Vultr.com - Instant Cloud Server Deployment
Game Rank
Servers:
Teams:
Fans:
475130
Players:
43934
Forum Home > Counter Strike 1.6 Server Administration & Help > my server under attack need some guidance
emirateskingsPM
#1
my server under attack need some guidance
Jun 02, 2020 11:24 PM
Joined: Aug 07, 2016
Posts: 181
my server is rank 1 by grace of god and today i see its down for hours.

when i block all UDP traffic the SSH is okay . if i unblock UDP traffic everything is down

i have a dump file i can share it about the attacks may be someone you communities also face similar problems like me today.

if you have some iptables rules that i can put let me know.

Thanks.

dr_botPM
#2
Jun 03, 2020 12:51 AM
GAMETRACKER ADMIN Joined: May 18, 2019
Posts: 23
emirateskings wrote:
my server is rank 1 by grace of god and today i see its down for hours.

when i block all UDP traffic the SSH is okay . if i unblock UDP traffic everything is down

i have a dump file i can share it about the attacks may be someone you communities also face similar problems like me today.

if you have some iptables rules that i can put let me know.

Thanks.



Assuming the IPs are spoofed and the attack is occurring on the game port I don't think there's much that can be done other than filtering packets to mitigate the negative effects.

If your server is hosted on a vps, or though a 3rd party provider you can contact them about DDOS protection.
emirateskingsPM
#3
Jun 03, 2020 4:22 AM
Joined: Aug 07, 2016
Posts: 181
yes its hosted on a VPS and to fix this the VPS provider need to submit the dump that i send them to the Anti DDOS team OVH VAC for analysis and some times it takes weeks to fix this new attacks.

Thanks for your advice i am just with VPS support guy to provide anything they ask me and hopefully we might fix it by today fingers crossed .

EDIT Update: Issues fixed by myself

Back to Game now
Last edited by: emirateskings Jun 03, 2020 6:51 AM
emirateskingsPM
#4
Jun 17, 2020 6:53 AM
Joined: Aug 07, 2016
Posts: 181
yesterday faced a new type of attack which is like TSQuery Flood , tried to install a module on *nix but GT cannot scan as it will redirect the queries to a proxy port like 27011 that failed did not worked.

so i called OVH direct but they say they will investigate why attack is not blocked whereas partial attack is blocked but partial attack is passing through causing overload CPU high 98.7 % makes the server offline .

Now i am working on some IDS system which i am currently monitoring . if that works then would be good for other server owners too.

i will update this post when ever i get a feedback from OVH if they have blocked this attacks completely.

Thanks.