18.05.2014, 22:51
(
Last edited by Jake187; 19/05/2014 at 09:27 PM.
)
Hey everyone,
So I know a lot of people complain on here about DDoS attacks and how to prevent them and stop them and so forth. I want to be the first to tell you guys there's no permanent way to solve a DDoS attack.
The way a DDoS attack works is flooding your servers connection and depending on your capability making the network unstable and not accessible.
Normally when it comes to servers hosting SA-MP servers, they will flood the UDP port and most people on here get the mistake that a script stopping a certain amount of connections per IP will solve that problem, when in-fact they're wrong. Any experienced attacker with a experienced booter can flood your game server without any direct connections towards the game server but instead the open port such as 7777.
The SA-MP server client by default has protection against a connection flood far as I know of 0.3e and script won't do you much good if the person knows exactly what they're doing.
Now when that doesn't work and they can't take down the UDP port due to lets say protection most advanced attackers will start to attack the DNS open ports or the HTTP open ports and FTP open ports pretty much anything that's accessible to the public.
So what are good methods to protect against such attacks ?
First thing you need to realize is this is a game of bandwidth. The person with the most bandwidth capability is the one who is going to stay standing. So first thing you need is to be hosted on a dedicated server with DDoS protection which has a large network capability.
A good cheap example is OVH which provides dedicated servers with a ddos protection detection system. To keep the costs low, OVH will not protect you all the time but instead when you are attacked and the system notices the attack they will filter your IP being attacked through a firewall and migration system. So you might notice for the first minute that the attack will not be filtered right away until the system notices the attack and filters it.
OVH also provides IP addresses with no monthly fee, just a 2.00$ charge, which is very useful on limiting certain port access.
Another good host is blacklotus.net which is way more expensive but guaranteed protection and you're always protected no matter what, so you will not be left in the dark for a minute.
You can find other places which provide ddos protection, but I always suggest to contact the support ask questions like how large is the network capability, how much protection am I guaranteed if I buy a certain server and how does the protection work, do you protect UDP ports that are game servers, and so forth.
You can also invest in firewalls for protection but it's going to cost you a arm and a leg to do so and most attacks towards SA-MP servers never exceed over 10gbits.
Method 2 - Limit Access
So as I explained earlier ports that are accessed by public are what are mostly attacked by the attackers so any way to limit the port access to public is the best way to prevent against brute force attacks and DDoS attacks.
So what are good ways to limit port access? I personally suggest you buy a hidden IP which nobody knows about, and this be your default IP for SSH / FTP / DNS / SMTH / Control Panels etc. And than you block (drop) these ports from being accessed by a public IP such as your game server, even block the HTTP port and use a dedicated IP for websites.
Nobody will be able to find these ports if they are being dropped and assume it's a dead port.
Now another thing to do is switch the port numbers, SSH switch it, FTP switch it, any control panels like webmin or other things switch them to something different so that somebody would have to port scan these ports to actually find them and if they are limited to your IP only, they won't be able to find them.
Another great thing to do if you are the only one accessing certain things is limit the port access to your IP only. Now lets say your IP is Dynamic like mine, thing I do is I got my linux server with webmin is I leave my webmin port open to public on a hidden IP but limited to my hostname only, so that I can access it whenever and switch the firewall access towards the ports to my new IP address.
I have PR-RP under one dedicated with the website on a dedicated IP and only port access is 80 for that IP, I have the game server under a dedicated IP which only allows access to 7777, than I have my hidden IP which is used for my control panels and DNS, pop3, FTP and SSH. I have on my hidden (default IP) my cPanel WHM blocked to my IP only, the SSH blocked to my IP only, this won't really help with attacks but it's good security measures to take, but dropping all the ports besides the ones needed on the public known IP addresses is a good way to stop most attacks.
I suggest you look on ****** about how to figure out which ports are opened and used on your server and start to limit the access to them to prevent and solve most attacks.
I would also prevent any incoming or outgoing icmps towards your IP besides your hidden (default) IP.
Method 3 - Use the advantage of IPTables
Small scale attacks normally can be handled by your server without any effect towards it. I could write a whole few paragraphs on how this works but this site explains it pretty well
http://linoxide.com/firewall/block-c...acks-iptables/
Another program to check out is CSF http://configserver.com/cp/csf.html
But all of these will not stop the attack permanent, this is only methods to help prevent them and in the end of the day as I said it's a game of bandwidth, I hope I helped you guys with this tutorial, good luck!
So I know a lot of people complain on here about DDoS attacks and how to prevent them and stop them and so forth. I want to be the first to tell you guys there's no permanent way to solve a DDoS attack.
The way a DDoS attack works is flooding your servers connection and depending on your capability making the network unstable and not accessible.
Normally when it comes to servers hosting SA-MP servers, they will flood the UDP port and most people on here get the mistake that a script stopping a certain amount of connections per IP will solve that problem, when in-fact they're wrong. Any experienced attacker with a experienced booter can flood your game server without any direct connections towards the game server but instead the open port such as 7777.
The SA-MP server client by default has protection against a connection flood far as I know of 0.3e and script won't do you much good if the person knows exactly what they're doing.
Now when that doesn't work and they can't take down the UDP port due to lets say protection most advanced attackers will start to attack the DNS open ports or the HTTP open ports and FTP open ports pretty much anything that's accessible to the public.
So what are good methods to protect against such attacks ?
First thing you need to realize is this is a game of bandwidth. The person with the most bandwidth capability is the one who is going to stay standing. So first thing you need is to be hosted on a dedicated server with DDoS protection which has a large network capability.
A good cheap example is OVH which provides dedicated servers with a ddos protection detection system. To keep the costs low, OVH will not protect you all the time but instead when you are attacked and the system notices the attack they will filter your IP being attacked through a firewall and migration system. So you might notice for the first minute that the attack will not be filtered right away until the system notices the attack and filters it.
OVH also provides IP addresses with no monthly fee, just a 2.00$ charge, which is very useful on limiting certain port access.
Another good host is blacklotus.net which is way more expensive but guaranteed protection and you're always protected no matter what, so you will not be left in the dark for a minute.
You can find other places which provide ddos protection, but I always suggest to contact the support ask questions like how large is the network capability, how much protection am I guaranteed if I buy a certain server and how does the protection work, do you protect UDP ports that are game servers, and so forth.
You can also invest in firewalls for protection but it's going to cost you a arm and a leg to do so and most attacks towards SA-MP servers never exceed over 10gbits.
Method 2 - Limit Access
So as I explained earlier ports that are accessed by public are what are mostly attacked by the attackers so any way to limit the port access to public is the best way to prevent against brute force attacks and DDoS attacks.
So what are good ways to limit port access? I personally suggest you buy a hidden IP which nobody knows about, and this be your default IP for SSH / FTP / DNS / SMTH / Control Panels etc. And than you block (drop) these ports from being accessed by a public IP such as your game server, even block the HTTP port and use a dedicated IP for websites.
Nobody will be able to find these ports if they are being dropped and assume it's a dead port.
Now another thing to do is switch the port numbers, SSH switch it, FTP switch it, any control panels like webmin or other things switch them to something different so that somebody would have to port scan these ports to actually find them and if they are limited to your IP only, they won't be able to find them.
Another great thing to do if you are the only one accessing certain things is limit the port access to your IP only. Now lets say your IP is Dynamic like mine, thing I do is I got my linux server with webmin is I leave my webmin port open to public on a hidden IP but limited to my hostname only, so that I can access it whenever and switch the firewall access towards the ports to my new IP address.
I have PR-RP under one dedicated with the website on a dedicated IP and only port access is 80 for that IP, I have the game server under a dedicated IP which only allows access to 7777, than I have my hidden IP which is used for my control panels and DNS, pop3, FTP and SSH. I have on my hidden (default IP) my cPanel WHM blocked to my IP only, the SSH blocked to my IP only, this won't really help with attacks but it's good security measures to take, but dropping all the ports besides the ones needed on the public known IP addresses is a good way to stop most attacks.
I suggest you look on ****** about how to figure out which ports are opened and used on your server and start to limit the access to them to prevent and solve most attacks.
I would also prevent any incoming or outgoing icmps towards your IP besides your hidden (default) IP.
Method 3 - Use the advantage of IPTables
Small scale attacks normally can be handled by your server without any effect towards it. I could write a whole few paragraphs on how this works but this site explains it pretty well
http://linoxide.com/firewall/block-c...acks-iptables/
Another program to check out is CSF http://configserver.com/cp/csf.html
But all of these will not stop the attack permanent, this is only methods to help prevent them and in the end of the day as I said it's a game of bandwidth, I hope I helped you guys with this tutorial, good luck!