Using a reverse proxy as DDoS protection?

[A new hope]

Would that work with a SRO server? And how do I have to set it up? Like do I need to put the proxy's IP in cert config or wut?

[Nezekan]

hyperfilter is a reverse proxy, and yes, it will obviously work.

However you'll need to spoof the IP that your modules send out (as the silkroad files use a sharded networking system)

You'll need to find out how to spoof them yourself though, or if you use hyperfilter just ask their modified modules

[A new hope]

Quote:

Originally Posted by Nezekan

hyperfilter is a reverse proxy, and yes, it will obviously work.

However you'll need to spoof the IP that your modules send out (as the silkroad files use a sharded networking system)

You'll need to find out how to spoof them yourself though, or if you use hyperfilter just ask their modified modules

I guess this tool should work to spoof the IPs in all modules: gezone.com/f722/certification-ip-addr-spoofer-generic-913944/

I found cheaper solutions than Hyperfilter, for example Javapipe:
100$/month for 10gbps/4m pps protection, 200gb clean bw
Hyperfilter offers 10gbps/2m pps 1tb bw for 300$

[Nezekan]

Quote:

Originally Posted by A new hope

I guess this tool should work to spoof the IPs in all modules: gezone.com/f722/certification-ip-addr-spoofer-generic-913944/

I found cheaper solutions than Hyperfilter, for example Javapipe:
100$/month for 10gbps/4m pps protection, 200gb clean bw
Hyperfilter offers 10gbps/2m pps 1tb bw for 300$

javapipe has high ip ranges, so you'll need to see if it will actually work with your original IP (unless somebody has fixed that bug already)

Also, they use the voxility network in Romania, it's not the ideal location for an sro server (as it will have a relatively high latency for western european/north african players and the voxility network is not as good as they advertise).

[鳳凰城]

You don't say?
Actually, This method won't work after someone gets your real IP beside, proxies are ***** when they aren't paid. paid VPN should get the job done. 'read about the difference between vpn and proxies'

[A new hope]

Quote:

Originally Posted by Nezekan

javapipe has high ip ranges, so you'll need to see if it will actually work with your original IP (unless somebody has fixed that bug already)

I have a fix for that bug. Pretty lame, but it works.

[Nezekan]

Quote:

Originally Posted by Phoenix 1337

You don't say?
Actually, This method won't work after someone gets your real IP beside, proxies are ***** when they aren't paid. paid VPN should get the job done. 'read about the difference between vpn and proxies'

VPN and reverse proxies act completely the same in this case. A reverse proxy however is technically superior due to less overhead (as it is more close to raw networking, no need for the extra security overhead VPNs bring). Even if you use a vpn, if they get your main IP you're ****** either way, that's why you spoof the IP your modules send out and don't let a ****** code your website.

Also, he's talking about professional reverse proxies like hyperfilter, not some ****** socks proxy you use to enable facebook at work

Quote:

Originally Posted by A new hope

I have a fix for that bug. Pretty lame, but it works.

Great, try if it works and tell me how you did it if it works

[鳳凰城]

Quote:

Originally Posted by Nezekan

VPN and reverse proxies act completely the same in this case. A reverse proxy however is technically superior due to less overhead (as it is more close to raw networking, no need for the extra security overhead VPNs bring). Even if you use a vpn, if they get your main IP you're ****** either way, that's why you spoof the IP your modules send out and don't let a ****** code your website.

I would create a registration panel in c# instead of php code. At least when its protected by any encryption, no one will be able to decrypt it unless he gets the mid point. (must be kral in ollydbg) <- Opps, released the new way.

[Nezekan]

php is run server sided, there is no way for anybody to 'decrypt' it using the html code they get, nor will it send out the server IP if you don't tell it to do that

[鳳凰城]

Quote:

Originally Posted by Nezekan

php is run server sided, there is no way for anybody to 'decrypt' it using the html code they get, nor will it send out the server IP if you don't tell it to do that

@Holy helper, no one was able to get the connection by this method. I may release it soon. so no one can really get the real ip OR use sql injection. but the site will be ONLY html/css .. no login/registration panel balblabla etc.
Edit: the mssql side of the program database was totally unsecured.

[Oriya9]

Quote:

Originally Posted by Phoenix 1337

I would create a registration panel in c# instead of php code. At least when its protected by any encryption, no one will be able to decrypt it unless he gets the mid point. (must be kral in ollydbg) <- Opps, released the new way.

What the heck are you talking about?
first of all, there's no such thing as "registration panel in C#", it's ASP.NET.
the language (and mostly the syntax as all .NET languages are alike) is C#.
if you speak Italian and you now teach science, you don't really teach Italian, right? these are two different things.
and decrypt what? an HTML source? OllyDbg? really man? really?

About your VPN post.
if you take into consideration that both the VPN and the DDoS Mitigation (proxy) have the same network liability,
and I'm talking about speed, uptime, location, latency and such - the proxy will always be better.
why? because every VPN has some sort of a security layer bound to the protocol.
even if you take out the PAP or even the IPsec, you will still have the "base security" of your VPN protocol, whether it's L2TP, PPTP or others.
obviously it is not needed and it will slow down the network as every packet will be encrypted and decrypted. also it's tons of extra headers.
where a DDoS Mitigation if done well will simply be tunneling the connections and that's it, no extra stuff. pure network tunneling.

I'm not sure if you simply have no idea what you're talking about or you're just trolling.
I hope it's the latter.

[MaximumDark]

He says this because, there are companies offering tunneling over GRE or IPIP, it works, but slower than a proxy.

Also there are guys that think that using a proxy for linux or BSD (software proxy) will be the same as 'Hardware Proxying', it is a whole different matter, but still these wannabe companies will have to learn this .

There are even the cases, when they use iptables rules, to perform some kind of NAT-Proxying, which ends the same as the other examples, full of overheads .

[鳳凰城]

Quote:

Originally Posted by Oriya9

What the heck are you talking about?
first of all, there's no such thing as "registration panel in C#", it's ASP.NET.
the language (and mostly the syntax as all .NET languages are alike) is C#.
if you speak Italian and you now teach science, you don't really teach Italian, right? these are two different things.
and decrypt what? an HTML source? OllyDbg? really man? really?

About your VPN post.
if you take into consideration that both the VPN and the DDoS Mitigation (proxy) have the same network liability,
and I'm talking about speed, uptime, location, latency and such - the proxy will always be better.
why? because every VPN has some sort of a security layer bound to the protocol.
even if you take out the PAP or even the IPsec, you will still have the "base security" of your VPN protocol, whether it's L2TP, PPTP or others.
obviously it is not needed and it will slow down the network as every packet will be encrypted and decrypted. also it's tons of extra headers.
where a DDoS Mitigation if done well will simply be tunneling the connections and that's it, no extra stuff. pure network tunneling.

I'm not sure if you simply have no idea what you're talking about or you're just trolling.
I hope it's the latter.

Have you finished yet? I did it. as I said, It worked. Unless you have 0 knowledge in this shit, don't even quote then. AAAAAND, you did not noticed that MSSQL part? Have you downloaded holy helper before I stopped the project? Have you played grindroad ? "They had this idea bec. they were running under an emulator"
Ignorance. Ignorance everywhere!
Edit: My method ONLY for hiding your real IP. So, no one will be able to DDoS you nor using SQLi . And @ Nezekan 's quote, HTML has nothing to do with this

[Nezekan]

Quote:

Originally Posted by Phoenix 1337

Have you finished yet? I did it. as I said, It worked. Unless you have 0 knowledge in this ****, don't even quote then. AAAAAND, you did not noticed that MSSQL part? Have you downloaded holy helper before I stopped the project? Have you played grindroad ? "They had this idea bec. they were running under an emulator"
Ignorance. Ignorance everywhere!
Edit: My method ONLY for hiding your real IP. So, no one will be able to DDoS you nor using SQLi . And @ Nezekan 's quote, HTML has nothing to do with this

I think you are the one who doesn't know what you are talking about.

We're talking about reverse proxies, and you start about some kind of 'holy helper' (what the f*ck is that?), you think php is parsed client side and you have obviously no idea how the internet protocol works

And then you call us ignorant, you are either the world's worst troll or the world's dumbest person, I hope it's the first

[鳳凰城]

Quote:

Originally Posted by Nezekan

I think you are the one who doesn't know what you are talking about.

We're talking about reverse proxies, and you start about some kind of 'holy helper' (what the f*ck is that?), you think php is parsed client side and you have obviously no idea how the internet protocol works

And then you call us ignorant, you are either the world's worst troll or the world's dumbest person, I hope it's the first

Was giving an example. What you don't understand, that if you were hiding your ip 100%, using a method that isn't SQLi-able or being hacked, you're totally safe then. <- for those who can't pay for decent coded-website.

Now I think you should understand the story.