Ideas to prevent DDoS?

warboyo · July 12, 2020, 11:46pm

Seems someone is trying to ransom me to stop a DDoS.

He is hitting the ports used by FiveM as when i shut the server the flood stops.

Waiting for host to get back to me but man that is forever. Anyone any info.

GEEK_FROG_TECH · July 13, 2020, 1:29pm

I’m not not an expert, is your server home hosted? You said host so I assume zap hosting or someone? Not telling you what to do but if you wanted to be in control of your server, You could setup a firewall with the server in its own subnet, separated from anything else in the network, then rent a cheap vps to use for traffic only basically IPSec or vpn with a dedicated IP address use someone like cloudflare so you would get bullet proof DDOS protection and your wan Il address still be hidden. Long answer but I know it works

warboyo · July 13, 2020, 1:41pm

The server is with OVH.

Majan · July 13, 2020, 2:14pm

you won’t be able to prevent a DDoS attack unless you buy a ddos protection (something like ratelimit or you do a reverse proxy)

warboyo · July 13, 2020, 3:03pm

Care to offer a bit more info for either of those?

Bluxrs · July 14, 2020, 1:38pm

Speak to OVH about that, they normally mitigate pretty fast but not sure on downtime wise.

warboyo · July 14, 2020, 1:49pm

In contact with them but they are so slow to respond its unreal.

Bluxrs · July 14, 2020, 1:50pm

Yeah, I had that issue but theres a way to open a ticket if you don’t pay for their support and they reply at a decent rate. If you mention buying something else they will always want to help faster.

hypr9xa · July 14, 2020, 11:33pm

I actually called OVH for the same issue and they told me to use Wireshark to log the packets and send them it.

Majan · July 15, 2020, 3:18pm

ovh won’t be able to do anything about ddos because the kids are ddosing are probably using the L7 expolit

ChieF-TroN · July 15, 2020, 4:10pm

Best way to prevent DDoS attacks are by having sufficient amount of bandwidth to survive the attack and have an active traffic monitor, sniffing and filtering packets and denying traffic that is not intended.

warboyo · July 15, 2020, 4:21pm

Yeah someone mentioned to me about gathering the ips during the attack and then blocking them which i will do if i face this issue again.

hypr9xa · July 15, 2020, 5:35pm

Thing is you’ll probably also screw up some of your players.

Happened to me that I got attacked and I tried filtering IPs to only allow the ones that verify themselves through my website, they just had to log on site and click verify.

I noticed two things, one is my player count went below normal and people argued a lot about that aswell as not getting listed on the master list.

JuanmaCh · July 15, 2020, 8:47pm

I hired someone and he installed fail2ban. No more DDoS

_Tangogow · July 16, 2020, 11:40am

Actually, a well configured IPTables can be enough in somes cases, but it’s mostly complicated for neophyte users.

I recommend UFW with Fail2Ban binded. Most simple and effective solution.

UFW is installed by default Ubuntu. It’s a more “friendly” tool than IPTables.

OVH does provide by default a DDOS Protection for every product but does not replace a well configured firewall. It’s complementary, keep that in mind.

Here how to do it the easiest way, just copy and paste the 2 following blocks:

sudo apt update && apt upgrade
sudo apt install ufw
sudo ufw enable
sudo ufw allow 80
sudo ufw allow 443
sudo ufw allow 22/tcp
sudo ufw allow 30120
sudo ufw reload
sudo ufw status

Fail2ban:

sudo apt install fail2ban
sudo systemctl enable fail2ban

echo "[DEFAULT]
banaction = ufw

[sshd]
enabled = true

maxretry = 3
findtime = 10m
bantime = 10m
" > /etc/fail2ban/jail.local

sudo systemctl restart fail2ban

To check that they’re running and active:

sudo systemctl status ufw fail2ban

To check the number of jailed IP:

sudo fail2ban-client status

warboyo · July 16, 2020, 1:14pm

Nice info. I installed windows on the box thou, i guess that’s an issue for something like this?

_Tangogow · July 17, 2020, 2:00pm

It only work for Linux. I thought you had it.

Sefuo · June 12, 2021, 3:39am

I only know how to do it on Windows. I would suggest doing the followings:

If you want to do it yourself, create your own reverse proxy server.
Setup your Windows Firewall to only allow reverse proxy IP address on your FiveM port
You should put txAdmin and your web port behind your reverse proxy as well

Like _Tangogow said, a well configured IPTables can be enough in some case.

We use a cloud solution for DDoS protection, previously we tried OVH, and some DDoS protection services in my country. However it didn’t work (like vnis, x4b they don’t work at all). Then I found out the service that does work, Lectron, and they have locations in my country so my players don’t get annoyed by high latency. So it’s all good. If you get attacked in the scale of gbps then yeah you should try.

Radhwane · August 10, 2021, 8:02am

how to do it on windows ?
im not expert in windows sadly in the past i was using linux on to run fivem i was using iptables and fail2ban
but now i moved to OVH gaming server with windows actually i stopped the firewall could you send me how to port forward and protect the port 30120 during UDP flood on that port
as now im using ovh firewall by default i have 20 rules only i added ip ranges for TCP and UDP like that
102.0.0.0/8 UDP ALOW
102.0.0.0/8 TCP ALLOW

the last rules is blocking all UDP

vietyork · August 18, 2021, 2:32am

You can probably follow the guide above to try remote proxy like Lectron to hide your server IP and protect from attacks.