• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Configuration Against DDOS (host BR)

Fortera Global

Intermediate OT User
Joined
Nov 20, 2015
Messages
1,157
Solutions
2
Reaction score
110
Hello, I'm looking for an Anti-ddos specialist.
Actually I have two servers (kintera and kivera) but they are in OVH and there I dont need do any type of configuration agains ddos.

I intend to open a server in Brazil (specifically Sao Paulo), but the protection of Brazilian companies is weak (very weak). So I need a professional configuration to avoid huge attacks.
Actually there are several Brs servers on the otlist that are already configured to not take attacks (taleon, orionot, hadesot, caterot, taleon, etc), however most do not share knowledge and do not sell the configuration.

That's why I came to post here, if someone knows and is interested, please contact me here or via discord: AdM #3016

OBS. I already tried to open with host BR for more than 3x, and every time I was knocked down, unfortunately.
 

Gesior.pl

Mega Noob&LOL 2012
Senator
Premium User
Joined
Sep 18, 2007
Messages
2,443
Solutions
51
Reaction score
1,967
Location
Poland
GitHub
gesior
taleon - datacenter: Sao Paulo - G-Core labs - G-Core Labs | Global Hosting, CDN, Edge and Cloud Services (https://gcorelabs.com/) (there is some anti-ddos offer with price 7$ per 1 mb/s )
hadesot - datacenter: Sao Paulo - Amazon - Amazon Web Services (AWS) - Cloud Computing Services (https://aws.amazon.com/)
on.aurera-global.com - datacenter: OVH USA ( Dedicated Servers - VPS - Public + Private Cloud | OVHcloud (https://us.ovhcloud.com/) - special site where you can order OVH dedics in USA, by normal OVH site you can't)

Question is how many of them are really hosted in Brazil and how many only use BR server as proxy to show fake (low) ping to players.

So I need a professional configuration to avoid huge attacks.
There is almost nothing YOU can do to block ddos. Your dedic has 1gb/s connection. No matter what you configure on server (linux, ots sources), anyone with connection faster than 1gb/s can use all your bandwidth by sending crap data. So all you need is server with ddos-protection - system that has XXX gb/s connection and filter suspicious packets before they get to your 1gb/s connection. Are there datacenters with that system in Brazil? I don't know.
 
OP
OP
Fortera Global

Fortera Global

Intermediate OT User
Joined
Nov 20, 2015
Messages
1,157
Solutions
2
Reaction score
110
taleon - datacenter: Sao Paulo - G-Core labs - G-Core Labs | Global Hosting, CDN, Edge and Cloud Services (https://gcorelabs.com/) (there is some anti-ddos offer with price 7$ per 1 mb/s )
hadesot - datacenter: Sao Paulo - Amazon - Amazon Web Services (AWS) - Cloud Computing Services (https://aws.amazon.com/)
on.aurera-global.com - datacenter: OVH USA ( Dedicated Servers - VPS - Public + Private Cloud | OVHcloud (https://us.ovhcloud.com/) - special site where you can order OVH dedics in USA, by normal OVH site you can't)

Question is how many of them are really hosted in Brazil and how many only use BR server as proxy to show fake (low) ping to players.


There is almost nothing YOU can do to block ddos. Your dedic has 1gb/s connection. No matter what you configure on server (linux, ots sources), anyone with connection faster than 1gb/s can use all your bandwidth by sending crap data. So all you need is server with ddos-protection - system that has XXX gb/s connection and filter suspicious packets before they get to your 1gb/s connection. Are there datacenters with that system in Brazil? I don't know.

Hey, thanks

I think that at google it is possible to configure a firewall and prevent attacks (I have seen people who did this, but they do not share the knowledge). I was thinking about using the @kondra 's proxy and adding 2 OVH vps and the rest BR vps. The 2 OVH vps would be just for the server not to down, the others would be for the players, but it needed at least 1 always online without falling, or the players would have a lot of lag due to the Sao Paulo -> USA connection.
 

Gesior.pl

Mega Noob&LOL 2012
Senator
Premium User
Joined
Sep 18, 2007
Messages
2,443
Solutions
51
Reaction score
1,967
Location
Poland
GitHub
gesior
With OTCv8 and proxy system it may work. It will look like this:
1619116734393.png

so ping will be around 30-40 ms when not attacked and 140-180 ms when brazilian VPS is down.

You may also add one more dedic in Brazil, just for www. Attacks on www are easy and it would be good, if website could go down without killing OTS.
 

login12

void newbie scripter()
Joined
Feb 26, 2011
Messages
165
Reaction score
21
Location
Brazil
Just for know... why u dont use dedicated br with protection anti ddos on br? And yes, actually we have this option here.
 

Techrlz

System Manager & Programmer
Premium User
Joined
Feb 20, 2014
Messages
1,073
Solutions
4
Reaction score
177
I doubt you will find "perfect anti-ddos" here in Brasil, but you can try different approaches..

Just to let you know L7 is related with your "Website" application and L3/L4 with "transport" / "network" layers.

I really don't recommend to use the approach you and gesior said..
 

pink_panther

Premium User
Premium User
Joined
Sep 10, 2016
Messages
769
Solutions
9
Reaction score
331
Location
Kazordoon
With OTCv8 and proxy system it may work. It will look like this:
View attachment 57919

so ping will be around 30-40 ms when not attacked and 140-180 ms when brazilian VPS is down.

You may also add one more dedic in Brazil, just for www. Attacks on www are easy and it would be good, if website could go down without killing OTS.
Latency entirely depends on where YOU are connecting from.

Not People in Brazil will have a very low ms, but anyone else will be higher. If you're connecting via a proxy, the latency it takes to get from wherever they are to the proxy and back will be higher again.

There's no immunity to (D)DOS attacks, you can only mitigate it so much . Some hosting provides will simply stop advertising routes to your server if you're under attack, but the only other way to mitigate it is to have the biggest link possible and ensure only required ports are open on your sever.
 
Top