Protecting your server from DDoS attacks

[france]

Sup.

So I want to tell you guys how you can protect your servers (doesn't have to be specifically Minecraft) from DDoS attacks. I don't play Minecraft so don't ask me to come on your server and start assisting you with random shit.

To start with I will explain what a DDoS attack is, DDoS (distributed denial of service) is literally what it says in the name, denial of service. The most common attacks are usually just traffic attacks (high amounts of traffic) flooding a network causing legitimate traffic to usually get dropped resulting in the service not being available to legit players/customers (if you're running some kind of online shop).

To protect your game server you can go with any host you want, go with a cheap host that provide a good amount of RAM, and a good CPU. I know people will say this is a stupid idea because it probably won't have DDoS protection but just continue reading and you will realize why I would set everything up this way. I'll explain... The reason I would purchased a system without DDoS protection is because I am going to be purchasing a cheap VPS that provides DDoS protection and be setting up a GRE (or ipip) tunnel. Most kernels will support GRE tunnel (ip_gre kernel mod). I know some VPS hosts that provide Voxility filtering for around $3 a month (or at no extra cost). So basically without me providing a tutorial (it'll take too long) I am just proving that you do not need to pay for these "high tier" providers for DDoS protection because at the end of the day, they want all your money. All you need is a good amount of RAM, a good CPU and obviously a good network too for the server hosting the minecraft server and then get a cheap VPS that has a good network and ddos protection (like I mentioned, I know a provider that provide voxility filtering for $3/month) and then you can create a GRE tunnel so your players will connect through the filtered (ddos protected) ip address and not the actual backend.

If you are running something like an online store then I suggest just using CloudFlare (mc-market use them too) and making countries (such as China, as I found there are a lot of vulnerable devices there) have to pass javascript challenge.

​

Well I hope you enjoyed reading this long post, if your require any further assistance or have any questions then just private message me. Don't spam me.

 

[france]

Um you're aware of how easy it is to find someone's backend IP without proxy pipe.
So yeah... your guide is more or less not good for big/medium networks and probably for smaller networks with a small amount of traffic.
I suggest an OVH box on permanent firewall.

I didn't mention "proxy pipe" (assuming you mean ProxyPipe, Inc.) once and sure, if this is so easy then I'd love you to explain how you're going to retrieve the backend ip address, and did you really just say that Voxility is "more or less not good" for "big/medium networks"...

Dude, seriously?

 

[france]

I don't know anything about Voxility but assuming 3/month has ddos protection and her support it may not be the best..

Oh well Supplys if that's his mcm can show you lol
And for a fact just Google domain to IP, and if it gives you the wrong up but in a sub domain like play.pvp.com and you 97% of the time get the real backend.

Well no... All traffic is going through the system that is providing the DDoS protection with the filtered ip address so for someone to get the backend ip address it's very unlikely, and buyvm provide very good protection (they use voxility), and support. Also why even use a sub domain, we have service records for a reason.

 

[france]

And what happens if the system with ddos protection goes down c:?

Go and do your research about Voxility, it's very unlikely your average skid is going to be able to perform very large attacks.

 

[RedSquareWeb]

Truth be told, simply ensuring that ALL of the DNS records pointing to your server go through CloudFlare and not distributing your server's IP(s) to anybody will keep you safe from 95% of DDOS attacks. You can even route Minecraft traffic through CloudFlare (which is nice ), and they just started supporting WebSockets on the free plan (which is also nice...if you're into that kinda thing).

Now, if you're on their free or business plan, I'm not sure what they'd do if you consistently got hit by large DDOS attacks (tens - hundreds of Gb/s). Never had to deal with massive attacks personally.

Decent walkthrough though!

 

[rippr]

Sup.

So I want to tell you guys how you can protect your servers (doesn't have to be specifically Minecraft) from DDoS attacks. I don't play Minecraft so don't ask me to come on your server and start assisting you with random shit.

To start with I will explain what a DDoS attack is, DDoS (distributed denial of service) is literally what it says in the name, denial of service. The most common attacks are usually just traffic attacks (high amounts of traffic) flooding a network causing legitimate traffic to usually get dropped resulting in the service not being available to legit players/customers (if you're running some kind of online shop).

To protect your game server you can go with any host you want, go with a cheap host that provide a good amount of RAM, and a good CPU. I know people will say this is a stupid idea because it probably won't have DDoS protection but just continue reading and you will realize why I would set everything up this way. I'll explain... The reason I would purchased a system without DDoS protection is because I am going to be purchasing a cheap VPS that provides DDoS protection and be setting up a GRE (or ipip) tunnel. Most kernels will support GRE tunnel (ip_gre kernel mod). I know some VPS hosts that provide Voxility filtering for around $3 a month (or at no extra cost). So basically without me providing a tutorial (it'll take too long) I am just proving that you do not need to pay for these "high tier" providers for DDoS protection because at the end of the day, they want all your money. All you need is a good amount of RAM, a good CPU and obviously a good network too for the server hosting the minecraft server and then get a cheap VPS that has a good network and ddos protection (like I mentioned, I know a provider that provide voxility filtering for $3/month) and then you can create a GRE tunnel so your players will connect through the filtered (ddos protected) ip address and not the actual backend.

If you are running something like an online store then I suggest just using CloudFlare (mc-market use them too) and making countries (such as China, as I found there are a lot of vulnerable devices there) have to pass javascript challenge.

​

Well I hope you enjoyed reading this long post, if your require any further assistance or have any questions then just private message me. Don't spam me.

GL. But I don't think this will work well. Just null your IP till the remainder of the attack. If being attacked by botnets, I'd null my IP & let em rip @ it! They'd lose the power eventually, and that's a win-win for me. If one IP, just block IP. Also, reverse proxies help.[DOUBLEPOST=1476325409][/DOUBLEPOST]

Truth be told, simply ensuring that ALL of the DNS records pointing to your server go through CloudFlare and not distributing your server's IP(s) to anybody will keep you safe from 95% of DDOS attacks. You can even route Minecraft traffic through CloudFlare (which is nice ), and they just started supporting WebSockets on the free plan (which is also nice...if you're into that kinda thing).

Now, if you're on their free or business plan, I'm not sure what they'd do if you consistently got hit by large DDOS attacks (tens - hundreds of Gb/s). Never had to deal with massive attacks personally.

Decent walkthrough though!

When ya get that 401, you just gotta deal with it man.

 

[Thane]

Haha, well you just talk technicality. The one thing you forgot to mention was, DO NOT TRUST RANDOM PEOPLE. I can not stress this enough, and I can't even number how many stupid Owner's I've seen trust random people and then get backstabbed in the end so be careful guys.

 

[RedSquareWeb]

Haha, well you just talk technicality. The one thing you forgot to mention was, DO NOT TRUST RANDOM PEOPLE. I can not stress this enough, and I can't even number how many stupid Owner's I've seen trust random people and then get backstabbed in the end so be careful guys.

The technicalities are pretty important too (I mean, exposing your IPs to a potentially troublesome crowd is never recommended haha), but truth be told what you pointed out is definitely up there in importance.

When ya get that 401, you just gotta deal with it man.

401 with CloudFlare?

 

[rippr]

The technicalities are pretty important too (I mean, exposing your IPs to a potentially troublesome crowd is never recommended haha), but truth be told what you pointed out is definitely up there in importance.


401 with CloudFlare?

You didn't state CloudFlare, man. You didn't.

 

[Christian B]

95%?! More like 30% against those script kiddies, half the hcf community got destroy a server and get the backend in seconds and if they can't do it let me tell you there "friends" can do it.

(switched to personal account)
What do you mean....I mentioned CloudFlare in my original comment.

 

[rippr]

(switched to personal account)
What do you mean....I mentioned CloudFlare in my original comment.

I wasn't talking about original comment. I was talking about 2nd comment, silly goose!

 

[Christian B]

I wasn't talking about original comment. I was talking about 2nd comment, silly goose!

Oops, I meant to reply to rippr haha.
I've been hit with a couple 10+ Gb DDOS attacks on CF's free plan, and I didn't notice any performance drop in the targeted site. But most of the time, I only have to deal with <1Gb/s, and I honestly hope they'd be able to deal with that (and they do, haha).

My guess is they'd contact you if you consistently get hit with large-ish (>10Gb/s) attacks on the free plan.

 

[rippr]

Oops, I meant to reply to rippr haha.
I've been hit with a couple 10+ Gb DDOS attacks on CF's free plan, and I didn't notice any performance drop in the targeted site. But most of the time, I only have to deal with <1Gb/s, and I honestly hope they'd be able to deal with that (and they do, haha).

My guess is they'd contact you if you consistently get hit with large-ish (>10Gb/s) attacks on the free plan.

Getting over 50Gbps isn't that hard, imo. Especially when places like ampnode.com exist. LOL

 

[Christian B]

Getting over 50Gbps isn't that hard, imo. Especially when places like ampnode.com exist. LOL

True haha.

CF comes across as pretty forgiving (at least in their blog they do). They seem willing to let it go if you only occasionally get hit by large attacks or otherwise use ridiculous amounts of bandwidth. Like I said, if you plan on getting hit by large attacks a lot, you'd better be willing to pay for some protection (whether it be CloudFlare or some other provider)

 

[france]

Haha, well you just talk technicality. The one thing you forgot to mention was, DO NOT TRUST RANDOM PEOPLE. I can not stress this enough, and I can't even number how many stupid Owner's I've seen trust random people and then get backstabbed in the end so be careful guys.

I agree, if any of you decide to work with others. Please be very careful, nobody here is responsible for you fucking up.[DOUBLEPOST=1476441254][/DOUBLEPOST]

Getting over 50Gbps isn't that hard, imo. Especially when places like ampnode.com exist. LOL

Dude with Voxility you're not going to have issues, 50Gbps isn't anything special compared to DDoS attacks nowadays, especially when we have new shit like Mirai being spread to skids. However Mirai, along with qBot, remaiten and a load of other shit, has been easy to kill.