How to block DDoS?

Hello guys,

My server is currently suffering a lot of DDoS attacks. Does anyone know how can I stop that? How is the cheapier way to do that? Thanks.

Talk to your host. Brazilian Internet being what it is there’s probably very little you can do, but it’s worth asking them.

There are no official Rust servers in Brazil because DDOSing can’t be stopped on the infrastructure in Brazil. I know you’re talking about Gmod and not Rust, but the official Rust servers were under DDOS pretty much 24/7 and the hosting service couldn’t do anything to keep the servers up, and almost every other Rust server hosted in Brazil was also DDOSed (by the owner of the one non-DDOSed server so that everyone was forced to play on his server).

Stopping DDOSing isn’t like stopping hacking. Stopping a hacker is like swatting a fly (if you know what you’re doing), while stopping a DDOS is like stopping a hurricane.

More details would be needed to give you an accurate answer.

As stated above there is not much you can do on the infrastructure side unless your a multi billionaire looking to invest in brazil.

There are a few things you can do on the software side of things but that is limited to your port size and the sorta data centre your server is in. A good example of this kinda software which can block small attacks for windows is BeeThink.

After a lot of tweaking I was able to get it to stop pretty much all of an attack which was seeping past our firewall (ranging from a small 10mb source attack to a 100mb sized attack). Its CPU intensive (th e bigger the attack) and costs a little bit of money, but personally its the only thing I know and can recommend from experience and what can make the slightest difference.

To repeat though, I wouldn’t put all your chips on it protecting you, but at times it can make a heck of a difference.

Still looking for more details from op. It’s great people want to comment but without knowing the exact size, type of attack or frequency of attack there isn’t much we can say about it

Hello guys, thanks everyone for posting.

So, I am currently using Host1plus, and I can’t even get my server online for like 5 minutes without being attacked. I was searching for Cloud servers that has Anti-DDoS system, And I’ve found this one:

Do you guys think its a good option?

I am interested on the “Virtual Machine F1 service”. (https://azure.microsoft.com/en-us/pricing/details/virtual-machines/)

It can be decent, along with amazon and google’s clouds. But pricing varies a lot and they’ll fuck you hard when it comes to bandwidth cost. Also, while you may be much harder to DDOS, there might be other implications such as getting null routed/kicked off easily.

Size of attack? Type of attack? Frequency of attack? These things matter for our recommendations.

If your host can’t provide you with any information then don’t assume it’s an attack.

You either have to switch hosts or just get a dedicated when you have the chance to.

Ahahaha, you’re using Host1Plus? Their servers can’t even host a simple Teamspeak without experiencing performance issues. Seriously. I’d avoid them at all costs. Use ANY other host and you’ll be perfectly fine. The one you posted looks pretty pricey, I’ve sent you one that I’ve used before through PM.

I have emailed then, and they confirm it is a DDoS attack.

They sent the atacking IPs the first time, as I requested it.

They don’t say the type, size or frequency. They just shut down the server until it is over.

Those are the IPs:

Src IP Addr:Port Dst IP Addr:Port
139.195.251.16:53806 181.41.201.159:27015
181.41.201.159:27015 139.195.251.16:53806
181.25.233.31:59980 181.41.201.159:27015
181.41.201.159:27015 181.25.233.31:59980
162.254.193.45:27017 181.41.201.159:26901
197.86.129.214:53462 181.41.201.159:27015
181.41.201.159:27015 197.86.129.214:53462
197.86.129.214:53463 181.41.201.159:27015
186.247.157.181:50077 181.41.201.159:27015
181.41.201.159:27015 186.247.157.181:50077

181.41.201.159 -> This is my Cloud Server IP

[editline]3rd September 2016[/editline]

Here in Brazil we really don’t have any other options. Host1plus is considered one of the best, unfortunately.

Ask them for the size/pps and frequency.

[editline]3rd September 2016[/editline]

181.41.201.159 has only had a gmod server running on it for four days with an average of four players and a peak count of 20… make sure you get the size/pps and frequency. Unless you really managed to piss someone off in four days I doubt it’s an attack.

My server is frequently changing hosts. It was deactivated for some time due to DDoS attacks.

I have been running it since february of 2015.

So… size/pps and frequency?

[editline]3rd September 2016[/editline]

Ask one of your previous hosts if this one can’t give you the info.

As one can buy DDoS services for less than 5 dollars, i wouldn’t say it’s unlikely.

The only solution for him is to change the host, as like he says, his host will shutdown the server if the host detects ddos.

That’s why I’m asking for the details of the attack. If they’re just hitting him long enough for the hosts automatic null route system to kick in then there are other options. Again, it depends entirely on how long the attack goes on, the size and the packets per second.

If the op can’t provide that information then he never should have opened this thread asking us for help.

As far as I’ve been able to understand from threads bitching about the death of Brazil’s locally-hosted official Rust servers over in the Rust subforum, and from the devs’ comments, the Brazilian Internet infrastructure is just categorically 5-10 years behind, and this includes DDOS resilience. The official Rust server the devs tried hosting was just permanently DDOSed 24/7 no matter what they asked the hosting company to do or who they moved it to (and FP Studios is not short of money so it can be assumed that they weren’t lowballing their service package). They gave up running a server located in BR because it was incapable of actually serving.

All of this to say, it wouldn’t surprise me if the host isn’t able to provide that info to start with because they don’t know how to deal with DDOSing beyond the blunt tools of detect and nullroute.

Okay… that’s pretty bad then. Best of luck to the OP.

Software can’t do anything for you, it’s like trying to stop a train by yelling at it.

If you’re really stubborn and don’t want to host in the US for some reason, get a VPS from BuyVM or OVH and set up a GRE tunnel to the machine, this will add latency but you’ll be under their protection.

It really all depends on the DDoS type.

IPTables and *some *filtering software can handle small attacks quite efficiently.