Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 29

Thread: Being dos'd

  1. #11
    Join Date
    Nov 2019
    Beans
    14

    Re: Being dos'd

    I've shutdown all the game servers and installed apache2

    the machine is still almost unreachable and it's saturating our 1gigbit connection

  2. #12
    Join Date
    Jan 2010
    Location
    Wheeling WV USA
    Beans
    1,751
    Distro
    Xubuntu 18.04 Bionic Beaver

    Re: Being dos'd

    in a day or 2 or 4 the attacker might notice the servers are down and end the attacks. in the mean time, have you noticed what IP address they come from? all the same or many "random" ones?

    anything you do on your side of the link will still have the attack packets flooding your link. maybe it is the whole machine that has been compromised. does the problem still persist when you unplug the machine?
    Social distancer, System Administrator, Programmer, Linux advocate, Command Line user, Ham radio operator (KA9WGN/8, tech), Photographer (hobby), occasional tweeter

  3. #13
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    20,240
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Being dos'd

    Quote Originally Posted by youmustnot View Post
    I've shutdown all the game servers and installed apache2

    the machine is still almost unreachable and it's saturating our 1gigbit connection
    Why add apache?
    Find the source ips and block those. if it is over 100 different ips, you'll be playing whack-a-mole until they get bored or hertz fires you.

    https://www.tecmint.com/linux-iptabl...ples-commands/ has commonly used firewall rules. Note the drop and flood prevention and too many connections per ip rules. There are lots of different full firewall scripts too.
    Last edited by TheFu; 4 Weeks Ago at 09:53 PM.

  4. #14
    Join Date
    Nov 2019
    Beans
    14

    Re: Being dos'd

    thanks for your input/help guys.

    I just wanted to play a game with friends! turns into a massive ballache, all be it by my own lack of opsec
    Ive installed a firewall and blocked all ports other than one, the server is responsive again. just downloading some config files and i'll have to wipe and do a hell of a lot of reading!

    Thanks again guys, sorry I'm not on my game with this stuff, the information provided will help me for game server rev2!

  5. #15
    Join Date
    Nov 2019
    Beans
    14

    Re: Being dos'd

    i dont know how to find there IP's

    apache: QIII said to put the game server behind it?!

    Last edited by youmustnot; 4 Weeks Ago at 09:45 PM.

  6. #16
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    20,240
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Being dos'd

    Quote Originally Posted by youmustnot View Post
    i dont know how to find there IP's

    apache: QIII said to put the game server behind it?!
    The log files should have all connected ips. "game server" doesn't tell us much. There are hundreds of those and how to secure each is different. System logs are usually in /var/log/ somewhere. i use egrep to search them all at once.

    Whether any web server can help protect any game server depends on the sort of traffic. Nothing will be install and it magically will work. You'll need to become very familiar with all the valid incoming requests and block anything that doesn't match those patterns. That is in addition to all the firewall stuff above.

    if your Linux-fu is weak, this can take weeks of effort.

  7. #17
    Join Date
    Nov 2019
    Beans
    14

    Re: Being dos'd

    the game server is a rust server.

    the attack has started again..... they must be buying more bandwidth or something
    the firewall doesnt seem to be helping

  8. #18
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    20,240
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Being dos'd

    Quote Originally Posted by youmustnot View Post
    thanks for your input/help guys.

    I just wanted to play a game with friends! turns into a massive ballache, all be it by my own lack of opsec
    Ive installed a firewall and blocked all ports other than one, the server is responsive again. just downloading some config files and i'll have to wipe and do a hell of a lot of reading!

    Thanks again guys, sorry I'm not on my game with this stuff, the information provided will help me for game server rev2!
    If you just want to play some games with friends, then only allow those specific subnets any access. Go with a default deny rule, then have your friends provide their IP addresses so you can allow them in. That's the safest way to start, while you are still learning.

    BTW, when I was starting out with Unix, I got hacked too. This was decades ago when there weren't even 1% of the bad people on the internet that we have today. There's a bunch to know and different knowledge is needed if you run servers at home vs at some VPS provider. Regardless, perhaps this outline will help? https://blog.jdpfu.com/2016/10/04/lamp-server-security It is a general list of things with a few outside links. No commands, just ideas.

  9. #19
    Join Date
    Sep 2014
    Location
    United States
    Beans
    285
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Being dos'd

    I'm sorry you're being DDOS'd.

    You do not need a web server to protect your data.

    Fail2ban is good, but it won't protect you from ddos unless you understand how it works.

    Can you shut down your servers now, so you can spend the time you need to address the issue?

    Once you shut down, we'll go over a diagram on how to setup your server.

  10. #20
    Join Date
    Nov 2019
    Beans
    14

    Re: Being dos'd

    thanks I will have a read.

    after the first attack and after i installed the firewall i fired up a game server.
    the attack is happening again so ive closed all but one port again.
    But i still have people playing on the server?
    i thought the firewall would have stopped the attack with only one port open and kicked the players on the game server?

    ufw default deny incoming
    ufw allow 22
    ufw enable
    "Firewall is active and enabled on system startup"

Page 2 of 3 FirstFirst 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •