Linux DDOS Attacks

L0FIC · Feb 2, 2025

Hey guys,

These peruvian or br guys are DDOS attacking my Hetzner VPS every night now..
It's pathetic considering I peaked at 35 players and I'm hosting a new small server.

Cant access website even though i have cloudflare full stricted, also fail2ban and crowdsec installed and enabled on my VPS.
They still make the website unaccessable and DDOS until shutdown of server and we cant get back in.

Someone that wants to aid me against these internet pirates ruining my life?

VPS is not dedicated server but 16 RAM and 8 vcores.

Any tips and tricks at this day and age?

Zamonia77.com

Best,
Zeke

Raveyard · May 12, 2025

ok but how come nobody reports his account to discord? we can just literally spam ban him on discord due to threats / cyberterror attacks

This will definately help him in contacting admins if he has to make new discord account every 5 minutes after sending blackmail/threats?

Nekiro · May 12, 2025

OTAmator said:
So you think it's pointless to use iptables, nftables, etc. on the server side? That everything related to firewall configuration should be done only in the OVH panel (or similar provider-level firewall)?

Yes, its pointless, all it does is just saturating your CPU further when it's under big load, when the attack happens. I have tested a few things when was attacked before we went for proxies and by setting up iptables the outcome was just worse. Iptables is a netfilter on your CPU and CPU is the bottleneck when huge amount of packets goes in to your server, your server will even struggle to ACK or reject and your iptables rules will add on top.

El Bringy · May 13, 2025

L0FIC said:
Hey guys,

These peruvian or br guys are DDOS attacking my Hetzner VPS every night now..
It's pathetic considering I peaked at 35 players and I'm hosting a new small server.

Cant access website even though i have cloudflare full stricted, also fail2ban and crowdsec installed and enabled on my VPS.
They still make the website unaccessable and DDOS until shutdown of server and we cant get back in.

Someone that wants to aid me against these internet pirates ruining my life?

VPS is not dedicated server but 16 RAM and 8 vcores.

Any tips and tricks at this day and age?

Zamonia77.com

Best,
Zeke

I saw more than 5 replies guiding you, yet you didn't consider any of them

First call a server restart from your provider so you can access it (if its constantly under attack)

When it starts make sure you set apache2 off (service apache2 stop) in ubuntu

Turn your server off and announce it will be down for maintenance because there is no point keeping it online under attacks unprotected

Setup alpha proxy for otcv8 so you need couple few more vpses (1gb ram is enough shouldn't cost more than 2usd/month/vps you need 4minimum)

After you do the setup change ipv4 from the service provider and now you have to setup cloudflare for your website before adding new ip on the dns of your domain to keep it hidden, after you do that following what i said about status server to be seperate and even players can't use it to connect to game, only allowing 1 port (which is different from your proxy setup login port) you are good to go your server should be able to handle ddos attacks like a pro.

Raveyard · May 13, 2025

if you truly want to get rid of ddos just use discord authentication to even request login to server. good luck getting autorole u need whitelist for then get access to level 1 proxy and after playing for longer level 2. 3.. trust factor

El Bringy · May 13, 2025

Raveyard said:
if you truly want to get rid of ddos just use discord authentication to even request login to server. good luck getting autorole u need whitelist for then get access to level 1 proxy and after playing for longer level 2. 3.. trust factor

what does it have to do with you IP address that i can find with the dumbest dns lookup tool on google if you don't have cloudflare dns reverse proxies ?

how does that protect your ports from overheading the CPU with meaningless information sent over it?

how does it protect your server or proxies from SSH brute force?

i can continue questions if you need. Thats not smart in fact, Its the opposite.

Raveyard · May 13, 2025

El Bringy said:
what does it have to do with you IP address that i can find with the dumbest dns lookup tool on google if you don't have cloudflare dns reverse proxies ?

how does that protect your ports from overheading the CPU with meaningless information sent over it?

how does it protect your server or proxies from SSH brute force?

i can continue questions if you need. Thats not smart in fact, Its the opposite.

ssh bruteforce is only working if u dont use keys best would be to reverse proxy another vps to be medium of ssh connection for you aswell

kret · May 13, 2025

U are still under ddos?

Petrus69 · Sep 2, 2025

I heard that even proxy is getting taken down already, is there any other way? ;(

Joriku · Sep 2, 2025

Petrus69 said:
I heard that even proxy is getting taken down already, is there any other way? ;(

https://www.cloudflare.com/learning/ddos/how-to-prevent-ddos-attacks/

Read about it there, there are a few ways of fighting off DDoS or slowloris attacks, I'm using something called or usually refereed as "bucket per ip" as well as using one load balancer with set amount of traffic allowed per address to combat the attacks that so far came my way. Keep in mind, I have not had a giant attack directed at me yet but I've managed to fight the smaller off me.

Load balancing network, something that can be used together with a monitored network, systems and bucket sized + cloudflare network. You're also able to cache certain traffic to allow it to fetch cached data to avoid more traffic even under an attack since they use small to no resources.
This is harder when it comes to required real-time data, but there are a lot you can do to fight it. ( Here's where I swapped over to allowing a set amount of connections with set amount of traffic that is required per ip address ), making it require a larger botnet for the set attack.

If you do not use anything specific, the tools you have in hand will be in the attackers advantage once the resources runs out since they require resources to run, and without any back-up, resources they instead slow down the system even further.

Once I collect enough data over how my new systems perform later on, I'll need to develop it further and set a botnet to attack ( legally of course ), I'll send a full report of everything + setup processes new systems can use to combat most DDoS attacks.

This will take time, so if anyone is onto the same idea. Please, share it on a new thread.

Edit:
If someone wants to test it, don't set it to yourots. I have not implemented it over yet

Linux DDOS Attacks

L0FIC

Well-Known Member

Raveyard

Banned User

Nekiro

Legendary OT User

El Bringy

Banned User

Raveyard

Banned User

El Bringy

Banned User

Raveyard

Banned User

kret

K R E T O W N A G E

Petrus69

Creating Tibia Servers

Joriku

Working in the mines, need something?