Hello,
So I have recently opened a RP server based off of ESX. I got good amount of players. But with players, I also got some backlash from servers (normally happens in fivem community). They didn’t like me grow and so, simply they started DDOS attacking me. I had some random ports open like 80, 443, 22, 21 as I was using SSH and FTP (big mistake never keep them open for public).
Steps on how to fix simple ddos attacks :
- Firstly close all “public” ports. You can do this from Windows Firewall.
- Install TCP/UDP Watch application (LiveTcpUdpWatch - View TCP/UDP network activity of every application on Windows) and start debugging any ports that they are attacking and block them ASAP.
- If you are using SSH + VSCode to edit code remotely (Comment down if you want a tutorial on how to edit code using just VSCode on your PC and you can edit code directly to VPS) then use Peer to Peer VPN like Hamachi or Radmin VPN. Radmin VPN is very easy to use in my opinion.
- If you are using Radmin VPN (https://www.radmin-vpn.com/) then you should allow your IP in firewall to be able to use every UDP/TCP port.
Blue highlighted is what your IP will be at :
-
You can use FTP/SSH/Dev Server without opening it publicly etc. You can even lock your Remote Desktop Protocol port to this IP (remember to install TeamViewer or something for backup)
-
HUGE FIX :
Recently I was looking at my Network Logs and found a huge lead that finally fixed all DDOS attacks. They were attacking port 3702 for like 7-8 seconds and suddenly my VPS was download 1GB/s data from no-where. After some research and debugging I found out that they were exploiting a Docker or a WS-Discovery vulnerability to crash your FXServer and possibly whole VPS. Here is a link to thread which helped me fix the issue (New DDoS Vector Observed in the Wild: WSD attacks hitting 35/Gbps - Akamai Security Intelligence and Threat Research Blog)
- Here is how you can fix it :
In the elevated command prompt, type: netsh advfirewall firewall set rule group=” netsh advfirewall firewall set rule group=”Network Discovery” new enable=No
- This will possibly fix all of your Windows VPS DDOS attacks. It fixed mine and 2 other servers’ so I expect this to work for all of you. If you have any questions, feel free to ask me down below and spread this to all communities to stop people from Buying “Fivem crasher” for 10$ on websites.
Thanks