DDOS Attacks on the Private server community

[AncestraL]

Your ways to stop a ddos prove otherwise.


How will this help? The Attacker can either attack both IPs, or either one he chooses.


You sound quite stupid saying this. The method CF uses to mask an IP, and even resolve ongoing ddos attacks is outrageous and very easily resolved. CF is not the way to go cdn wise if you are under attack.


This will not help one bit. Changing the name won't do shit. It still uses the same port.


This may do little help, but do you have enough IPs? Do you want to keep changing the connection?


This would mean giving out new clients every time you do this. If you have more than 1 server, you should load balance to help mitigate the packets received.


How does skype have anything to do with Maplestory servers. Oh and on a side note, you can input proxy settings in Skype so your IP can not be resolved.


I think you are dumb, you should be targeted, and you should get your home connection booted so your mommy and daddy buy a new service. Stupid kids.



A dumbass could find someones IP. Regarding maple, your website can be pinged, and your server's client releases your IP when you look at where you are connecting.

Also, IMO hardware is not even needed. Sure it is completely recommended, but if you have 2-3 servers, load balancing, a few scripts to drop all packets that get flagged (write your own rules), and block any traffic via ports that aren't necessary for the game you should be just fine. That would mitigate 90% of the attack as long as you know what you are doing.

Now overall your post was a load of bullshit, you have no knowledge in what you are talking about. You recommended the dumbest ideas that will help no one. The end.

thank god.

[royalmonky]

L>Five to help me with his packet migration ways f3

[Five]

I'm more than happy to help you or answer any questions you have. I won't actually set anything up for you but I will guide you to the right direction.

[cinos11]

Your ways to stop a ddos prove otherwise.


How will this help? The Attacker can either attack both IPs, or either one he chooses.


You sound quite stupid saying this. The method CF uses to mask an IP, and even resolve ongoing ddos attacks is outrageous and very easily resolved. CF is not the way to go cdn wise if you are under attack.


This will not help one bit. Changing the name won't do shit. It still uses the same port.


This may do little help, but do you have enough IPs? Do you want to keep changing the connection?


This would mean giving out new clients every time you do this. If you have more than 1 server, you should load balance to help mitigate the packets received.


How does skype have anything to do with Maplestory servers. Oh and on a side note, you can input proxy settings in Skype so your IP can not be resolved.


I think you are dumb, you should be targeted, and you should get your home connection booted so your mommy and daddy buy a new service. Stupid kids.



A dumbass could find someones IP. Regarding maple, your website can be pinged, and your server's client releases your IP when you look at where you are connecting.

Also, IMO hardware is not even needed. Sure it is completely recommended, but if you have 2-3 servers, load balancing, a few scripts to drop all packets that get flagged (write your own rules), and block any traffic via ports that aren't necessary for the game you should be just fine. That would mitigate 90% of the attack as long as you know what you are doing.

Now overall your post was a load of bullshit, you have no knowledge in what you are talking about. You recommended the dumbest ideas that will help no one. The end.

You fail the grasp of my paragraph as a whole.
Its prevention against the common ddos noobs.
I never made it a full plan for avoiding ddos attacks, just as a way to stop the common people from
doing a blow of their attacks on your server.

As for new clients every time, theres a reason i said use the zapto type stuff.
Its so you can just change it from within the client.
(You change the ip, then it redirects traffic to the new server).

This will not prevent a new ddos, but it'll keep the ddos'er busy as he has to switch between the servers
as ddos'er tend to resolve the domain to its IP instead of dynamically using its web address.

As for skype, i randomly threw that in there for the common people who get their house connection ddos'ed >> (lol)

(overall though, as i said hardware is usually your best answer (large scale ddos attack) other etc stuff sure just load balance)

And tbh, i wrote this shit quick, so it aint even organized/looked over properly
so its mainly a reference guide for common mistakes for not mitigating stuff on short note points.

Feel free to criticize more stuff, the more the better as im to lazy to write the full details on mitigating stuff.
And yes also i was lazy writing the last post, so most of the stuff is gibberish on basic situations.
(Side note: i didn't review the above, so hf if ur a grammar nazi or somethin)

[Xerixe]

sexy threat sexy thread, dawg.

There are many ways to avoid DDos, well not if your already being attacked.. The trick here is to take preventions and there are many, you dont need much money you just need a functionable brain.

I know whos behind all this, LOL

@oxysoft you deserve to be ddosed for advertising your shity server, so im pretty happy they got on your nerves

sexy threat sexy thread, dawg.

There are many ways to avoid DDos, well not if your already being attacked.. The trick here is to take preventions and there are many, you dont need much money you just need a functionable brain.

I know whos behind all this, LOL

@oxysoft you deserve to be ddosed for advertising your shity server, so im pretty happy they got on your nerves

There's a lot of ways to avoid DDoS? Tell me why do servers still get DDoS. I don't mean noob ass servers. I mean real servers.
There's only ways to reduce the chances of getting DDoS, but there's no sure-way to prevent DDoS

Sure you do. Because you're Mr.Know it All

[Five]

You fail the grasp of my paragraph as a whole.
Its prevention against the common ddos noobs.
I never made it a full plan for avoiding ddos attacks, just as a way to stop the common people from
doing a blow of their attacks on your server.

As for new clients every time, theres a reason i said use the zapto type stuff.
Its so you can just change it from within the client.
(You change the ip, then it redirects traffic to the new server).

This will not prevent a new ddos, but it'll keep the ddos'er busy as he has to switch between the servers
as ddos'er tend to resolve the domain to its IP instead of dynamically using its web address.

As for skype, i randomly threw that in there for the common people who get their house connection ddos'ed >> (lol)

(overall though, as i said hardware is usually your best answer (large scale ddos attack) other etc stuff sure just load balance)

And tbh, i wrote this shit quick, so it aint even organized/looked over properly
so its mainly a reference guide for common mistakes for not mitigating stuff on short note points.

Feel free to criticize more stuff, the more the better as im to lazy to write the full details on mitigating stuff.
And yes also i was lazy writing the last post, so most of the stuff is gibberish on basic situations.
(Side note: i didn't review the above, so hf if ur a grammar nazi or somethin)

The only thing I'm going to say is your paragraphs were to stop a ddos, yet doing ANY and ALL of those methods wouldn't even stop a simple dos. Almost everyone who is ddosing in this community bought an online booter and isn't using a botnet. I'm sure those booters will down all the servers that did not take the necessary precautions, while the botnet users will down everyone. (if big enough ofcourse)

[cinos11]

The only thing I'm going to say is your paragraphs were to stop a ddos, yet doing ANY and ALL of those methods wouldn't even stop a simple dos. Almost everyone who is ddosing in this community bought an online booter and isn't using a botnet. I'm sure those booters will down all the servers that did not take the necessary precautions, while the botnet users will down everyone. (if big enough ofcourse)

Hmm, yea lmao it doesn't stop it just mitigate it partially. (That's what happens when you don't want to re-read what you wrote xD)
I guess i keep leaving out information in general.
Maby you should make a paragraph for us, since i dont want to bother.

Mainly the type of crap i do is load balancing.
I use multiple redundant servers, that i can switch easily thru dns.
Another useful technique involves round robin/etc.
This isn't all the stuff you can do, but it has to do with using basics
of servers which doesn't involve the main server.
Aka, having a flow of traffic thru the proxy first

Tbh, its just that alot of this stuff doesn't tend to work out for a pserver
as pservers leave so many loop holes for finding the ip address.
Thats unless you give the right amount of load balancing/proxy'ing the traffic thru different sources.
^more basic crap, have fun criticizing that?

[matthieu503]

Cinos11 has given some useful tips to preventing the common noob DDoSers (as he already stated)
Sure, it doesn't work all the time, but he doesn't really have anything to do with pservers. You should appreciate his help at least.
OT: Tip: When your VPS/Dedi or whatever the shit your hosting your server is back online, go into your apache logs (usually they'll ddos port 80 also so it will show it here)(to find the apache logs, look in your apache folder, for wamp press the wamp on the tray place and hover over apache then click access_logs) Find the DDoSer/DoSer's/Flooder's IP (If it has something like c:/wamp/www/index.php that's not it. Its usually an ip and then a blank space.) Go into your advanced firewall and add a new rule blocking the remote ip. If they use a VPN, then your most likely screwed. (Unless you wanna monitor the logs 24/7 lulz)
FLAME SHIELD: On
PS: As for booters, I've never been hit by one, so I'm not sure.

[Diamondo25]

I've seen a DDoS happening while TV'ing someone. As this person had a connection logger only; I saw around 100 requests per second from several IPs. We had to block them with the Windows Advanced Firewall thingy, but that still doesn't stop the DDoS'er from eating up bandwidth, which is a major problem. ISPs should intergrate some DoS blocking software on their servers, as they let everything through in the first place.

[matthieu503]

They shouldn't even be able to connect to the host if they're blocked via Advanced Windows Firewall. Also a good idea would be to use an automated IP Block. <-- Does not work all the time if the Flood is strong enough. Stuff like PeerBlock (PeerBlock – Peerblock Site)

[Leo The Fox]

DDoS issues? This is my success story, all thanks to an amazing developer I have on my server. We used to have major DDoS issues (up to 1.2Gbps, 3 million packets per second) until about December, when we have implemented the following below. We still receive attacks, but with zero/minimal downtime (10 minutes max). We've been safe from DDoS attacks since December, and have pretty much been up 24/7 since this implementation:

Round-robin DNS, and a bunch of proxy servers with your real server behind a VPN-only connection. The more proxy servers you have, the harder it is for the attacker to take you down. For example, which we do at gunbound.ca:

One main server behind 15 proxy servers. Null-route that main server to the outside world, but allow a VPN connection to all the proxy servers. This makes it impossible for anyone to directly connect to your main server. In the event of a DDoS attack, your attacker has the following choices:

- Attack all servers at once
- Attack a few at a time
- Attack one at a time

Let's say that all your proxy servers have a connection of 1Gbps each, and the attack is 1.2Gbps, and your usercount is 1,500 users online:

The following scenario; Attacks all servers at once:
The attack is reduced to 80Mbps on each server, no where near powerful enough to take down any of the proxy servers, so even with the bad DDoS traffic, it's significantly reduced so much that they can still accept legitimate traffic easily. This attack is completely ineffective and does very little damage (only to bandwidth) and zero downtime.

The following scenario; Attacks a few at a time:
The attack is reduced by the amount of servers being attacked, so if three servers out of 15 are being attacked, each server is receiving an attack at 400Mbps on each server, could be powerful enough to knock out the users connected via these servers...BUT! This will only knock off 300 users, because the other 1200 users are connected through the other servers, which are...exactly! Not being attacked. Additionally, these 300 users can easily reconnect, as every time they login, the round-robin DNS will fetch a new IP and connect them to an unaffected IP address, thus only knocking them offline temporarily and only for a minute or two.

The following scenario; Attacks one at a time (what usually happens):
The attack is full-out 1.2Gbps on one proxy server out of 15. That proxy server is completely knocked out and taking the full blow, but only knocked 100 users offline, the other 1400 will be completely unaffected, and again, those 100 users will be able to relog onto a different IP thanks to round-robin DNS. Since it seems DDoS attackers are dumb as fuck, they ping for the IP, and go full-out on that one IP address, when you actually have 14 more which are perfectly fine and don't realize that you have another 14 IPs. The only downside is the bandwidth racks up quickly on the one proxy being attacked, and has the potential to be null-routed quickly by the server host, but attacks will stop quickly when the attacker realizes that it's not having any effect on the user-count or game itself, no matter how hard the attacker hammers that DDoS command.

Attacks will not forward to the main server via proxy because the attack is so large that the proxy cannot handle the requests and will simply just go down, which prevents any illegitimate packets from being forwarded to the main server behind the VPN firewall. As long as the attacker cannot attack your main, real server from the outside, there's no way he can take out the whole game just by going behind the proxy firewall you've built, that's why I say you should null-route your server from the outside world, so this accomplishment is impossible for the attacker, even if they know it's IP.

To learn how to set-up a Round Robin DNS, use Google.

You can use VPS servers with high bandwidth and outbounds for cheap at around $10 each, so a 15-proxy server setup could just cost you an additional $150/mo, which could be a very wise investment for your server, especially if you can afford it. The more proxy servers you have, the more "safe" you will be against DDoS attacks, but don't forget to pay the bills!

I hope this helps some of you out.

[Sparks]

@Leo

Why? ... I mean why bother giving advice about your trade work? So to speak. I have tons of information how I was able to tweak Celino's web server + website and configuration files with limited 3rd party handling, to keep it online 97.9% of the time (unless multiple 1gb/s connections coming through, spamming).

But why bother? I mean .. if they truly cared about making a server for the simply knowledge and learning process they would. Do the research. Dig deep. Learn about TCP / UDP connection routes. Packet scanning. Byte transfers. Datagrams and essentially the entire ins and outs of Internet Protocol.

The fact that you took the time to write all that up, I give a lot of respect to you. But it's a waste of time when you and I both know very well what this community has turned into since OdinMS / LocalMS ... Money gouging hoarders... Do you honestly believe that they will take their time to learn about the process' you described? Or for that matter, to even go as far as god-give implement them?

It's no use...

[Leo The Fox]

@Leo

Why? ... I mean why bother giving advice about your trade work? So to speak. I have tons of information how I was able to tweak Celino's web server + website and configuration files with limited 3rd party handling, to keep it online 97.9% of the time (unless multiple 1gb/s connections coming through, spamming).

But why bother? I mean .. if they truly cared about making a server for the simply knowledge and learning process they would. Do the research. Dig deep. Learn about TCP / UDP connection routes. Packet scanning. Byte transfers. Datagrams and essentially the entire ins and outs of Internet Protocol.

The fact that you took the time to write all that up, I give a lot of respect to you. But it's a waste of time when you and I both know very well what this community has turned into since OdinMS / LocalMS ... Money gouging hoarders... Do you honestly believe that they will take their time to learn about the process' you described? Or for that matter, to even go as far as god-give implement them?

It's no use...

I was bored =P

Also you should add me on MSN or something, derp.

[HakuSpirit]

I don't find your information a waste of time. I've never ran a
Private Server before but I really appreciate the information
you guys have given. It will most certainly help me if I do decide to run one.

[matthieu503]

@Leo

Why? ... I mean why bother giving advice about your trade work? So to speak. I have tons of information how I was able to tweak Celino's web server + website and configuration files with limited 3rd party handling, to keep it online 97.9% of the time (unless multiple 1gb/s connections coming through, spamming).

But why bother? I mean .. if they truly cared about making a server for the simply knowledge and learning process they would. Do the research. Dig deep. Learn about TCP / UDP connection routes. Packet scanning. Byte transfers. Datagrams and essentially the entire ins and outs of Internet Protocol.

The fact that you took the time to write all that up, I give a lot of respect to you. But it's a waste of time when you and I both know very well what this community has turned into since OdinMS / LocalMS ... Money gouging hoarders... Do you honestly believe that they will take their time to learn about the process' you described? Or for that matter, to even go as far as god-give implement them?

It's no use...

Some servers will take their time to learn about the process because they do care about the server and they are not interested in making any money whatsoever. I right now am studying about the process of the Round Robin DNS thingy.