Ddos attack

**Old Fox** · September 28th, 2017, 09:34 AM

Hello friends

When I started my server and it turned out that I had many enemies and always my server under Ddos attack every half hour

**Todesengel** · September 28th, 2017, 10:27 AM

Originally Posted by Old Fox

Hello friends

When I started my server and it turned out that I had many enemies and always my server under Ddos attack every half hour and the another half our lag lol and now i cant open my server some times from the host and i still didnt know who made that so i want to protact my server and add a good protaction to save my server from the attack and the lag so any ideas ?

Some questions first so that we can help you....

1) Are you currently running the Reborn patch v1.12? It will probably help with most server crash attempts.
2) Are you hosting the game server yourself? Or is it hosted at some VPS provider or gameserver provider? If so, they can likely help you with mitigation of DDos attacks.

T

**Old Fox** · September 28th, 2017, 10:40 AM

Originally Posted by Todesengel

Some questions first so that we can help you....

1) Are you currently running the Reborn patch v1.12? It will probably help with most server crash attempts.
2) Are you hosting the game server yourself? Or is it hosted at some VPS provider or gameserver provider? If so, they can likely help you with mitigation of DDos attacks.

T

hello
Its spearhead server and i hosted in vps provider

**James** · September 28th, 2017, 11:18 AM

Your host should be able to assist with blocking it on the firewall. DDOS attacks are tricky because they come from different IP ranges, but there are ways out there to mitigate the attack as mentioned above.

**Todesengel** · September 28th, 2017, 11:37 AM

If it is a DOS you can handle it yourself with firewall rules on your VPS. But if it truly is a DDOS attack instead, then James is right - your hosting provider should be the one to address this. They would likely have an infrastructure at the perimeter/edge that has specific ddos mitigation features. It's always better to address that type of issue there than trying to do it on a host within the network.

If you are not completely positive it is a DOS/DDOS... (actually, regardless) you want to make sure you have protection for other crash attempts. I am not a spearhead guy (yet), but I am not sure if reborn is AA only, or if it also protects SH/BT. Here is a link that may be of interest perhaps....

http://www.x-null.net/forums/showthr...d-Breakthrough

**James** · September 28th, 2017, 12:50 PM

Unfortunately Reborn is only for AA. Daven's patch does help against some crashes on SH & BT, but it wouldn't protect against a DDOS attack.

**Old Fox** · September 28th, 2017, 06:17 PM

ok there
is there any program can i use it in my server or no and my provider add protaction already but not Unhelpful i see
and btw i open all ports , starting from 12201 to 23009
i open about 20 port in my vps

**James** · September 29th, 2017, 06:27 AM

Dude, that's a big security hole. The objective is to have as many ports closed off as you can. ONLY open up the ones you need. If you open up the ports, then you're very susceptible to attacks.

And as far as security; there are software protection schemes you can implement, but hardware protection is MUCH more effective and it needs to be configured on the firewall. I'm sure the host is able to do that on their end.

**Todesengel** · September 29th, 2017, 10:40 AM

If you are opening that many ports, you are likely to have 'stability issues' *grin*

Again, I am not a SH/BT guy, but I believe AA needs UDP 12300 (or whatever your default port is, 12300 if you haven't changed it). You may need other udp ports open to appear on 'gameserver'/masterserver lists but you can play with those after getting stable (12201-12203 I think).

Next, please see the link I provided above, as it will give you Davens patches in case what you are actually seeing is a crash, not a ddos.

Lastly - I find it hard to believe that if your ISP has already confirmed DDOS protection is in place that this is really a DDOS attack.

Perhaps - whenever the system crashes - send us the last page or two of your qconsole.log? Maybe something there will be indicative....

You may also want to consider switching hosts to one that is familiar with offering mohaa instances, and not just one that offers general VPS. The mohaa specific folks are going to be able to better assist I suspect....

**James** · September 29th, 2017, 10:47 AM

If I recall I think the most common ports for MOHAA are TCP/UDP 12203 - 12206.
Your client will connect to whatever port it needs to, to join the game. There is absolutely no need for you to open all ports.

Thread: Ddos attack

Thread Tools

Display

Ddos attack

help for ddos

Posting Permissions