My server is being hit by some pretty powerful DDoS attacks.

And yes, it’s definitely a DDoS attack. Our host (NFOServers) has confirmed that we’re being attacked by a botnet. This has happened four times over one and a half weeks, and each time we’ve been nullrouted by NFOServers since it was a 30Gbp/s attack and would’ve affected other servers in the area. To accompany that, we’ve been getting hit by smaller scale attacks that NFO was able to successfully filter. Here’s the message we’ve been getting for the DDoS attacks that have been causing us to be null routed;

And here’s one of the messages we get when a smaller scale attack is successfully filtered;


Needless to say, it’s quite annoying, since we dropped from the 32nd most popular server on Gametracker to the 211~th in a matter of a week thanks to the downtime. I’m willing to bet this is from a competitor, too…

Is there anything I can do to figure out who might be launching these attacks, or block them more efficiently? For reference, we’re running on a virtual machine/VPS in Managed mode, running Linux.

You have several options here. You can:

  1. Make up with the party who feels they are wronged (unless you get unlucky and this is just someone attacking you for a laugh or is a competitor). You should probably go with this option as it will cost a lot less in the long run…

  2. Wait for the attacks to stop. It can take several days to several months depending on how determined this person is.

  3. Pay for third party DDoS protection. This can be tricky because if the scrubbing center is too far from the game server then latency is going to be high.

  4. Colocate/Rent a dedicated server with someone like CNServers… you’re probably still going to have to pay out the *** for protection capable of blocking 30Gbps+

[editline]28th September 2014[/editline]

Or you could just go with a host like OVH and hope the attack is common and VAC is preconfigured to block it.

I have no idea who it is.

We decided to do this for the time being.

What’s a good one in the Chicago area?

I’ve been looking around, and OVH sticks out.

I’m looking at SoYouStart for once they get back in stock, in particular, this package or this package. They’re a subset of OVH and offer the same protection, minus the API.

So you’re the guy NFO has been sending messages about. NFO keeps messaging me saying another customer has been getting powerfully DDOS’ed and that it may cause lag on other servers.

[editline]28th September 2014[/editline]

To add on, personally, you might have to get a new IP and new community name. That’s my only ideas.

Ah, good ol’ Garry’s Mod

Gmod server owners are the worst

How so? I’m a pretty decent guy.

There isn’t much you can do to stop DDoS attacks besides hopefully mitigate it, which is why it’s so powerful for how much effort it takes to do it.

I was referring to the people who are obsessed with donations and jealously attack any of their “competitors”

Ah, yeah, those types are very bad indeed.

I feel bad for them, they obviously have some sort of r3tardation… (irony)

Anyhow, unless we get significantly more donations somehow so we can handle the payment, we’ll be buying a server from OVH. The long-term plan is to buy it from SoYouStart once they get more back in stock, but if this keeps happening frequently we’ll need to buy from OVH instead of SoYouStart.

How much do you need? ;D

Well, the main issue here is, we have $300 or so in donations sitting around. This would be enough to pay off the setup fee ($127 or so) and the first month for the $109 server, but we like to have enough money to last two months or more in advance just in case disaster strikes. I’d love you if you’re actually willing to pay at least $100 of that, although I seriously doubt anyone is kind enough to throw around that kind of money to someone they don’t even know (and if you are, bless you). This is why we want to wait for the mid-tier hosting to be restocked (one of the two that I linked above),Caine we can afford that and it’s somewhat cheaper/equal to our current hosting plan with NFO, in terms of price.

To be completely honest, we can probably garner up the money by explaining the situation in full to our players and making the message noticeable, but anything that can accelerate this process if we don’t get things sorted out and have to switch is very helpful and generous.

I’m not going to ask you to send us money, of course. Only if you really, really want to.

Hey, I am experiencing the EXACT same thing as you are. However, we’ve managed to sustain stability and uptime despite heavy lag spikes. I’ll show you some of the DDoS logs:

We’re getting erratic player counts because of this :frowning:

Someone clearly doesn’t like us. It’s just leads me to put more faith in the idea that it’s a competing server owner.

Ah the server list. The only place where making your server better means DDoS’ing the fuck out every other server so you’re the only one left!

I’ve had similar experiences having my servers go in and out of the top 50…
As soon as you rank in the top 50, you will start to see frequent ddos attacks.

SoYouStart has DDoS protection, but there is a delay before it activates, in which time your players may time out from the attack.

OVH has the option to keep the protection on permanently.

Post your Paypal bud :slight_smile:
Ps. GMC Hosting is good

I’ve setup such a infrastructure to deal with DDoS and SRCDS based DoS attacks using OVH plus KAD.

The problem with OVH is that they are in Montreal, Quebec. And Steam master servers geo-locate so the OVH IPs only show up to people close to that area. I’ve observed mostly Canadian, some north eastern USA, and EU traffic. With the occasional connection from Africa (idk).

If your still interest in a server that will remain online you can PM me.

I would suggest blocking GameTracker from tracking your server. Part of the community I work for has been doing this for a long time and I believe it has helped in reducing the amount of DDoS attacks we receive. It creates an unnecessary popularity contest which I doubt any actual players look at.