22.10.2014, 03:33
(
Последний раз редактировалось TakeiT; 23.10.2014 в 14:12.
)
There are a lot of people posting threads saying that their server has been DDoSed. Usually, people relate to DDoS to having their server crash, or shut down, caused by a hacker. This is not the case.
So what exactly is DDoS?
DDOS is short for Distributed Denial of Service.
DDOS is a type of DOS attack where multiple compromised systems -- which are usually infected with a Trojan -- are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.
According to this report on eSecurityPlanet, in a DDoS attack, the incoming traffic flooding the victim originates from many different sources – potentially hundreds of thousands or more. This effectively makes it impossible to stop the attack simply by blocking a single IP address; plus, it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.
What does this mean?
Basically, a hacker will usually infect multiple computers with a Trojan virus. He will then use a centralized script to make all of the hacked sources connect to one target IP, causing the system to overload. In return, you receive a very slow connection, and sometimes complete denial.
A quick example. Open your command prompt and type ping http://sa-mp.com. It will connect to the network and return a ping, using a very minuscule amount of bandwidth from the server. Doesn't seem like much. However, if you are pinging that server across 50 separate ips, at 1000 times per second, you've now opened 50,000 connections, which overloads the server.
A guy said he's going to DDoS my server unless I make him admin, what do I do?
Chances are, that guy is a 13 year old kid who has no knowledge about how a network works at all, so you don't have to worry. In the even that the server does get taken down, it's most likely a DoS attack, which works like DDoS, except it is produced from one central unit. The only way that this will work is if their network's speed is higher than yours, which is a good reason to not host your server from your house.
My server log shows a lot of "incoming connection" messages from one ip
This person is using a flooding software to connect to your server multiple times. The best thing to do in this case is to report the IP to your host, or, if your host supports it, blacklist the ip. Another good measure is to find out where the IP is coming from, which can be done by going to a whois website, such as who.is. Upon searching, there is usually a "report abuse" link from their ISP.
My server keeps shutting down, but other servers/websites on the network are still fast. Is this DDoS?
In short, No. This means that something (or somebody) is crashing your server. It can be done via hacks in game. Make sure you log all chats, connections etc. in game, and use an anti cheat to detect various hacks. Another thing could be that there is an issue with your server script itself. Again, log everything to see if it always crashes at a certain point. You could also be giving too many connections from your server (IE, you have a $5 VPS and you have 60 players online in the same room)
How can I protect myself from attacks?
Make sure you are using a reputable host, with a decent DDoS protection. There are many types of protection, and make sure you research what is best for you. The most common type is Mitigation, which, when it detects a flood, will migrate the IP somewhere else, meaning the attacks will last 5-10 seconds at most. If it's your website, use a DDoS protector such as cloudflare, which hides your ip, making it a lot harder to find out what your real ip is. There are many online DoS checkers that will launch an attack against your own server to see how secure it is. I will not list any here, but if you search, you can find one.
I hope this answers a lot of your questions, any other questions can be commented below.
Also, refer to this article: http://www.esecurityplanet.com/netwo...s-attacks.html
So what exactly is DDoS?
DDOS is short for Distributed Denial of Service.
DDOS is a type of DOS attack where multiple compromised systems -- which are usually infected with a Trojan -- are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.
According to this report on eSecurityPlanet, in a DDoS attack, the incoming traffic flooding the victim originates from many different sources – potentially hundreds of thousands or more. This effectively makes it impossible to stop the attack simply by blocking a single IP address; plus, it is very difficult to distinguish legitimate user traffic from attack traffic when spread across so many points of origin.
What does this mean?
Basically, a hacker will usually infect multiple computers with a Trojan virus. He will then use a centralized script to make all of the hacked sources connect to one target IP, causing the system to overload. In return, you receive a very slow connection, and sometimes complete denial.
A quick example. Open your command prompt and type ping http://sa-mp.com. It will connect to the network and return a ping, using a very minuscule amount of bandwidth from the server. Doesn't seem like much. However, if you are pinging that server across 50 separate ips, at 1000 times per second, you've now opened 50,000 connections, which overloads the server.
A guy said he's going to DDoS my server unless I make him admin, what do I do?
Chances are, that guy is a 13 year old kid who has no knowledge about how a network works at all, so you don't have to worry. In the even that the server does get taken down, it's most likely a DoS attack, which works like DDoS, except it is produced from one central unit. The only way that this will work is if their network's speed is higher than yours, which is a good reason to not host your server from your house.
My server log shows a lot of "incoming connection" messages from one ip
This person is using a flooding software to connect to your server multiple times. The best thing to do in this case is to report the IP to your host, or, if your host supports it, blacklist the ip. Another good measure is to find out where the IP is coming from, which can be done by going to a whois website, such as who.is. Upon searching, there is usually a "report abuse" link from their ISP.
My server keeps shutting down, but other servers/websites on the network are still fast. Is this DDoS?
In short, No. This means that something (or somebody) is crashing your server. It can be done via hacks in game. Make sure you log all chats, connections etc. in game, and use an anti cheat to detect various hacks. Another thing could be that there is an issue with your server script itself. Again, log everything to see if it always crashes at a certain point. You could also be giving too many connections from your server (IE, you have a $5 VPS and you have 60 players online in the same room)
How can I protect myself from attacks?
Make sure you are using a reputable host, with a decent DDoS protection. There are many types of protection, and make sure you research what is best for you. The most common type is Mitigation, which, when it detects a flood, will migrate the IP somewhere else, meaning the attacks will last 5-10 seconds at most. If it's your website, use a DDoS protector such as cloudflare, which hides your ip, making it a lot harder to find out what your real ip is. There are many online DoS checkers that will launch an attack against your own server to see how secure it is. I will not list any here, but if you search, you can find one.
I hope this answers a lot of your questions, any other questions can be commented below.
Also, refer to this article: http://www.esecurityplanet.com/netwo...s-attacks.html
