Hello guys,
My servers that are currently hosted on NFO have been null-routed for the past 9 hours, and while it is not NFO's fault, i'd very much like to move to a network with stronger DDoS protection, do any of you have suggestions? (i'll be renting the entire box for up to $300 a month)
I wish to stay in the central US area.
Thank you!
You can get a solid server from OVH for that price. They have pretty good DDOS protection.
[QUOTE=YourStalker;49460193]You can get a solid server from OVH for that price. They have pretty good DDOS protection.[/QUOTE]
Would you say they're better than NFO? because whenever that was brought up in the past, people heavily shamed OVH.
[QUOTE=Elpisaur;49460363]Would you say they're better than NFO? because whenever that was brought up in the past, people heavily shamed OVH.[/QUOTE]
OVH is much better than NFO in my opinion.
[QUOTE=YourStalker;49460573]OVH is much better than NFO in my opinion.[/QUOTE]
I checked the list of the top 10 Gmod servers through GameTracker, and they all appear to be hosted through NFO, i'll be the first person in Gmod history to host with OVH on the top 10 I suppose.
Thank you.
[QUOTE=Elpisaur;49460884]I checked the list of the top 10 Gmod servers through GameTracker, and they all appear to be hosted through NFO, i'll be the first person in Gmod history to host with OVH on the top 10 I suppose.
Thank you.[/QUOTE]
Many big european communities are hosted on OVH. I do belive that it would be pretty stupid to use OVH if you want a host for an american audience.
Some examples:
[url]http://www.gametracker.com/server_info/87.98.137.156:27032/[/url]
[url]http://www.gametracker.com/server_info/46.105.76.124:27050/[/url]
[url]http://www.gametracker.com/server_info/46.105.76.124:27050/[/url]
[url]http://www.gametracker.com/server_info/151.80.109.222:27075/[/url]
[url]http://www.gametracker.com/server_info/151.80.47.61:27088/[/url]
[url]http://www.gametracker.com/server_info/151.80.47.13:27015/[/url]
[url]http://www.gametracker.com/server_info/178.32.53.54:27015/[/url]
[url]http://www.gametracker.com/server_info/178.32.53.54:27016/[/url]
-snip-
OVH hands down has best ddos protection.
OVH doesnt have a us based server it is all eu and 1 canada server (canada server seems to have an issue showing up on us based server lists?)
[QUOTE=kulcris;49472577]OVH doesnt have a us based server it is all eu and 1 canada server (canada server seems to have an issue showing up on us based server lists?)[/QUOTE]
I don't think there's any issues with it.
If there are I believe sv_region 255 should fix it.
[QUOTE=kpjVideo;49473715]I believe sv_region 255 should fix it.[/QUOTE]
I've heard there was an update that changes it to sv_region 0 so that 255 no longer means anything and 0 is universal. Although not setting sv_region anywhere and allowing it to default to universal like it should is the safest bet.
server lists are "geo located" by ip address now, region as far as i can tell does nothing anymore. for example i cant even see all these "fake" servers everyone has been complaining about ("aero games"?)
Sorry about the late response.
I can look into arranging something for you. We run off of OVH for our US East location with our own custom DDoS filters added on. They are made specifically for the Source Engine and can stop 99% of all attacks (even VSE).
OVH's default filters will not get you anywhere. They are very general when it comes to filtering.
Thanks for your time.
EDIT:
[QUOTE=kulcris;49472577]OVH doesnt have a us based server it is all eu and 1 canada server (canada server seems to have an issue showing up on us based server lists?)[/QUOTE]
We have our own custom Geo-located IP addresses just for that reason. As long as you don't get a poorly geo-located IP address from OVH, it should be just fine.
[QUOTE=ertug20;49478379]Sorry about the late response.
--Words--
We have our own custom Geo-located IP addresses just for that reason. As long as you don't get a poorly geo-located IP address from OVH, it should be just fine.[/QUOTE]
i guess we are to assume you are from ovh?
OVH are located in Canada too [url]https://www.ovh.ie/aboutus/datacentres.xml[/url]
I'm personally quite happy with my French server but I can't compare with NFO. I've received some attacks where only 1 actually caused "damage" but only because I received +500mbit (there's only 500mbit/s guaranteed) even after the filter.
Can't say much bad about them, maybe that some guides only exists in French and their api seems undocumented but I don't need that anyways. I heard that it's hard to get support if they don't believe it's their problem, but otherwise extremely powerful service.
[QUOTE=kulcris;49484310]i guess we are to assume you are from ovh?[/QUOTE]
Ah no, I am the CEO of GMCHosting. I try to be somewhat active here. There's no use trying to get to the top without meeting new people :). We just use OVH for one of our locations (US East) as they meet our strict guidelines for DDoS protection.
[QUOTE=Tekop;49485197]OVH are located in Canada too [url]https://www.ovh.ie/aboutus/datacentres.xml[/url]
I'm personally quite happy with my French server but I can't compare with NFO. I've received some attacks where only 1 actually caused "damage" but only because I received +500mbit (there's only 500mbit/s guaranteed) even after the filter.
Can't say much bad about them, maybe that some guides only exists in French and their api seems undocumented but I don't need that anyways. I heard that it's hard to get support if they don't believe it's their problem, but otherwise extremely powerful service.[/QUOTE]
That is assuming your attacks get past OVH's filters which is fairly easy. It's designed to protect a general infrastructure, not your particular service. That's precisely why we have our own customized filters. If you want to take advantage of the DDoS protection, you need to know what you're doing. OVH has always had "bad" support. That's just a part of the package.
NFO to my understanding has no DDoS protection at all (if you ask them). While they do try to stop basic attacks with their firewalls and general uplink (Chicago has a 50 Gbps capacity), we have had many clients come to us after either being nulled or taken down by very sophisticated source engine targeted attacks (A2S_Info, A2S_GetChallenge, etc). No other host out there handles these small but very deadly attacks as effectively as us. I can explain these in more in private if you wish.
Don't get me wrong, NFO is great in two ways. They have many locations available for their customers and offer very low latency with their Internap routing. Their cheap VPS/VDSes are also great for many things but not for source server hosting. They are actually terrible for that.
[QUOTE=ertug20;49485935]Ah no, I am the CEO of GMCHosting. I try to be somewhat active here. There's no use trying to get to the top without meeting new people :). We just use OVH for one of our locations (US East) as they meet our strict guidelines for DDoS protection.
That is assuming your attacks get past OVH's filters which is fairly easy. It's designed to protect a general infrastructure, not your particular service. That's precisely why we have our own customized filters. If you want to take advantage of the DDoS protection, you need to know what you're doing. OVH has always had "bad" support. That's just a part of the package.
NFO to my understanding has no DDoS protection at all (if you ask them). While they do try to stop basic attacks with their firewalls and general uplink (Chicago has a 50 Gbps capacity), we have had many clients come to us after either being nulled or taken down by very sophisticated source engine targeted attacks (A2S_Info, A2S_GetChallenge, etc). No other host out there handles these small but very deadly attacks as effectively as us. I can explain these in more in private if you wish.
Don't get me wrong, NFO is great in two ways. They have many locations available for their customers and offer very low latency with their Internap routing. Their cheap VPS/VDSes are also great for many things but not for source server hosting. They are actually terrible for that.[/QUOTE]
From my understanding you just have configured OVH protection, Your site advertises Arbor PeakFlow TMS which is included is OVH's enterprise server line and GAME server line. Therefore Elpisaur could get that on his own, correct?
We went a farther than the usual Arbor filtering. OVH offers DDoS mitigation with their Arbor Peakflow Unit on top of their existing firewalls however, It is extremely generalized. We have taken the time to add our own custom filters to replace OVH's existing filters. All of the other hosting companies that use OVH (Vilayer as an example) don't touch OVH's regular filters at all.
We also have our own custom applications that act as a front end server to stop unblock-able attacks (A2S_Info / A2S_GetChallenge). Those are not block-able by any DDoS appliance since it is a core part of the engine. If you block those then people cannot find your server on the server list. Our protection is fully custom to our company. We call this our VSE Guard. This attack can actually exploit any game that uses the steam query system (even DayZ, ARK, etc).
I suppose that Elpisaur could attempt to configure their existing system to get something close to what we have but he would have to sit there for a long time and analyze the source engine traffic. He would also have to look into a solution for the unblock-able attacks. OVH does offer a "game" DDoS protection system however I personally haven't ever had the need to switch our custom filtering to that. I would assume that there are still always leaks. This is OVH we're talking about.
It does not seem very ideal for somebody who just wants a DDoS protected dedicated server to have to configure all of this on their own. They have a server to run after all :)
[QUOTE=ertug20;49486348]We went a farther than the usual Arbor filtering. OVH offers DDoS mitigation with their Arbor Peakflow Unit on top of their existing firewalls however, It is extremely generalized. We have taken the time to add our own custom filters to replace OVH's existing filters. All of the other hosting companies that use OVH (Vilayer as an example) don't touch OVH's regular filters at all.
We also have our own custom applications that act as a front end server to stop unblock-able attacks (A2S_Info / A2S_GetChallenge). Those are not block-able by any DDoS appliance since it is a core part of the engine. If you block those then people cannot find your server on the server list. Our protection is fully custom to our company. We call this our VSE Guard. This attack can actually exploit any game that uses the steam query system (even DayZ, ARK, etc).
I suppose that Elpisaur could attempt to configure their existing system to get something close to what we have but he would have to sit there for a long time and analyze the source engine traffic. He would also have to look into a solution for the unblock-able attacks. OVH does offer a "game" DDoS protection system however I personally haven't ever had the need to switch our custom filtering to that. I would assume that there are still always leaks. This is OVH we're talking about.
It does not seem very ideal for somebody who just wants a DDoS protected dedicated server to have to configure all of this on their own. They have a server to run after all :)[/QUOTE]
Well, Hats off to you then my friend. You developed your own application to filter A2S_Info / A2S_GetChallenge? What did you use like C++ and filter traffic through the application to scrds? Either way that's pretty cool.
Thanks! We try to be right up there with NFO.
I really don't feel comfortable saying what it's made it in however it acts as a front end server. The traffic for the exploits gets routed to our application which acts like a custom SRCDS server.
From there it's easy to stack on more applications and handle more and more requests. Since the VSE attack method (exploits A2S_Info) generally is very low (in throughput / pps), it's not that difficult to process many attacks with one single high end CPU core. We do charge extra for this service though as it has it's own dedicated node just for VSE filtering. We sell by dedicated resources (like a dedicated server) and not player slots with our server hosting which restricts us to not put the VSE Guard on the same node as servers.
Well here's an example of NFO.
[img]http://i.imgur.com/NtB64FK.png[/img]
Looks like usual NFO. I don't blame them, they just can't filter anything "crazy" (10 Gbps) unless they do it upstream. That usually doesn't happen so it looks like you are just out of luck.
[QUOTE=ertug20;49486570]Thanks! We try to be right up there with NFO.
I really don't feel comfortable saying what it's made it in however it acts as a front end server. The traffic for the exploits gets routed to our application which acts like a custom SRCDS server.
From there it's easy to stack on more applications and handle more and more requests. Since the VSE attack method (exploits A2S_Info) generally is very low (in throughput / pps), it's not that difficult to process many attacks with one single high end CPU core. We do charge extra for this service though as it has it's own dedicated node just for VSE filtering. We sell by dedicated resources (like a dedicated server) and not player slots with our server hosting which restricts us to not put the VSE Guard on the same node as servers.[/QUOTE]
basically query cache:
[url]https://github.com/blastehh/SourceQueryCacheMono[/url]
That looks somewhat similar to what we have in place except it cannot handle as many requests per second (hard to stack) and also lacks a lot of features.
It does seem very useful however. I'm sure somebody could make great use of that program.
We made our own system completely from scratch for our own particular setup. Our system is designed to take a stupid amount of requests and not skip a beat.
I do give you props on making your own system too though :)
[QUOTE=ertug20;49494069]That looks somewhat similar to what we have in place except it cannot handle as many requests per second (hard to stack) and also lacks a lot of features.
We made our own system completely from scratch for our own particular setup. I'm sure somebody could make decent use of that program though.
I do give you props on making your own system too though :)[/QUOTE]
Nah, the original idea was from someone else who made it in C++, I just ported it to C# and made it handle other queries cause it was broken and I don't know C++ :/
Oh right, I see. At least it still works as expected. Good job on that.
Sorry, you need to Log In to post a reply to this thread.
