Private servers are being ddosed!

Hello,

My Conquer private server is DDOsed / attacked.
I've changed my dedicated host with a new one and they couldn't stop the attacks.
I've talked with different pserver owners and they are in the same situation , attacked by the same guy.

Does anyone knows who's that guy(if someone was attacked by him) or what kind of methods for protecting shall I use?
I can't stop him ...skids..

Thanks

It'd probably be pretty easy to "DDoS" a conquer server. Hell, you could just write a basic bot to flood the server with database queries and thus lag it until everyone DCs or it crashes.

If your host is a linux server, you can probably use iptables to filter out and block the IPs he's using for the "DDoS".

Edit: Lol, Linux server. We're talking about a hosted Conquer server here, it's most likely Windows. Disregard that.

My host is using window server and I can't see his ip , I'm just seeing in event viewer , packets , udp flood , Source:DDCon , I've blocked all udp connections,ports and it didn't worked.
This is the 3rd host , I must change it in order to get a stable one but I won't find ..I need to block him.

Quote:

Originally Posted by Irinaa My host is using window server and I can't see his ip , I'm just seeing in event viewer , packets , udp flood , Source:DDCon , I've blocked all udp connections,ports and it didn't worked. This is the 3rd host , I must change it in order to get a stable one but I won't find ..I need to block him.

Obviously if he's getting the IP of your host so quickly it's either someone you know, or you're posting your details in places they don't need to be posted.

Contact your host and file a complaint, they'll know what to do to stop it. Depending on the host, they may be able to simply block the IPs on their end. It's logically impossible that they don't have logs of incoming/outgoing connections. Frankly, I'm surprised they haven't contacted you or discontinued your account. Most hosting companies will not host someone who is frequently the target of "DoS" or "DDoS" attacks, anyway.

Since the guy told me he was an old player, he's getting the ip so easy because the link is on forum for making an account and there's also server.dat

The company didn't helped me and as I said in incoming I only see he's seding packets to the ip and port of the server . and the source is DDCon , so there's no ip

Quote:

Originally Posted by Irinaa Since the guy told me he was an old player, he's getting the ip so easy because the link is on forum for making an account and there's also server.dat The company didn't helped me and as I said in incoming I only see he's seding packets to the ip and port of the server . and the source is DDCon , so there's no ip

Well then, turn off the server, go make some tea, and wait it out.

kratos? xD

Quote:

Originally Posted by Zeroxelli Well then, turn off the server, go make some tea, and wait it out.

This is something serious , I've paid for a lot of hosts and what I'm asking is some help and ..you're telling me to make a tea..thanks

Quote:

Originally Posted by Irinaa This is something serious , I've paid for a lot of hosts and what I'm asking is some help and ..you're telling me to make a tea..thanks

If it's really a DDoS attack and your hosting won't help you, there's not much you can do. I wish there were some simple answer to give, but there's none that I know of. Sorry about that.

The event viewer says : UDP FLOOD ATTACK

Go to your firewall/server administration and close all your ports as well as deny all incoming connections (UPD and TCP both.) And wait a while. Depending on the type of attack, it may die out if it thinks the machine has gone offline. But, the reality is, with DDoS attacks you just can't do much without the help of the hosting company or access to their security settings yourself.

That's the whole point of DOS attacks (sounds to me like it's a single or few attackers so it's not a distributed attack). They are notoriously difficult to prevent and generally requires hardware based protection (fancy routers and such combined with internal software and fiirewalls).

Let me be clear though... are they doing their "attack" to your conquer server port? or are they using some other method (ping, web requests, etc).

If it's conquer related then you can write some protection into your source (after X connections within short period, don't accept from that ip). It will help slightly but there's still processing required to refuse their connection so if it's a distributed attack it could still cripple you.

If it's NOT conquer related and you've taken the normal steps (do not allow ping requests for example) then you're probably down to looking into hardware/hosting solutions.


Some companies will offer DDOS protection plans. I'd suggest looking into a few of these and finding which ones work best for you.

well i was checking sites About DDos Protection and i found that

[Only registered and activated users can see links. Click Here To Register...]

Quote:

Originally Posted by shadowman123 well i was checking sites About DDos Protection and i found that [Only registered and activated users can see links. Click Here To Register...]

that is for freebsd, unix systems.
'
I'll answer once for all. i'm the one who flooded 2 weeks ago CO oficial. i can prove.As DDOS flooder, from my expenrience are 2 ways to stop flood.
1. hide your ip(exist some whost when u dns them they dont give ip, but u can connect on them)
2. filter your ip (provider/networks admin can filter your ip port, flood come on one port for exemple port 53/80/115/443...etc, or can come on random port flooder setup port 0 (it come more packs on diferit ports).

u cant stop alone flood even if u use windows or unix. provider network admin can do it, but u may cant use some ports, internet will go slower.

depend who flood u, what way he do it, how he do it, what kind of flood he use and what power he have. if he have over 50MB/s upload on linux server (one or more servers) and he use juno (juno send death packets, some times can go over filtred ports) your provider can do only one thing to close your ip.

Try this out for me:
[Only registered and activated users can see links. Click Here To Register...]