Losing my marbles - DDoS

warboyo · August 11, 2020, 5:48pm

What are other server owners doing to combat kids and their booters? I refuse to pay these kids a penny/dime however i will try to do what i can to beat it but im getting no where!

OVH are trash when it comes to stuff like this, i have the best game server they offer and yet they tell me that their protection does not really cover FiveM.

Is there anything or anyone out there that can help me?

dividerz · August 11, 2020, 6:39pm

OVH is actually pretty good with pre-network defense.
Are you running on a Linux or Windows machine?

warboyo · August 12, 2020, 9:01am

Hi Dividerz

I am running a windows machine as i do not know how to manage anything else you see.

If the IP is attacked then they mitigate it, however the ip is not being hit but the FiveM port (i believe). If i shut the FiveM server down then the attack stops, start it up and its hit instantly.

dividerz · August 12, 2020, 11:39am

Yeah, then they’re probably flooding the port.

I have more experience on Linux security, but will try to help you with your Windows machine.

Things you could do out of my experience:

Install and configure a GeoBlock
Only allow connections from countries you specifiy, block other incoming connections
Only downside is that a GeoBlock is a ‘after-entry’ security measurement, which means the attack will still enter the network, but they can’t reach your specific instance.
Identify the attack and block the IP adress which is attacking in your firewall.
You should be able to run netstat -na in your cmd to see a list which shows all incoming TCP and UDP traffic. You can simply pick an IP and block the connection with the firewall.
The only downside, is that Windows Firewall is only capable of blocking small attacks, larger attacks won’t be ‘mitigated’ when you block the IP. If they are running a direct port hit, I don’t think they’d be using any kind of ‘professional tool’.

If I’m not wrong, OVH also provides a pre-network firewall, which you can enable and configure in your customer panel. I would suggest blocking all other ports and only open up the ones you need (e.x. 30120, 3066, 80,…)

Another thing you could do, is going hard-whitelisted with IP’s. Block all incoming connections and only allow incoming connections from IP adresses that get signed through for e.x. a website ‘whitelist.x.com’.

warboyo · August 12, 2020, 1:52pm

When i last got hit, i ran wireshark and got 3gigs worth of data, exported it into a .csv to extract the IP’s and then used a .bat to run a script that blocks them all individually.

OVH - I have both game firewall and firewall configured.

I really wanna go down the linux/ubuntu route for the sake of iptables as people say they help A LOT! but i have no idea on it.

dividerz · August 12, 2020, 2:28pm

Yeah, I personally only work with Linux (Debian / CentOS) both private and professionally. Since I got to know how Linux worked around 5 years ago, I don’t even think twice about renting a Windows machine when I can realise it on a Linux machine.

IPTables is much more extendeable, you’ll find a lot of ‘basic’ tutorials on how to configure your IPTables and even the main kernel itself to counter these kind of attacks.

I’m running my server through i3d, which already gives us a lot of advantages because it is a Ubisoft company and we’re colocated in the same datacenter where most of the Ubisoft ones are located, but IPTables just gives it that extra punch of security. OVH doesn’t have that good of an ‘anti-ddos’ firewall.

Benyamin.Sha · August 27, 2020, 10:45pm

Hi mate

Please tell us how can i block all ip connections and whitelist the ip address i want ? Where from what website please