AntiDDoS protection?
I've was using a OVH VPS for DDoS protection with custom iptables, but seems like OVH's AntiDDoS is really bad and let's thru most of the attacks. Any good alternatives?
231 Replies
Thanks for asking your question!
Make sure to provide as much helpful information as possible such as logs/what you tried and what your exact issue is
Make sure to mark solved when issue is solved!!!
/close
!close
!solved
!answered
Requested by bruhdows#0
OVH is very good
Yeah, but most of the attacks go thru lagging out the server
can you show the logs from the ovh dashboard
I have Gate Lite on my VPS proxying connections to main Dedicated
Well I have an ongoing attack right now litterary, but I switched to neoprotect temporaily
Can you show logs of the network scrubbing center
Yeah, give me a moment
That's not good
Can you show the network logs and see the leaking traffic
Yeah I know, tried blocking it using IP Tables, but most of time they are finding new one
Yeah, moment
You can deploy the Edge Firewall instead of blocking it on your machine, should prevent your server from being exhausted
I've did, but the rules seem very limited
That's my current rules
I don't really know how I could fully block these attacks
They're using alot of methods
Those look good
Honestly you can try contacting OVH
Well i've tried, 3 times
They could be attacking from another OVH machine
Those bypass the DDoS protection afaik
They probably are
As I've seen some OVH machines in netstat
Btw, how did you configure Gate Lite to forward Player IPs to the backends?
proxy protocol
is that a built in feature ⁉️
Yeah
i didn't know that
Nothing you can do about it honestly
What did they reply with when you contacted them?
How about somehow blocking all OVH asns from even doing something to the server
You could possibly do that with some software
But not sure if that would do anything
Most of the time suggested to buy a game dedicated server for the DDoS Protection
Also I was thinking about buying something like minekube connect - from the gate like owners
That is full yap
You don't need game DDoS protection for Java, that is covered by the general Anti DDoS
Don't do that
Like it's the same price as OVH VPS, so I am considering
Yeah, should be
Can you show this
In the like logs of attacks?
From here?
no 1 sec
@BruhdowsYou can view from here
OVH site is extremely slow for me, for some reason lmao
180 attacks in a 14 days are crazy tho
That is something I have not seen ever in my life
What the hell
That is insanity XD
I know right
Who did you even anger that much
I do know you have a fairly large server
I didn't, there is just some kids that go over random servers and just DDoS them
or some other exploits, like connection spamming velocity etc.
that affected some other servers that I know (caused by the same group)
Can you turn off
stack data and send another screenshotYeah, moment
Also set the period to something lower
6 hours?
24 should be fine
And they're still attacking
it seems like no packets are leaking to your dedicated at least
do you know if your dedicated receives the malicious packets
Nope, it does not go thru it
What VPS do you have?
It's very likely they are attacking from other OVH servers
Like Specs?
That seems to be it
yeah
It's like practically the lowest one :tf:
2 cores and 4 gigs of ram
How much is the bandwith?
Like 1gbps, 250mbps
Honestly I'd just say nag OVH about it and tell them they are advertising Java DDoS protection as included with their general infastructure, so buying a game server would be pointless
They will probably, anyway do something about it
500mbps without limit
uh yeah
just stay on neo for the time being
and nag ovh
Neo is very costly
Yeah
What exactly happens during an attack?
Just extreme lag?
Lag Spikes
If you see traffic coming to the server on netstat
then it means it is leaking the attack
To the dedi, or VPS?
Where did you see traffic increasing on netstat anyways
dedi or VPS?
VPS. Dedi only VPS ones
And as I said, there was some OVH ips included in the attack.
If it reaches your VPS it should pass to your dedi just fine, unless another protection catches the remaining one
Yeah
Just nag OVH till they do something about it
Not sure if it would pass thru Gate Lite
Depends on the attack method™️
@Eternal
Most of the are just trying to DDoS the SSH or the 25565 port.
You should probably close the SSH port
Use something like Tailscale to access it securely via a VPN
I've did.
They're still DDoSing the 25565 port. I could change it I guess, as they would need to port scan?
That won't really work
How are you setting up DNS requests to your VPS
A record.someone can just look at the DNS info via something like dig and see the port it's going to
yeah that won't work
Not sure
to use a port other than 25565 you'd need SRV records
if SRV record leaks the port.
Yeah
it will
you can't hide the port
that's impossible
They're still DDoSing so I can try setting up the VPS and try to check it out
question, do you know if its a layer 7 attack?
so minecraft focused
because the vps dont have the game protection
Not sure
Yeah
It does
......
They should make some more affordable options ngl (atleast for the Gaming series)
Like
no?
they have additional filters for their game servers.
They say it on their page literally
It is on the general Anti DDoS infastructure
The game servers do not have extra protection for Java
oh interesting, dont remember that always being the case but /shrug/
could check if its a layer 7 bedrock attack if he uses geyser?
Nope, doesn't
he drops all udp traffic
ah
They're still DDoSing so I will set the VPS back up and see from what it's coming from
if they are ddosing the vps, cant you just check there?
we were
they're attacking from other ovh servers
it looks like
ah
thats why
ovh vac doesnt apply to internal traffic afaik
Gotta love OVH 🔥
LOL
I can't even go into rescue mode
it just died.
ovh site do be like that
it is the slowest and most unresponsive thing I have ever seen
What "running tasks"?
It's crazy
The users that DDoS are promoting some Minecraft server yk
and someone in chat said this:
xD
They're arabic btw
is your server cracked by any chance
if I remember correctly yes?
Mhm
yeah makes sense
This is against the rules here right?
Yeah, but not really about topics like this
Well, I shouldn't but it's practically the only way to gain members specifically in Poland
to be fair cracked makes bot attacks easier
Well, these clearly aren't bot attacks so
I've never seen a 10Gbps bot attack
I get your pain, same in Turkey lmao
Yeah
Well anyways
@Jenkins
libdeflate has reached level 10!
Roles Added:
Level 10
You can stay on Neo for now
and nag OVH in the meantime
I guess
They take down internal attacks quickly if you do manage to nag them enough
Wondering when my VPS will come back to life tho
Is your VPS running on prod
Or are you directly Neoing your dedi
Neoing the dedi :sunglas:
alright lol
Well even their chat does not work properly
An agent will be with you shortly :sunglas:
They will probably redirect me to another ticket.
If they tell you to buy a game protected dedi
just remind them that they advertise java protection as built-in
Yeah
Trying to nag OVH today
is OVH on drugs
when since is debian 12 deprecated
Hahaha
I've had the same with Ubuntu 24
'We are experiencing longer wait times, thank you for your patience.' 😭
that always happens
I get a response within 1-2 mins
sometimes 4
Or the employee is avoiding me :tf:
Nothin
No response
litterary
did they answer?
retype the message
the message you send before the ticket is accepted by someone isn't seen
idk why, seems to be a bug with their system
It's still at
oh lmao
just wait for someone to pick up
Yeah I will be actually considering Minekube Connect for now
What protection do they even have?
@ProGamingDkdon't you have drama with them?
i think they were very sketchy
fly.io
well they wanted to do a marketplace for selfhosters, which was weird and you can only not get ads if you get the premium plan
oh?
i think that is not that good??
its where they host
they also only have like 2 pops (iirc), not sure if thats anycasted,
does fly.io have a free plan or something
looks interesting
and looks cool
the site
overall
That means nothing
Yeah
hosts call hetzners ddos protection advanced
so like
But it looks cool :sunglas:
nothing new...
Damn
but german quality 🔥
how bad is hetzner ddos prot actually
TTM is not great
antiddos is eh
German price 🔥
I didn't really test it
"Less than 10 minutes of outage is expected"
fly.io moment
hetzners default notification is fx 200k packets a second
That's probably why
Customer service maintenance 😭Check this out @ProGamingDk :tf:
its all ai
they really are opening up the humans and fixing them or some shit
XD
Customer Service Status
Welcome to Customer Service's home for real-time and historical data on system performance.
You can sign up for updates if you care about that
I've clicked on that 😭
What is that link
funny
(rickroll)
and it does not preview cus discord.com
(i rickrolled you back)
Yeah, it's a remnant of another easter egg they just didn't remove
you were able to access it by enabling an experiment
That's cool
wait....
@ProGamingDk can you verify please
do they NOT HAVE HTTPS ON THEIR STATUS PAGE
😭
THEY ACTUALLY DON'T WTF
can confirm they dont
i'm crying
OVH is doomed.
Any ideas?
arent you currently using neoprotect
hows that going
Did OVH respond?
It's okay, but the limitations are crazy
My server exceeds 6 TB traffic before month ends and the the only upgrade is 3x the value
which thing do you have?
well plan
remoteshield or just mc?
Neo
mc
Customs are 100 euros and up
oh have fun with the company plan if you ever get that
their fair use is funny
It's just unreasonable
I pay less for my Dedi
Yeah...
Nag OVH
They will fix it
Papyrus.vip seems cool, they use Cloudflare Spectrum and for 30 euros/month you get Unlimited Bandwith (didn't read tos yet)
oh im more talking about the fair use amount
they also ddos other hosts
owner is a dingus
They need
etc
Damn
also shutdown for like 2 years because cloudflare wasnt happy about enterprise being resold
mcprohostings ddosprot service also died for external projects due to it iirc
Also I was considering UltaHost.
But theirs AntiDDoS seems more website based
Damn this thread is going crazy 😂
3 people and like 305 messages alr
Seems like they fixed their support :tf:
Hey we just deployed our new anti ddos for some servers! Feel free to check us out! https://servcity.org/
Servcity
ServCity | Affordable and Fast Gameservers with Anti-DDoS
Servcity offers affordable DDoS Protected Gameservers running on the latest Ryzen 9 CPUs from AMD, for example the R9 7950X. Minecraft, VPS, and more.
Or let me know if you wanna do any testing 🙂
Yeah, but would it be possible to proxy connections? Most hosts disallow it.
As I am looking for a DDoS protection for my Dedicated server
We use hetzener with neoprotect and blocked those kids
We only had one issue where they were attacking an old backend IP of ours, but that’s been fixed
What plan are you using?
The 90 euro plan should be perfect
That’s what we’re using
how many players do you have?
i dont like their fair use / company plan player suggestion
"200-1000 players"
"above 200-500 players you generally need a custom deal for bandwidth costs"
100~
Same right now
Then what issue are you guys having?
Hetzener or OVH?
You were talking about Ovh before
They likely have your backend IP and are attacking it if on hetzener
Yeah cus I was proxying OVH connections to my Hetzner dedi
Actually no, my dedi is fully protected with tailscale and i've tried netstat too (only proxy connections)
You sure?
We thought we secured it as well but then neoprotect people found our IP relatively easily lmao
Yeah, otherwise it would be ddosed all the time right now
They don’t ddos all the time
For us they’ve been ddosing our old primairy IP and saturating the connection
Just waiting on hetzener to remove it
Seems like the same issue, just for my OVH vps.
cant you use the web firewall and block everything to that ip?
so it doesnt hit your machine saturating the connection
Yes we have done that. It still seems to be able to saturate the connection
Not sure why or how, but neoprotect ppl also recommended to remove it
Don’t know why either
I could, but it's multipile servers(vps) and the rules are limited
i was talking to game time about his old ip being attacked
Ah sorry
i had to get a hetzner ip changed for a client who's previous sys-admin got the ip leaked on censys,
was like 22 euros + setup 😭
Exactly
It’s so expensive bro 😭
tbf they will have to recycle the ip
meaning some unlucky bloak can be attacked
The best way is block all connections, add all neoprotects ips and use tailscale.
also the ip is in the same subnet
We offer that as well
What location of OVH do you use?
Germany
Closest to my Dedi
That would be possible then our location is in NL
We can just get you a proxy or a tunnel
Cool, could you give me a quote? I would like a test server for like 48h so I could test the ping differenceand everything if that's possible
Yeah sure is it fine to sent you a dm and go over the details?
Yeah, i will send a friend request
Guess what
.
Well that sucks
Honestly what are the chances the lag spikes are something else
Well I've had no problems after switching to neoprotect
Maybe it is the bandwith being filled up?
Like, not because of a ddos attack, just naturally becuse the server literally only has 500mbps
That's possible
Cus it does not crash
It just lags a ton
It could be that honestly
For now I am waiting for reanimation of my VPS 😭
Wait why
it just died and I can't restart, reinstall or anything
LOL
Also i've seen some xProtect thingy from XCord
That allows to blacklist asns and shit