A fix for DDOS on Windows VPS | Network Hitch Warnings before server crash

Hello,

So I have recently opened a RP server based off of ESX. I got good amount of players. But with players, I also got some backlash from servers (normally happens in fivem community). They didn’t like me grow and so, simply they started DDOS attacking me. I had some random ports open like 80, 443, 22, 21 as I was using SSH and FTP (big mistake never keep them open for public).

Steps on how to fix simple ddos attacks :

• Firstly close all “public” ports. You can do this from Windows Firewall.
• Install TCP/UDP Watch application (LiveTcpUdpWatch - View TCP/UDP network activity of every application on Windows) and start debugging any ports that they are attacking and block them ASAP.
• If you are using SSH + VSCode to edit code remotely (Comment down if you want a tutorial on how to edit code using just VSCode on your PC and you can edit code directly to VPS) then use Peer to Peer VPN like Hamachi or Radmin VPN. Radmin VPN is very easy to use in my opinion.
• If you are using Radmin VPN (https://www.radmin-vpn.com/) then you should allow your IP in firewall to be able to use every UDP/TCP port.

Blue highlighted is what your IP will be at :

• You can use FTP/SSH/Dev Server without opening it publicly etc. You can even lock your Remote Desktop Protocol port to this IP (remember to install TeamViewer or something for backup)

• HUGE FIX :

Recently I was looking at my Network Logs and found a huge lead that finally fixed all DDOS attacks. They were attacking port 3702 for like 7-8 seconds and suddenly my VPS was download 1GB/s data from no-where. After some research and debugging I found out that they were exploiting a Docker or a WS-Discovery vulnerability to crash your FXServer and possibly whole VPS. Here is a link to thread which helped me fix the issue (New DDoS Vector Observed in the Wild: WSD attacks hitting 35/Gbps - Akamai Security Intelligence and Threat Research Blog)

• Here is how you can fix it :

In the elevated command prompt, type: netsh advfirewall firewall set rule group=” netsh advfirewall firewall set rule group=”Network Discovery” new enable=No

• This will possibly fix all of your Windows VPS DDOS attacks. It fixed mine and 2 other servers’ so I expect this to work for all of you. If you have any questions, feel free to ask me down below and spread this to all communities to stop people from Buying “Fivem crasher” for 10$ on websites.

Thanks

why have you not made a bug report about this? please do so it can be fixed

No no no. This is something only you would use if you, for some reason, decided to run FXServer in a containerized environment. If this is the case, the user shouldn’t use Docker

Community flags? Is helping community a issue here?

image829×288 108 KB

This is what I am talking about. This process was taking 980 MB/s before server crashing.

where is your server hosted

a 1GBit attack, okay. But FXServer does not run Docker see Search · docker · GitHub (only for building / ci). The address is also WHAT is connected to FXServer.exe. And as you can see FXServer doesn’t respond, it only receives data from there.

So the question is, why is Docker from you’re system sending that much data to FXServer? Someone is using Docker to attack FXServer it seems then.

OVH Game Servers

I don’t know much about it. I’ll edit the post and remove where it points issue to fivem. I just saw port 3702 got 10 requests of 300-400 bytes and next second, host.internal.docker started to receive/sent huge packets. I use docker for Mumble VOIP server hosting so it might be that.

But 3702 port is 100% the issue here. And blocking them in inbound rules fixed it.

can you make a tutorial on youtube im lost

we gonna need dumbed down version of this sir. please and thank you lol

He means, that he saying that the DDoS ports was open for them to DDoS them, and the purpose of this issues he was advising everyone to use a VPN.