New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Delimiter DDoS / Shutting Down Server
Hey Guys,
I have a dedicated server at delimiter / dual e5420/16gb ram/1tb hd/10tb transfer
The problem i have though is for some reason i keep getting shutdown for hours at a time - right now at 12 hours - and i'm not running anything public on my server no game server, no teamspeak etc.
Do you guys have any alternatives in the same price range ( i have the black friday deal which I believe is 20$ a month)
Comments
Short:
no. They are by far the cheapest.
@MarkTurner <-- get in touch with him.
Have you tried to contact support? Contact @MarkTurner here. He usually is quick to solve problems.
@MarkTurner
What are you running on the server?
I've got the same server with no issues I know of.
If he is being null routed, he is attracting incoming DOS/DDOS. Once we know what he is actually running then we can take it from there.
My money is on: Teamspeak / Gameservers / Plex
Wat
We have had a lot of DDOS against Plex servers. Both incidents we had last week were aimed at two unrelated customers with Plex servers.
That doesn't even make sense. Why would someone attack someones Plex server? Of all things to target...
It's like the people that attack porn sites. WHY?
Francisco
I think for fun, they know people are using them to watch some films and it causes disruption.
Best thing is to whitelist IPs/IP ranges to 32400 then when the port scans happen Plex is not detected.
Its like Teamspeak or gameservers - why DDOS them? Sour grapes?
@Francisco
I am running Plex. I wasn't aware that plex was also targeted - i'll have to setup a whitelist for IPs then, Still waiting for it to come back up - will have to wait until then.
@MarkTurner does the null route get lifted automatically after the ddos subsides ?
Lock down port 32400 to the IPs you use and you won't get a 'drive-by' DDOS
Someone trying to get delimiter clients in trouble?
I think just a new sport, I see it on other brands too.
Any idea what country the Plex DDos IP's came from mainly?
I'd be pissed... Watching a movie then BAM some.knob is DDoSing you..
The IPs doing the ddosing likely come from all over, the IPs port scanning to find your plex server are probably from China. Blocking Chinese IPs usually fixes most security issues.
Ok, since I have no one outside of the USA, I simply allowed only US ip blocks to access to my Plex server in Iptables.
Use ipset, you're completely mudering your network performance with that big of an ACL.
Francisco
Yea, as every connection to your server is having to be checked against that incredibly long list of IPs that are blocked.
I've been using ufw to allow a few block of IPs but with plex it's hard as you can be on your phone at a hotel etc and you have to keep allowing IPs.
Do you guys think using ipset to block China would do the trick? They never sent me the logs so not sure where the attack / poet scan came from
Buy a couple of LES, setup VPN's, only allow those through, job done.
I was chatting with @MarkTurner about a way to effectively whitelist folks, especially in a multi-user situation. His suggestion was have a webpage up that people need to login to which automatically updates the ACL to allow that /32. Rather than doing IP ranges at the country/ASN level, you just need to visit server.com/plex and punch in a user/pass to unblock the /32 you're on.
https://www.rfxn.com/projects/advanced-policy-firewall/
Run install.sh, it will give you the active ports to open and configure, leave Plex's port out*. Set them in conf.apf.
Make sure to use the monokern flag if you're on OVZ, etc.
Then use the below to refresh your IP set daily for global allowed. While you're at it, block ISPs you don't like with global deny.
/etc/apf/conf.apf :
*EDIT: Make sure not to add your Plex ports in the conf.apf, so only your global trust IPs can access it.
Time to buy up that Netflix subscription you've been evading!
NETFLIX AND CHILL
I guess the children who do this sort of stuff view it as target practice...
Sounds like a perfect job for port knocking. I'd best get it set up before they start DDOSing my home range...
can someone offers me dedicated 20usd, my budget is 15usd to 20usd only
@MarkTurner