Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Ovh GAME getting DDosed on source port 80 is there anyway to fix this with iptables?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Ovh GAME getting DDosed on source port 80 is there anyway to fix this with iptables?

prosownprosown Member
edited December 2019 in Help

Ovh GAME getting DDosed on source port 80 is there anyway iptables i can use to fix it? Here is the pcap file https://gofile.io/?c=s7pJ6y thank u so much for the help I am running ubuntu 18.04

Comments

  • stefemanstefeman Member
    edited December 2019

    If you don't need port 80, easiest way is to block it on IP firewall and not on the machine itself.

    Don't put fastdl server on the same gameserver machine, as it will open up an attack vector. Only if you use nginx without PHP on Linux and serve static files, then you can have it on the same machine.

    Your host seems to be: https://100up.org/ which guarantees 100% uptime for some reason.. Maybe you should try asking them. Your port speed is only 100 Mbps which means it will get oversaturated if you get attacked by a bypass attack.

    You should buy/find 1Gbps OVH Game VPS with IP firewall function enabled for customers, there should be a few providers out there with that feature. I would avoid any provider that "guarantees" 100% uptime as its something even Azure/AWS/Akamai cannot hope to ever achieve, let alone it even applies if you're under attack according to their claim.

    Also, that .pcap file is too small. You probly did not even record the attack, it should be hundreds of megabytes or even gigabytes per 10 seconds.

    Thanked by 1Borowka
  • You should block source port 80 then, if you're not running a web server. You can do this with the OVH firewall. I don't know if 100UP allows custom firewall config though through OVH api, autovm.com and extravm.com do this although it's probably a bit more expensive.

  • As people have suggested just block port 80, its a game server so you shouldn't need HTTP

  • If I block port 80 then I can’t access any website since I am running a vpn and there’s. No such thing as a 1gbps ovh game the maximum port speed u can get is 500mbps however the 100up node is on a 500mbps link so it shouldn’t matter that much as it is a low bandwidth attack it doesn’t oversaturate the 100mbps port at all this attack only disconnects players from Xbox live on my vpn server

  • @prosown said:
    If I block port 80 then I can’t access any website since I am running a vpn and there’s.

    And why for f*** sake are you running vpn on port 80 ???

  • stefemanstefeman Member
    edited December 2019

    @prosown said:
    If I block port 80 then I can’t access any website since I am running a vpn and there’s. No such thing as a 1gbps ovh game the maximum port speed u can get is 500mbps however the 100up node is on a 500mbps link so it shouldn’t matter that much as it is a low bandwidth attack it doesn’t oversaturate the 100mbps port at all this attack only disconnects players from Xbox live on my vpn server

    Then record us another tcpdump that actually has the attack.

    OVH Game is 500Mbps with 1Gbps burst which is 99% of the time your actual speed anyway unless you send 150TB traffic in a month. that's why I said 1Gbps port as it actually exists as long as the node is using burst bandwidth.

    Also, we have no idea about the IP settings/firewall rules on the host node, so it might drop fragmented UDP during attacks. So try setting protocol to TCP.

    tcpdump -s 0 -i eth0 -w dump.pcap

    change eth0 to your network device name.

    Then press Ctrl + C after 10 seconds have passed executing that command.

  • @Jarry said:

    @prosown said:
    If I block port 80 then I can’t access any website since I am running a vpn and there’s.

    And why for f*** sake are you running vpn on port 80 ???

    I think he means he's using that outgoing, but it's still no problem if you block incoming source 80 which is supported by OVH Anti-DDoS pro.

  • heres a longer pcap i did it makes me lag so much it causes the ssh to crash glad i could capture it though here it is https://gofile.io/?c=cvbjb9

  • @stefeman said:

    @prosown said:
    If I block port 80 then I can’t access any website since I am running a vpn and there’s. No such thing as a 1gbps ovh game the maximum port speed u can get is 500mbps however the 100up node is on a 500mbps link so it shouldn’t matter that much as it is a low bandwidth attack it doesn’t oversaturate the 100mbps port at all this attack only disconnects players from Xbox live on my vpn server

    Then record us another tcpdump that actually has the attack.

    OVH Game is 500Mbps with 1Gbps burst which is 99% of the time your actual speed anyway unless you send 150TB traffic in a month. that's why I said 1Gbps port as it actually exists as long as the node is using burst bandwidth.

    Also, we have no idea about the IP settings/firewall rules on the host node, so it might drop fragmented UDP during attacks. So try setting protocol to TCP.

    tcpdump -s 0 -i eth0 -w dump.pcap

    change eth0 to your network device name.

    Then press Ctrl + C after 10 seconds have passed executing that command.

    I captured all the packets coming in

  • So your IP is 158.69.184.47 right? I only see a lot of shit coming from 147.135.73.224 so perhaps you should drop that IP? Both IPs are OVH btw.

    Also, your IP is in the abusedb: https://www.abuseipdb.com/check/158.69.184.47

    For port scanning, hacking, brute force. Are you sure there is no unauthorized access to your server or if it's being used for attacks? (Like reflection attacks)

    What are you running anyway?

  • Yea my ovh server is 158.69.184.47 and that abuseipdb is false I only use openvpn on my server.

  • prosownprosown Member
    edited December 2019

    well i dont think dropping the ip would fix anything as other ovh's bypass the firewalls. there is just alot of jealous people on xbox and they report me to abusedb

  • Your PC / laptop connected via OpenVPN can be infected by a virus/trojan

  • No i ran multiple virus scan's with kaspersky malwarebytes and bitdefender my computer is completely clean.

  • MikeAMikeA Member, Patron Provider
    edited December 2019

    @prosown said:
    well i dont think dropping the ip would fix anything as other ovh's bypass the firewalls. there is just alot of jealous people on xbox and they report me to abusedb

    Consider what you're doing to get them to DDoS you and change that. I haven't played shooters on consoles since I was like 18 or something, and I never had problems or knew anyone who had problems like people seem to now days unless they were running "modded lobbies".

  • @MikeA said:

    @prosown said:
    well i dont think dropping the ip would fix anything as other ovh's bypass the firewalls. there is just alot of jealous people on xbox and they report me to abusedb

    Consider what you're doing to get them to DDoS you and change that. I haven't played shooters on consoles since I was like 18 or something, and I never had problems or knew anyone who had problems like people seem to now days unless they were running "modded lobbies".

    Victim blaming :neutral:

    Thanked by 2pike Bafly
  • @prosown said:
    well i dont think dropping the ip would fix anything as other ovh's bypass the firewalls. there is just alot of jealous people on xbox and they report me to abusedb

    Not on the fw but you can drop it with iptables. I assume the attack doesn't saturate your bandwidth.

  • So basically you need a reliable VPN that can hardly be taken down by some retarded xbox live noobs. You should just hire someone to set this up. Also theres better hosts with decent hardware firewalls, like any combaton or FirstColo reseller.

  • MikeAMikeA Member, Patron Provider

    @marvel said:

    @MikeA said:

    @prosown said:
    well i dont think dropping the ip would fix anything as other ovh's bypass the firewalls. there is just alot of jealous people on xbox and they report me to abusedb

    Consider what you're doing to get them to DDoS you and change that. I haven't played shooters on consoles since I was like 18 or something, and I never had problems or knew anyone who had problems like people seem to now days unless they were running "modded lobbies".

    Victim blaming :neutral:

    If you've dealt with what I've had to deal with selling VPS on OVH Game servers you'd do the same.

  • @MikeA said:

    @marvel said:

    @MikeA said:

    @prosown said:
    well i dont think dropping the ip would fix anything as other ovh's bypass the firewalls. there is just alot of jealous people on xbox and they report me to abusedb

    Consider what you're doing to get them to DDoS you and change that. I haven't played shooters on consoles since I was like 18 or something, and I never had problems or knew anyone who had problems like people seem to now days unless they were running "modded lobbies".

    Victim blaming :neutral:

    If you've dealt with what I've had to deal with selling VPS on OVH Game servers you'd do the same.

    Been there done that. I do sell OVH game servers and VPS. I also run a game community and attacks by competitors are so common. Host providers used to ditch me all the time blaming me getting ddossed, they said I probably provoked the attacker lol while I did nothing but playing games.

    Now those same providers have ddos protection and tell me to go with them because hey, it's not the question if you get attacked but when.

    So yeah it's easy to blame the victim but any noob can rent a booter these days and bring down your server and no they don't need a reason, just for fun is reason enough.

    Thanked by 1pike
  • MikeAMikeA Member, Patron Provider
    edited December 2019

    @marvel said:

    @MikeA said:

    @marvel said:

    @MikeA said:

    @prosown said:
    well i dont think dropping the ip would fix anything as other ovh's bypass the firewalls. there is just alot of jealous people on xbox and they report me to abusedb

    Consider what you're doing to get them to DDoS you and change that. I haven't played shooters on consoles since I was like 18 or something, and I never had problems or knew anyone who had problems like people seem to now days unless they were running "modded lobbies".

    Victim blaming :neutral:

    If you've dealt with what I've had to deal with selling VPS on OVH Game servers you'd do the same.

    Been there done that. I do sell OVH game servers and VPS. I also run a game community and attacks by competitors are so common. Host providers used to ditch me all the time blaming me getting ddossed, they said I probably provoked the attacker lol while I did nothing but playing games.

    Now those same providers have ddos protection and tell me to go with them because hey, it's not the question if you get attacked but when.

    So yeah it's easy to blame the victim but any noob can rent a booter these days and bring down your server and no they don't need a reason, just for fun is reason enough.

    If you like I have lots of people I could send your way if you think my comment is silly and not true. I'm not talking about just getting an attack on a VPS. People that get DDoS'd constantly running VPNs for xbox/ps4 are not the best people. It's why I banned it and kicked dozens of people off my service.

  • @MikeA said:

    @marvel said:

    @MikeA said:

    @marvel said:

    @MikeA said:

    @prosown said:
    well i dont think dropping the ip would fix anything as other ovh's bypass the firewalls. there is just alot of jealous people on xbox and they report me to abusedb

    Consider what you're doing to get them to DDoS you and change that. I haven't played shooters on consoles since I was like 18 or something, and I never had problems or knew anyone who had problems like people seem to now days unless they were running "modded lobbies".

    Victim blaming :neutral:

    If you've dealt with what I've had to deal with selling VPS on OVH Game servers you'd do the same.

    Been there done that. I do sell OVH game servers and VPS. I also run a game community and attacks by competitors are so common. Host providers used to ditch me all the time blaming me getting ddossed, they said I probably provoked the attacker lol while I did nothing but playing games.

    Now those same providers have ddos protection and tell me to go with them because hey, it's not the question if you get attacked but when.

    So yeah it's easy to blame the victim but any noob can rent a booter these days and bring down your server and no they don't need a reason, just for fun is reason enough.

    If you like I have lots of people I could send your way if you think my comment is silly and not true. I'm not talking about just getting an attack on a VPS. People that get DDoS'd constantly running VPNs for xbox/ps4 are not the best people. It's why I banned it and kicked dozens of people off my service.

    Yeah I got those people as well but what do I care that's what the protection is for. It just seems silly to sell DDoS protection, advertise it and then if they get DDoSsed a couple of times you kick them for actually using your service :wink:

  • MikeAMikeA Member, Patron Provider
    edited December 2019

    @marvel said:

    @MikeA said:

    @marvel said:

    @MikeA said:

    @marvel said:

    @MikeA said:

    @prosown said:
    well i dont think dropping the ip would fix anything as other ovh's bypass the firewalls. there is just alot of jealous people on xbox and they report me to abusedb

    Consider what you're doing to get them to DDoS you and change that. I haven't played shooters on consoles since I was like 18 or something, and I never had problems or knew anyone who had problems like people seem to now days unless they were running "modded lobbies".

    Victim blaming :neutral:

    If you've dealt with what I've had to deal with selling VPS on OVH Game servers you'd do the same.

    Been there done that. I do sell OVH game servers and VPS. I also run a game community and attacks by competitors are so common. Host providers used to ditch me all the time blaming me getting ddossed, they said I probably provoked the attacker lol while I did nothing but playing games.

    Now those same providers have ddos protection and tell me to go with them because hey, it's not the question if you get attacked but when.

    So yeah it's easy to blame the victim but any noob can rent a booter these days and bring down your server and no they don't need a reason, just for fun is reason enough.

    If you like I have lots of people I could send your way if you think my comment is silly and not true. I'm not talking about just getting an attack on a VPS. People that get DDoS'd constantly running VPNs for xbox/ps4 are not the best people. It's why I banned it and kicked dozens of people off my service.

    Yeah I got those people as well but what do I care that's what the protection is for. It just seems silly to sell DDoS protection, advertise it and then if they get DDoSsed a couple of times you kick them for actually using your service :wink:

    You're misunderstanding me then. I was trying to get the point across that most people who run VPNs for Xbox/PS4 end up being the ones who spent literally months and years of their life harassing a host, sending threats, posting slander online when they get mad at you. Same reason they need a VPN for protecting their call of duty session, they are like that to the people they play with and many pay for booters. Sorry if it offends you or anyone else, but after hosting them for years, I realized how much BS I was dealing with after I kicked all of them off over a few months period a while back.

Sign In or Register to comment.