoS attacks, that can take down your server for some time. Most of the attacks that can take down your server are UDP-based. This is why when you search for hosting you need to ensure if it has UDP mitigation or not.

Anti-DDoS solutions will cost the hosting provider extra money. This is the reason why you will need to pay more for a DDoS-protected service. And some providers do not invest in protection, and some do not provide UDP protection but provide only TCP. All providers aim to minimize their cost to earn more, and you need to search for good hosting that has good protection.

You need to know that you may be with the main hosting provider like to be with OVH directly, and you may be with a reseller that buys their service and resell it as VPS/VDS. Be noted that yes you will pay less with a reseller, but you are subjected to disturbing things. I give you a short story about resellers. ExtraVM is a reseller, I was using it for some time and sometimes when I get DDoSed he suspended the service telling me that I used the VPS to launch a DDoS, and the fact is that I was a victim. After the suspension, I lost all things, and databases got corrupted... etc. Was a horrible experience that why I'm telling you this. One more thing to note always, resellers can anytime change your server IP without any valid reason. This something to fear as you know if IP changes you will lose many players. So please before you say I'll choose a reseller because of the lower cost, think about the harm that they can do for you after a short period.

Regardless of the reason why someone will attack you, you must protect yourself to a good extend. As I discussed that IPTables is not a practical solution. So you need to look for some robust/practical solutions, and I already discussed some in this topic. You need to try one of them and evaluate it yourself.

So to rest in peace, follow what I said. And put in your mind, protection is relative and we just need to make the attacker believe he fails so he does not try to attack again and again. He still can restrike but as said earlier, it's better than the 0-protected level.
This happen in me before, I have weak root password at that time. Only way to get rid of that, is by putting strong password. (Mine is 64 characters).
User avatar
Raheem
Mod Developer
Mod Developer
Posts: 2213
Joined: 7 years ago
Contact:

#13

Post by Raheem »

I'm not personally using resellers anymore. Also, I don't run servers since 4 years.

This just for anyone, it may help.
He who fails to plan is planning to fail
User avatar
VicKy
Mod Tester
Mod Tester
Pakistan
Posts: 87
Joined: 4 years ago
Contact:

#14

Post by VicKy »

Raheem wrote: 3 years ago OK, here I'm writing my experience with OVH UDP/TCP protection that can be useful for game servers.

Most attacks that can take down the CS1.6 server will be UDP based, the reason is that the game basically uses this protocol for transmitting data between user/server. As I said in #2, #4 most service providers do not provide good protection for this protocol. But one of the providers that claimed to have good UDP protection is OVH. In this post let's see the advantages/disadvantages to use their UDP protection.

OVH said that it has devices before your dedicated server, and they will filter the packets before allowing them to hit your machine. In the case of malicious packets, they will be dropped in earlier stages. OVH provides UDP protection in only special dedicated servers.

Advantages of their protection:
  1. Easy to use, for simplicity all you need to do is to add the UDP port and the protection will be enabled on this port. Which means all packets will be filtered first.
  2. It will mitigate as much as it can. You don't need to analyze packets... etc. but the devices placed before your dedicated server by them will do the job.
Disadvantages of their protection:
  1. Lag during connection to your server, almost one of the most annoying things about their protection is that it lags all clients when they try to connect to the server. Sometimes this results in dropping clients.
  2. The protection may fail many times, and this will result in dropping all clients. We recorded this in this topic viewtopic.php?f=22&t=3326. It may take a large time from their side to fix their issues.
  3. During large attacks, they usually will not be able to filter legit/malicious packets well. For this reason, if a client is not trusted (defined by their protection devices), he may be dropped and he is a legit user. So false dropping is possible under medium to large attacks.
  4. They do not offer UDP protection for VPS, this means you need to buy a dedicated server which is expensive +90$/month. In case you running one server this will be not suitable at all. (Can be resolved if you bought old devices from soyoustart, just a suggestion)
OK, so the overall score I may give to their protection 60~70%. Not a bad solution, but at the same time, not the same as they are claiming. Personally, I'm recommending them only in one case: If you cannot find protection that is higher than them.

I have spent some time debugging their protection (maybe 3 years ago), and as a conclusion, it's not the same as they saying. But at the end, I'm telling you to choose 0% protected or 60~70% what you will choose?

This all about their protection, you now got some ideas about them. I'll continue to post some more posts later.
I have the second dis advantage
I bought from evolution-host.com
Can Tell me how to resolve it ? Or whats problem so then I can contact to support

Image

User avatar
Raheem
Mod Developer
Mod Developer
Posts: 2213
Joined: 7 years ago
Contact:

#15

Post by Raheem »

VicKy wrote: 2 years ago
Raheem wrote: 3 years ago OK, here I'm writing my experience with OVH UDP/TCP protection that can be useful for game servers.

Most attacks that can take down the CS1.6 server will be UDP based, the reason is that the game basically uses this protocol for transmitting data between user/server. As I said in #2, #4 most service providers do not provide good protection for this protocol. But one of the providers that claimed to have good UDP protection is OVH. In this post let's see the advantages/disadvantages to use their UDP protection.

OVH said that it has devices before your dedicated server, and they will filter the packets before allowing them to hit your machine. In the case of malicious packets, they will be dropped in earlier stages. OVH provides UDP protection in only special dedicated servers.

Advantages of their protection:
  1. Easy to use, for simplicity all you need to do is to add the UDP port and the protection will be enabled on this port. Which means all packets will be filtered first.
  2. It will mitigate as much as it can. You don't need to analyze packets... etc. but the devices placed before your dedicated server by them will do the job.
Disadvantages of their protection:
  1. Lag during connection to your server, almost one of the most annoying things about their protection is that it lags all clients when they try to connect to the server. Sometimes this results in dropping clients.
  2. The protection may fail many times, and this will result in dropping all clients. We recorded this in this topic viewtopic.php?f=22&t=3326. It may take a large time from their side to fix their issues.
  3. During large attacks, they usually will not be able to filter legit/malicious packets well. For this reason, if a client is not trusted (defined by their protection devices), he may be dropped and he is a legit user. So false dropping is possible under medium to large attacks.
  4. They do not offer UDP protection for VPS, this means you need to buy a dedicated server which is expensive +90$/month. In case you running one server this will be not suitable at all. (Can be resolved if you bought old devices from soyoustart, just a suggestion)
OK, so the overall score I may give to their protection 60~70%. Not a bad solution, but at the same time, not the same as they are claiming. Personally, I'm recommending them only in one case: If you cannot find protection that is higher than them.

I have spent some time debugging their protection (maybe 3 years ago), and as a conclusion, it's not the same as they saying. But at the end, I'm telling you to choose 0% protected or 60~70% what you will choose?

This all about their protection, you now got some ideas about them. I'll continue to post some more posts later.
I have the second dis advantage
I bought from evolution-host.com
Can Tell me how to resolve it ? Or whats problem so then I can contact to support
I'm not in field for long time, so I can't tell a good resolution. I'm sorry for this.
He who fails to plan is planning to fail
User avatar
VicKy
Mod Tester
Mod Tester
Pakistan
Posts: 87
Joined: 4 years ago
Contact:

#16

Post by VicKy »

The Solution To Save from Attack Is not to panel and any website configuration for counter strike 1.6 server i have experienced many problems because of the panel

Because the hackers will attack your site and will down your site then your cs sv will offline

I recommend to use linux only to setup server if you want your server to keep running without any problem

Image

User avatar
z0h1r-LK
Mod Developer
Mod Developer
Morocco
Posts: 535
Joined: 5 years ago
Location: The Red City ❤
Contact:

#17

Post by z0h1r-LK »

@VicKy Thanks

Post Reply

Create an account or sign in to join the discussion

You need to be a member in order to post a reply

Create an account

Not a member? register to join our community
Members can start their own topics & subscribe to topics
It’s free and only takes a minute

Register

Sign in

Who is online

Users browsing this forum: No registered users and 1 guest