And yes, it’s definitely a DDoS attack. Our host (NFOServers) has confirmed that we’re being attacked by a botnet. This has happened four times over one and a half weeks, and each time we’ve been nullrouted by NFOServers since it was a 30Gbp/s attack and would’ve affected other servers in the area. To accompany that, we’ve been getting hit by smaller scale attacks that NFO was able to successfully filter. Here’s the message we’ve been getting for the DDoS attacks that have been causing us to be null routed;
And here’s one of the messages we get when a smaller scale attack is successfully filtered;
Needless to say, it’s quite annoying, since we dropped from the 32nd most popular server on Gametracker to the 211~th in a matter of a week thanks to the downtime. I’m willing to bet this is from a competitor, too…
Is there anything I can do to figure out who might be launching these attacks, or block them more efficiently? For reference, we’re running on a virtual machine/VPS in Managed mode, running Linux.
Make up with the party who feels they are wronged (unless you get unlucky and this is just someone attacking you for a laugh or is a competitor). You should probably go with this option as it will cost a lot less in the long run…
Wait for the attacks to stop. It can take several days to several months depending on how determined this person is.
Pay for third party DDoS protection. This can be tricky because if the scrubbing center is too far from the game server then latency is going to be high.
Colocate/Rent a dedicated server with someone like CNServers… you’re probably still going to have to pay out the *** for protection capable of blocking 30Gbps+
[editline]28th September 2014[/editline]
Or you could just go with a host like OVH and hope the attack is common and VAC is preconfigured to block it.
Anyhow, unless we get significantly more donations somehow so we can handle the payment, we’ll be buying a server from OVH. The long-term plan is to buy it from SoYouStart once they get more back in stock, but if this keeps happening frequently we’ll need to buy from OVH instead of SoYouStart.
Well, the main issue here is, we have $300 or so in donations sitting around. This would be enough to pay off the setup fee ($127 or so) and the first month for the $109 server, but we like to have enough money to last two months or more in advance just in case disaster strikes. I’d love you if you’re actually willing to pay at least $100 of that, although I seriously doubt anyone is kind enough to throw around that kind of money to someone they don’t even know (and if you are, bless you). This is why we want to wait for the mid-tier hosting to be restocked (one of the two that I linked above),Caine we can afford that and it’s somewhat cheaper/equal to our current hosting plan with NFO, in terms of price.
To be completely honest, we can probably garner up the money by explaining the situation in full to our players and making the message noticeable, but anything that can accelerate this process if we don’t get things sorted out and have to switch is very helpful and generous.
I’m not going to ask you to send us money, of course. Only if you really, really want to.
I’ve setup such a infrastructure to deal with DDoS and SRCDS based DoS attacks using OVH plus KAD.
The problem with OVH is that they are in Montreal, Quebec. And Steam master servers geo-locate so the OVH IPs only show up to people close to that area. I’ve observed mostly Canadian, some north eastern USA, and EU traffic. With the occasional connection from Africa (idk).
If your still interest in a server that will remain online you can PM me.
I would suggest blocking GameTracker from tracking your server. Part of the community I work for has been doing this for a long time and I believe it has helped in reducing the amount of DDoS attacks we receive. It creates an unnecessary popularity contest which I doubt any actual players look at.