[solved] please remove
Install wireshark and do a capture during the problematic times. Then you will be able to see the traffic in detail and should find out the cause if that is actually what the problem is.
We have also disabled webadmin, same issues continued.
So we have not had much help here, Im guessing no one else is having this issue, but wireshark results really have not helped pinpoint the issue either.
Except the traffic is aimed towards our game server port directly…
Anyone have any ideas??
confirmed Slowloris attack. great 
If you can set a TTL + limit of connections per host Slowloris is gone.
Check more information here: https://coderwall.com/p/hmgy3q/mod_antiloris-anti-slowloris-apache-module
1 Like
How did you come to this conclusion?
Based on some wire shark activity caught, shows them ping with a couple packets, then follows up with a payload. Duplicate attacks over and over.
Maybe its not a SlowLoris attack but similar i think.
Anyone have this idiot YoBoyRex, if they are playing on a server you own, id watch out. Hes openly admitting hes been attacking us, caught this on his twitch stream several times. Then back peddles saying he knows who is.
We continue to get attacked through the game port.
Well, I’m glad you were able to identify the root cause of the issue. What you can do to these types of people, is look up their ip address (assuming you keep records in a database of your users) and contact their local police department, and provide them with all the evidence you have collected. As it is considered cyber terrorism. You probably won’t get much results from it, but who knows you might… Worst case scenario, fight fire with fire. They can’t attack you if they’re not available to do so. But I don’t advise doing the latter.