Prevent DDoS attacks - Printable Version
+- SA-MP Forums Archive (
https://sampforum.blast.hk)
+-- Forum: SA-MP Server (
https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (
https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread:  Prevent DDoS attacks (
/showthread.php?tid=633112)
 
Prevent DDoS attacks - 
-Shifty- -  25.04.2017
I am currently hosting my SA-MP server at Ovh, unfortunately my server is the victim of DDoS attacks more than two times per day. The Anti-DDoS of Ovh keeps my server online for 15% of the connected players, other players are unbable to connect to the server when there is an attack going. The players are able to connect again when the attack stops.
Is there a way to make use of their Anti-DDoS feature without all the players ''timing''? And is there a method to prevent attacks with firewalld? (if yes, how?)
Thank you in advance!
Re: Prevent DDoS attacks - 
iLearner -  25.04.2017
I used to use ovh back in 2015, and my server was constantly under ddos attacks, switched to BlazingFast.Io. since then was and still am fine so far.
Re: Prevent DDoS attacks - 
Vince -  25.04.2017
You cannot prevent it, you can only hope to mitigate the effects. If you're on Linux and you haven't configured iptables then you should do so immediately. By default all ports are open, which is not what you want. You want to create a few "accept" rules on the input chain and drop anything you don't need. The first rule should allow everything on the lo0 interface (localhost traffic), the second rule should allow established or related traffic (state), the following rules should allow the traffic to the "service" ports. So 7777 for your server and 22 for SSH. The last rule should drop all the traffic that didn't match any of the previous rules. Careful though: if you make a mistake you may lock yourself out and if you don't have VNC then you're screwed until your server restarts (rules, by default, are not persistent).
Re: Prevent DDoS attacks - 
-Shifty- -  25.04.2017
Quote:
| 
					Originally Posted by Vince  You cannot prevent it, you can only hope to mitigate the effects. If you're on Linux and you haven't configured iptables then you should do so immediately. By default all ports are open, which is not what you want. You want to create a few "accept" rules on the input chain and drop anything you don't need. The first rule should allow everything on the lo0 interface (localhost traffic), the second rule should allow established or related traffic (state), the following rules should allow the traffic to the "service" ports. So 7777 for your server and 22 for SSH. The last rule should drop all the traffic that didn't match any of the previous rules. Careful though: if you make a mistake you may lock yourself out and if you don't have VNC then you're screwed until your server restarts (rules, by default, are not persistent). | 
 I think you mean this? (see below). I just configured it this way in my OVH Control Panel. Would this be enough? (I have more than 19 ports that must be opened).
Edit (forgot screenshot): 
http://puu.sh/vw2EW.png
Re: Prevent DDoS attacks - 
xPhantom -  26.04.2017
Are you using their VPS or dedicated server (Game)? As far as I know, their VPS line do not utilize ddos protection for game servers.
https://www.ovh.com/us/dedicated-servers/game/ (This is the lineup that offers game server DDoS protection) 
Also, 
http://soyoustart.com offers it to and they have a server for 49.00 per month not including VAT.
Re: Prevent DDoS attacks - Astralis -  26.04.2017
They would normally suspend you and ask to move out if you're getting ddosed' too often.