| Posted by refreshed, 10-31-2010, 10:34 PM | | So I been with the following companies:
Game Server:
volumedrive.com
SuperSpecialServers.com
Website (VPS):
newwebsite.com
burst.net
newwebsite.com cut my vps from the attacks.
Volumedrive was unable to help me and refereed me to another company.
My new ones are SuperSpecialServers.com and burst.net being attacked.
I just want to run my website and minecraft server in peace where I don't have to deal with the attacks and they are dealt with.
I'm looking for information on what companies offer this or support ddos protection and not something simple like I gotta wait 8 hours for them to block the person and then they just change it again.
It seams pretty basic they barley take down the 100Mbps connection but they do just make it. I use xenserver and it shows 100% network usage well the 100Mbps connection.
I want to just say http://www.gigenet.com I hear a lot but do they stop the attacks before they hit me or right when they hit me does it get filtered out?
Reason I ask these people seam to not want me to run my game server and use random ip's and such and it's getting really bad.
We just want to run our server in peace and so we ask you guys to help us.
We had a thread before but it's getting to the point where I'm blowing cash left and right.
Specs right now is i7 920 with 24 gigs of ram but we can do with something as powerful as the i7 with 12 gigs of ram.
Feel free to PM me or post here of companies that you know that offer protection and please PLEASE tell me the cost it seams like some charge more ontop of it.
|
| Posted by nibb, 10-31-2010, 10:47 PM | | You can try blacklotus, they offer that kind of protection but first are you really sure you are being attacked?
I mean, it seems most people that say they are being attacked run gameservers, so thats a big coincidence. There could be just people that want to connect to your server or gameserver. Because look at this, people that do play games actually have pretty decent connections and machines, that means 2 to 5 ADLS lines. It would only require a few of them to eat your 100 mbit line, so be sure first this are attacks on purpose of someone that wants to bring you down, what ever there reasons are, or if they are real connections that are getting to your server to connect
|
| Posted by DiegoRBaquero, 10-31-2010, 10:50 PM | | Do you have a firewall with auto-blocking? That should help.
|
| Posted by refreshed, 10-31-2010, 11:02 PM | | We had a iptable rule where it caused a 100% cpu each time we were attacked.
example: http://i52.tinypic.com/21l4sih.png
I just got a email from gigenet I'm really disappointed
EDIT: this example was not to show you the CPU usage of the protection just that attacks. I don't have that setup anymore since it never seam to work. It's almost like I need something outside and if I see a big connection hitting the server at say 5Mbps+ then I could ban it from a interface or is our technology not there yet?
Last edited by refreshed; 10-31-2010 at 11:06 PM.
|
| Posted by MikeDVB, 10-31-2010, 11:20 PM | | The problem is that game servers are always huge targets for DoS/DDoS attacks. A lot of it comes from people who hack and get caught+banned who "get revenge".
Have you kicked/banned a lot of people lately or anybody who through a particularly large fuss about it?
|
| Posted by refreshed, 10-31-2010, 11:27 PM | | Minecraft is in Alpha stage and we have banned and kick a lot of people. There is no way I already tried that card.
I was told by someone that they were ddosing big servers to gain more players.
I mean it's I find a host that can protect me or this job is over.
|
| Posted by MikeDVB, 10-31-2010, 11:29 PM | | I'd try and find a provider that offers a solid hardware firewall with an API where you can inject IPs to block directly from your web servers or game servers. Assuming the attacks aren't large enough to overwhelm the firewall's inbound port that would be the best option.
Web servers and game servers themselves (and iptables) are good for basic use but they really tend to fall flat on their face and/or cause issues when used to mitigate a large DDoS attack.
|
| Posted by nibb, 10-31-2010, 11:39 PM | | I already told you who can. BlackLotus
www.blacklotus.net
|
| Posted by refreshed, 10-31-2010, 11:39 PM | | Burst net offers a firewall service for $50 would that be what you mean?
|
| Posted by refreshed, 10-31-2010, 11:42 PM | | You have seen there costs right?
Elite A3 Intel Atom 510 DC (score: 666) 2GB DDR2-800 500GB SATA II 7200RPM $330.00
Let's not get silly we run a game and play it. I work part time I don't make 1000's a month and I don't even make a 1000 a month. But I do get a few donations and I work part time to do something like 200-400 if it's really good.
|
| Posted by nibb, 10-31-2010, 11:42 PM | | How would this persons control a botnet? Gamers that have botnets?
A DDOS is a distributed attack. If its only a DOS where they use their home computers to make the attack it should be fairly simple to block them.
|
| Posted by nibb, 10-31-2010, 11:46 PM | | Then you are screwed because DOS attacks are not cheap. Not a single provider that is a budget one will be able to take the loss for you. Most of them will open you the door to look another company if you get attacks, as they dont want to deal with them. Dos protection is by no way cheap and I find Blacklotus to be very affordable. Before them nobody would even consider helping someone unless they could start paying thousands a month. The cheapest solution some time back was 500$ a month, starting costs, more or less.
I mean, you want Dos protection but are not willing to pay? Then there is no much someone can do but just to provide you basic tools like a firewall and you take it on from there.
|
| Posted by refreshed, 10-31-2010, 11:48 PM | | We have had 2 diff attacks. One where we get flooded random:
And I have tons of logs like that from iftop it was just random hosting companies....
Then I had the 1 attack that would just drain bandwidth for hours none stop.
Right now it seams like the first attack is what is happening but I mean because it's remote I can't seam to really be there to monitor the attack.
|
| Posted by MikeDVB, 10-31-2010, 11:55 PM | | Yep, expensive.
Not sure what their firewall service entails so I'm not going to say yes or no, you'll need to look into it.
Welcome to the world of being a DDoS target, it's not going to be cheap. One of a few things happens: they eventually stop and you just live through it, you pay exorbitant amounts of money to filter/stop/mitigate it, you decide it's not worth it and you move on.
I'm not telling you to give up - from personal experiences with DDoS attacks they tend to last 7 days or less but if you've pissed of somebody who really has a grudge they could realistically run it as long as they have the resources to do so.
I'm sure people who have access to botnets probably do play games from time to time and I'm sure there are those that don't play games as well.
If it is a DDoS attack then yes, it's a huge issue and hard to block - if it's a DoS then it's just a simple case of blocking it in the software firewall in most cases.
|
| Posted by refreshed, 11-01-2010, 12:01 AM | | Would anyone be willing to look at my server for me here? Not sure if that is against the rules someone with a rep here on WHT. At this point its trust a stranger that might have a few moments to monitor it for me and offer advice or just go all out and shut down the server.
Thanks
Also thanks for the people taking the time to talk even talking about it cheers me up a bit. I also making a video on youtube to explain my issue more clearly. I have a bad typing skill.
|
| Posted by nibb, 11-01-2010, 12:01 AM | | Have you tried a script like dos deflate?
It will ban any IPs that open XX number of connections, but it will be useless if its a distributed attack, then you will need something on the network side or infront of the server like Blacklotus can offer you because your server will just crash trying to block all the traffic.
Another solution is to hire a sys admin or someone that can look into your server, monitor it and possible check for a solution when this is happening, maybe they got a better clue into how to block this when they log in and see where the attacks come in case its not distributed.
I dont think a hosting company will be able to help you with this as they provider hardware/network. You should check a sys admin that can configure you a firewall for example infront of the server or go with a managed server. If the attacks are big and distributed like I said before, there is sadly nothing you can do. Its a big flaw on how the internet works and it will require some years until all hardware vendors, hosting companies, ISP, etc collaborate together to disconnect the origins of an attack like ArborPeak is starting to do.
|
| Posted by refreshed, 11-01-2010, 12:47 AM | | Here I want to add more info and questions.
I explained my issue more here: http://www.youtube.com/watch?v=bHFDR0xJjqY
(also get to see what kind of game minecraft is hehe)
Also a person told me to do this command and send it to him: tcpdump -i eth0 -s 0 -w /tmp/data.pcap
The file started before a ddos and about 2 minutes or so it was over 2gigs in size.
is this normal?
|
| Posted by ddosguru, 11-01-2010, 02:27 AM | | If all of the DDoS is hitting your server then yes, it is quite normal.
|
| Posted by Trix, 11-01-2010, 05:58 AM | | What script/command did you get these results?
I know SD/KC wouldn't allow abusive customers on their network.
|
| Posted by refreshed, 11-01-2010, 06:26 AM | | iptop I'm pretty sure they are using spoofed ip's.
|
| Posted by starline, 11-01-2010, 08:36 AM | | Seems you can try ethproxy too. But, I don't have any experience with them and they seem to be having higher costs than what you mentioned..
|
| Posted by refreshed, 11-01-2010, 09:18 PM | | I'm told that the ISP could shutdown udp and upstream or something to prevent all of this but I'm with superspecialservers.com now and it seams that they can't stop this or at least from what I can tell they have not tried.
It looks like they are a reseller and probably never touch the physical machines let alone have any control of the routers in the datacenter.
So I might just be screwed right now having 3 active servers 2 of them paid for 4 months in advanced.
|
| Posted by nibb, 11-01-2010, 09:34 PM | | Where are you located or your gamers are?
To be honest I never heard of superspecialservers.com before, their whois shows someone in France. Is this is a US company with servers in the US?
What did they told you when you ask for looking into your box? Do you have any bandwidth graphs? If this is Linux run this command and show the output:
netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n
Which ports do you need for your game, are all other ports closed?
Im looking at your video and Im sorry this is happening to you, but your budget is a bit low for the type of machine you request + a good network which is protected. What in the world is that what you are playing anywhere? I dont understand it, ist just some boxes running around? I honestly believe you are not being DDOS but that you are on a hell of a crap network and your provider is WAY to cheap, 200$ for 24 GB RAM? Its not a wonder your service is not working, I mean, are sure its not just the network which heavily oversold? Its really hard to tell you what to do without any more information.
Are you hosted in HOSTNOC? You use xen? What you are saying that when you block everything with iptables and the CPU starts to go up that means there is a buffering in the server, if you look at my posts you will find I replicated the same issue a week ago with a very small box. First of all that should not happen on a 24 GB server, not even with Iptables, it should handle a couples of thousands IPs. Lets make sure you really have the hardware they say you have and network they say they give you. Then based on this, lets see traffic hitting the machine.
Last edited by nibb; 11-01-2010 at 09:48 PM.
|
| Posted by angathan, 11-02-2010, 04:08 AM | | you can try to install csf in your VPS, which will protect your server from dDos attack.
|
| Posted by MikeDVB, 11-02-2010, 04:50 AM | | If the DDoS attack is large enough to be a concern using CSF+IPTables is just going to cause more problems than it solves.
|
| Posted by PeakVPN-KH, 11-03-2010, 01:17 AM | | Thanks for the mention.
The OP did approach us and our sales team spoke with him but unfortunately could not come to an agreement. It is true there is more expense involved if you want true ddos protection compared to traditional hosting.
If that is a complete iftop then you don't appear to be under attack currently unless you have another interface? It also could be network related or the attack is on/off in bursts. You may try a regular ddos protected VPS or something like that. Black Lotus (mentioned previously) offers a cloud-based solution which may fit your budget a little better. I hate to recommend any thing without seeing actual traffic graphs. Do you have something like MRTG graphs at the router level? Do you really need that large of a server for this game? I have seen some very intense multiplayer games run on much less resources.. Just curious?
Note on Superspecialservers:
Checking 'superspecialservers.com' they appear to be a reseller of Sentris.com --> reseller of OLM and their other test IP's point to a Road Runner subscriber line as well as Burst.net.
Best of luck with your search!
Last edited by PeakVPN-KH; 11-03-2010 at 01:20 AM.
|
|
 Add to Favourites
 Print this Article
|
