I have seen the old Post from 2018 on the topic, however I just wanted to get this discussed a bit deeper. The main problem I am obviously trying to get solved is that some guys start DDOSing the server due to whatever reason.
Cloudflare actually only protects Web Traffic or Web related, so running on UDP Port 30120 is not part of the Cloudflare Program. Yes, I checked “Spectrum” and that sems to only handle TCP related traffic.
So to mitigate at least some of the attack traffic (mostly Kids triggering some cheep bots) I thought it would be better to drive all traffic via Cloudflare with the exception of UDP 30120.
latenight.cloud will resolve to an ip address at cloudflare so any port you’re trying to reach will be at cloudflare, however everyone can still do nslookup -q=SRV _cfx._udp.fivem.latenight.cloud and get to your real server.
Well I guess it ended up being a combo. Cloudflare to obscure for the real dumb kids and a new hoster for the heavy guys.
But I guess the real heavy guys will not be held up by that.
And it was quite an adventure to find a hoster that was affordable with some DDOS protection worth calling that. There are too many out there saying they do and they can without being able to.
I tried the OVH as well and the guys that were gunning down my server got enough traffic going to make the DDOS protection look really old.
I noticed that Cloudflare and other BigGuys where using appliances from Arbor. So yes, in the end you will be paying a bit more that if you are getting the 15 bucks chepo server, if you find a Hoster offering Arbor appliances as well.
You can start with a regular traffic server, but if the guys DDOSing you exceed 750 GBit of attack traffic then you can get a Server there with unlimited protection.
Yes of course unlimited is not from here to the moon and back, but it is the package where they will throw all the incomming traffic at al their appliances and networks.
So you need to piss of some real good guy and not just some wannabe with a DDOS pannel bought for 50 Dollars in the Darknet.
Oh and one last comment wo “Windows” mentioned above. I have given up on windows a long long time ago. You need to get machine with close to double the CPU just to keep Windows happy. Why would anyone do that.
I use iptables to still catch broken packets as well as do some connection tracking.
So, hiding with CloudFlare, FiveM on Linux with some basic iptables stuff and a good hoster is the way it works for me right now without any complaints!
I still got ddos and no one could be able to join the server…