(post must be 20 chars)
I think server IPs should be removed entirely, players can just join servers telepathically.
8 Likes
It would make more sense to set up a mask which could be application sided to create an identifier for the ip address since the ip is a vital part of being able to connect. Creating a mask would have to come from the FiveM team as it would likely have to be built either in their app or through their portal. I have been thinking about this for some time and thought at first that a name mask would be better but have concluded that a numerical encryption would be better. With a name mask it would likely have to work the same way that teamspeak servers work. Users would have to manually create a nickname for the specific ip address in question. Those without static ips would have to change the ip address as often as the ip changes. This may also cause issues with mispellings and things like that. It wouldn’t be a bad integration but not as convenient. The encrytpion might be harder for the devs to do but maybe setting up something like a ticket generator for the ip and routing the ip through the ticket and to some kind of identifier for the ticket. Even if the wannabe hackers that use a botnet get the ticket decrypting the identifier they would not be able to get an ip. Of course if they joined your server and knew how to use command prompt or powershell correctly they could still get your ip. At that point it would be a good idea to get a VPN with low latency for your server.
1 Like
Of course if they joined your server and knew how to use command prompt or powershell correctly they could still get your ip.
Which renders your whole solution useless, the real solution is don’t host public games from your home network, kids.
Not only home networks can be DDosed… I don’t understand how you came to the conclusion that this was specific to home networks. The same still applies to a server hosted by a server host. This may be the wrong place to say this but I’m kinda sick and tired of the people on these forums. They always seem to turn things into something else or just bring some kinda ignorance to the topics. I just about stopped using the forums because there is almost no use in it. People aren’t usually very helpful and constantly just put their 2 cents in even when there is no need to or it doesn’t make sense to…
I will address this a bit further. I have worked in networking my entire working career. I’ve pulled cable, built racks, installed server equipment, set up servers, routed/created vpns in a datacenter and even worked for service providers. There is no real difference in a DDos on a home network or a DDos on a private server. The DDos will still do the same thing. I believe the goal here is to stop the DDos from happening at all regardless of where it’s hosted. I mean who wants their server to be flooded with packets and timeout? I don’t think any server owner wants this.
With that being said I do understand I went off topic but some people are super narrow-minded. I do believe that people do need to start telling others when their input is completely useless though because it seems these forums are flooded with useless people giving useless information.
Thank you.
2 Likes
Lol did you just suggest getting a VPN for your server as a solution? That is insanity.
You can masquerate it via DNS through a service like cloudflare, and run the connections through a domain.
I don’t know how far this would masquerate things, otherwise run it through a local VPN for minimal latency.
Any respectable host or VPS should provide decent ddos protection for pennies.
This isn’t 2008 anymore, kids shouldn’t be able to bring down servers from their mum’s basement.
How so? A decent vpn is set up correctly would not create much latency especially in a situation where client files are directly stored on the clients pc such as how fivem is set up. The gameplay would not be affected too greatly since most fuctions are native to the app and networking is done mostly to communicate permissions and player sync. Believe it or not most online games use vpns on their servers.
1 Like
Thats true. It didn’t even occur to me to use DNS.
That isn’t exactly how it works anymore. Think about NoPixel. They are hosted via a VPS but still get DDos. A strong botnet can still cause a huge issue. With todays bandwidth availability it would be harder to take down many servers running with high bandwidth but still very possible nontheless. A virtual private server is almost the same as cloud computing which is still vunerable to attacks via a botnet. I shouldn’t have to break down exactly what a botnet or DDos is nor should i explain ip addresses and servers to make you understand how wrong yoi are to think that a VPS would actually protect you from DDos. If you use a VPS that has DDos protection then it is likely they have some kinda VPN or DNS solution to help minimize the outcome of an attack along with a high banwidth cap.
A VPN would only cause unnecessary latency. Your servers connection is only as strong as its weakest point. It’s best to just have your services hosted in a reliable datacenter that can handle ddos attacks. As for the original issue using dns would mask your ip and using something like cloud flare as mentioned previously would be the best measure for all attacks. Lower the latency the better the experience.
You’re absolutely correct… That’s how the internet works… If you have a service port open that accepts data, it can be flooded. The only way to stop it is to have enough bandwidth at your disposal to survive the attack and then have an automated system to determine what is actual good data vs spoofed data. Or even throttle incoming data per endpoint and if something is abusing that, block it.
Long story short, if you don’t want to be taken down, get more bandwidth and countermeasures in place.
But if you want really good protection it’s going to cost you.
If it’s a DDoS problem then some prevention can be taken.
I think I saw another thread were, due to somebody likely just spamming the connect button, they had their servers continuously execute serverscripts to the point where it’d be felt by other players ingame.
Simple stuff like this can just be denied with iptables - i.e. by capping max live connections to a lower number than unrestricted.