• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

DDoS still major problem? Protection? Tell your experience

ZowN

Well-Known Member
Joined
Mar 19, 2015
Messages
130
Solutions
1
Reaction score
66
Can't find any good posts on this subject connected with a good solution, my idea was to host with OVH VPS or even dedicated if the server-income would be able to pay for it. However the posts I've read doesn't make me feel so comfortable with this decision and the odds of a server being self-sustainable with dedicated cost is scarce.

I'm thinking of starting a server but I've always felt demotivated due to DDoS concerns and it seems to me that it's still a major issue remained unsolved. Many posts have been made with DDoS problems but the posts don't have any significant follow-ups about how they fixed it or lead to anything concrete. Spending 1000+ hours on a server just to get DDoSed isn't very fun. I also don't have the money to spend hundreds of dollars every month on a host.

Have you hosted with OVH VPS or something similar and if so, what was your experience with this, I'd love to hear it.
They say they have DDoS protection but how reliable is it, can I expect a DDoS-free environment from OVH VPS or Dedicated?
Is dedicated server a must or it won't really help all that much and is just a waste of money? (DDoS-wise, not server performance)

There's a bunch of OT servers out hosted with OVH on otservlist and they don't seem affected by DDoS I suppose since they are still online and doing very well?
On the other side I've seen posts that has had trouble with DDoS through OVH and I can't make sense of it, have they incorporated their own layer of protection?
 
Last edited:
You're never going to have a server that sustains itself from the beginning. You should always consider having a side income that will allow you to invest into your project to make it sustainable. Can't just rely on the funds that flow in from the server. That leads onto the DDoS matter, make sure you actually have some finances to contribute towards a good host and since there's mixed feelings about OVH then that should hint you towards the right way.
 
Just use OVH and you won't have any problems with DDoS. They have a good protection.
 
Just use OVH and you won't have any problems with DDoS. They have a good protection.
That's not true at all. You will still have problems at times. We use OVH and we still deal with DDOS issues on launches
 
Do you really think that all these "top" servers are targets of being DDoS attacks? I won't generalize, but the majority just takes an opportunity to call that DDoS attack is happening while their server failed due to a crash.

I highly doubt every single server is a victim of being a DDoS attack. They simply don't have any better excuse to tell their players than this one, which actually works pretty good because most of their players have no clue how this works.
 
That's not true at all. You will still have problems at times. We use OVH and we still deal with DDOS issues on launches
Hi Sir Knighter, you are a quinessential candidate for this question. Could you expand more on your thoughts? Do these attacks on your server just stop after some time or did your team have to find a fix? What do you think about VPS vs Dedicated?
I understand no server has perfect protection from DDoS but let's just take the average individual like Ryan or something that has a normal-sized botnet, will such an individual be able to shut down these hosts repeatedly?

Non populated servers usually dont get ddosed unless you ban some kid angry botter
Spending a tremendous amount of effort and time just to be dancing in the palm of the whim of a angry kid isn't something I'd want.

You're never going to have a server that sustains itself from the beginning. You should always consider having a side income that will allow you to invest into your project to make it sustainable. Can't just rely on the funds that flow in from the server. That leads onto the DDoS matter, make sure you actually have some finances to contribute towards a good host and since there's mixed feelings about OVH then that should hint you towards the right way.
Thanks for your input but your answer is very vague and not so helpful :(
All I got from it was "If you don't have funds(500-1000$) to have a few months of (good/expensive/not necessarily DDoS-free or whatever since you didn't state it) then don't even bother making an OT if you desire to be DDoS-free" Sorry if I was rude, I'm just a blunt person and I'll speak what comes to my mind.
 
Last edited:
Actually @LazyBear is right. Most DDoS Attacks you won't even notice.
And that OVH has a great protection might be true, but so do 95% of other hosting services. People here swear on it for some reason that no one was actually ever able to explain to me. But whenever I brought up a different hosting service the argument was "No, if you don't use OVH, you will be unable to host because of DDoS".
Now let me tell you something. I got a productive system running on my server with almost 600.000 registered users. Of course, we ban users almost daily. Of course, we do get attacked, actually more than you think. But most DDoS attacks, we don't even notice. And the ones we do notice are automatically taken care of within seconds since I actually set the system up in multiple ways to be protected if anything gets past the physical firewall of our hosting service. We got 4 layers of protection (counting the hosters' firewall). It works flawlessly.
The funny thing is, most attacks aren't DDoS attacks. Most are brute force attacks trying to get in somehow.
I monitor everything and get weekly reports and instant warnings from my server whenever there is an issue.

Setting up your server correctly and not being scared but just trusting that your hosting service knows what they are doing goes a long way.
Do you seriously think that OVH is the only one with protection? Do you seriously think DDoS aren't a daily thing by now and any service has to deal with it? Stop only talking about expensive as fuck OVH.
Take the best hosting service for your needs and for fuck sake, set up your server and your firewall correctly. AND CLOSE PORT 3306 FFS... 80% of OTs got it open...
 
And the ones we do notice are automatically taken care of within seconds since I actually set the system up in multiple ways to be protected if anything gets past the physical firewall of our hosting service. We got 4 layers of protection (counting the hosters' firewall). It works flawlessly.

Take the best hosting service for your needs and for fuck sake, set up your server and your firewall correctly. AND CLOSE PORT 3306 FFS... 80% of OTs got it open...
Hey Merrok, would you mind sharing what software setup you use as protection or if you built it yourself maybe a info source where you learnt how to?

As someone who just wants to host a server and isn't interested in becoming a security specialist, I just want to take the short route and not get into the nitty-gritty but of course still putting in the effort needed to obtaining a secure server. I don't know if this makes me sound lazy but not everyone is willing to put down the amount of time it takes to learn this as it can be very time-consuming if there are other ways to bypass this issue.

Since almost every server in otservlist uses OVH I see no reason why not to do it especially as I have no experience in the field. As long as the VPS service is enough then it's under 50$ which is within my budget-range. Doing a bunch of research on other top host companies and reading reviews and filter which are trustworthy, the scale of the attacks received, stability etc is just a big hassle to save a couple of bucks monthly.

If anyone else has a great source where to learn how to protect yourself from DDoS it would be appreciated if you'd share it with us.
I'm sure more people are willing to get into this field if we had some awesome comprehensive sources to learn this stuff from.
 
Last edited:
Unless it's a big project, you can use VPS which is hella cheap.
OVH -> 6gb ram, 100 mb/s etc. etc. for 12 dollars/monthly.
 
Hey Merrok, would you mind sharing what software setup you use as protection or if you built it yourself maybe a info source where you learnt how to?

As someone who just wants to host a server and isn't interested in becoming a security specialist, I just want to take the short route and not get into the nitty-gritty but of course still putting in the effort needed to obtaining a secure server. I don't know if this makes me sound lazy but not everyone is willing to put down the amount of time it takes to learn this as it can be very time-consuming if there are other ways to bypass this issue.
Well, I use the most common software, to be honest. I use iptables in combination with fail2ban and additionally I configured my nginx to also check the regex of requests.
iptables has stable rules for what to let in and what not to. Though it took me about a month of try and error to get it to where it is now.
fail2ban is a software that looks into your logs and checks whether the request might be evil. If it is, the ip will be banned for a set amount of time after a set amount of evil requests.
My nginx configuration then again checks the request itself in it's detail and if it looks suspicious, nginx will simply not answer.
But again, it took me quite some time to get the configuration to where it is now, so that I do block most bad requests and at the same time I can be sure that no user will ever negatively be effected of it. If it runs perfectly, which I honestly don't know, but so far noone has asked in our support section why he couldn't access the dashboard, the users won't even notice that this system is in place.

How I learned to do it? Well I simply learned how to handle a linux system quite a while ago already by simply doing it. With time came experience and I was able to do more and more complicated stuff. It's all learning by doing really. Oh yeah and google helps.

Since almost every server in otservlist uses OVH I see no reason why not to do it especially as I have no experience in the field. As long as the VPS service is enough then it's under 50$ which is within my budget-range. Doing a bunch of research on other top host companies and reading reviews and filter which are trustworthy, the scale of the attacks received, stability etc is just a big hassle to save a couple of bucks monthly.

If anyone else has a great source where to learn how to protect yourself from DDoS it would be appreciated if you'd share it with us.
I'm sure more people are willing to get into this field if we had some awesome comprehensive sources to learn this stuff from.
Well, we were at Hetzner first for about a year (using a dedicated server) until, for internal issues with a partner, we had to change. Everything was running flawlessly and no attack was noticeable.
Then we were at contabo for about 2 years (using a VPS). We never had any issues regarding DDoS. From time to time we got an email that there has been an attack apparently targeting our server, but it was blocked. But we did leave because they oversell their VPS by alot and the CPU steal time was sometimes so high that our system wasn't running well anymore. That was caused by other people on the same server eating our ressources.
Now we are with netcup (using a root server, basically a VPS but with ensured ressources that can only be used by us). Been there for a few months now, so I can't ensure everything, but so far we haven't had any issues or noticeable attacks.

All of which are way cheaper than OVH and since our user base is multiple times as big as the one the whole Tibia community has, I kinda doubt that OVH is "the only" acceptable hosting service for a project like this.

Unless it's a big project, you can use VPS which is hella cheap.
OVH -> 6gb ram, 100 mb/s etc. etc. for 12 dollars/monthly.
How is that cheap? For 6gb ram and 100mb/s that's really expensive.
 
Well, I use the most common software, to be honest. I use iptables in combination with fail2ban and additionally I configured my nginx to also check the regex of requests.
iptables has stable rules for what to let in and what not to. Though it took me about a month of try and error to get it to where it is now.
fail2ban is a software that looks into your logs and checks whether the request might be evil. If it is, the ip will be banned for a set amount of time after a set amount of evil requests.
My nginx configuration then again checks the request itself in it's detail and if it looks suspicious, nginx will simply not answer.
But again, it took me quite some time to get the configuration to where it is now, so that I do block most bad requests and at the same time I can be sure that no user will ever negatively be effected of it. If it runs perfectly, which I honestly don't know, but so far noone has asked in our support section why he couldn't access the dashboard, the users won't even notice that this system is in place.

How I learned to do it? Well I simply learned how to handle a linux system quite a while ago already by simply doing it. With time came experience and I was able to do more and more complicated stuff. It's all learning by doing really. Oh yeah and google helps.


Well, we were at Hetzner first for about a year (using a dedicated server) until, for internal issues with a partner, we had to change. Everything was running flawlessly and no attack was noticeable.
Then we were at contabo for about 2 years (using a VPS). We never had any issues regarding DDoS. From time to time we got an email that there has been an attack apparently targeting our server, but it was blocked. But we did leave because they oversell their VPS by alot and the CPU steal time was sometimes so high that our system wasn't running well anymore. That was caused by other people on the same server eating our ressources.
Now we are with netcup (using a root server, basically a VPS but with ensured ressources that can only be used by us). Been there for a few months now, so I can't ensure everything, but so far we haven't had any issues or noticeable attacks.

All of which are way cheaper than OVH and since our user base is multiple times as big as the one the whole Tibia community has, I kinda doubt that OVH is "the only" acceptable hosting service for a project like this.


How is that cheap? For 6gb ram and 100mb/s that's really expensive.

Thanks for more information. Do you ever used Snort and modsecurity for additional protection?

And snort as addition to firewall and monitoring?

Do you use monitoring software like nagios/monit?
 
Thanks for more information. Do you ever used Snort and modsecurity for additional protection?

And snort as addition to firewall and monitoring?

Do you use monitoring software like nagios/monit?
I have never used any of those no. I rather had something I could configure individually and detailed to my needs.

Nagios is definetely a good choice for monitoring.
I personally looked at Nagios and Zabbix but in the end decided to use Zabbix. I don't remember the reasons to be honest.
But I'm really satisfied with it. There are alot of scripts to download, besides the default functions which are already pretty powerful. And you can write your own scripts with basic knowledge of Bash already. A definite need, in case you use Zabbix, is the Telegram alert. It sends you a message in telegram (and even graphs if you want that) whenever there is something wrong, so you know immediately.
 
As kasteria.pl administrator I had to handle enormous DDoS attacks.

Highest DDoS speed reported by OVH DDoS protection was 800gb/s, but after filtering only 10mb/s want to my dedic. It was some stupid GRE or UDP flood. OVH blocked it after 1 minute and my server was back online in 15 minutes (dedic server frozen/crashed and I had to restart it).

Only DDoS that really destroyed server was attack on website from 10.000 IPs. They passed cloudflare reCaptcha - I don't know how, but probably someone bought trusted IPs.
After that attack I made new ots-website-cams-casts architecture.
I rewrote login server, optimized game server, rewrote website (make it use own database), moved database to second dedicated server. Server was ready to handle 20.000 requests per second to PHP scripts. Even if someone made bigger attack, website could go down, but OTS was on other dedic with other database, so there were no lags.

Last editon we had no attacks (or we did not notice any, because there were too small), but we had to pay around 600 euro per month for all servers used in our anti-ddos architecture.

In case of not very popular server (not in top 25 of otservlist) you should not receive any attack that can take down OVH 'GAME' dedic for ~150 euro ( Serwery dedykowane - Opis produktu (https://www.ovh.pl/serwery_dedykowane/game/1901mc03.xml) ).

IMPORTANT INFORMATION:
OVH VPSes have SAME DDoS protection as dedicated servers! Do not buy soyoustart/kimsufi (OVH cheaper offers), because even if they cost 60 euro, they have worse DDoS protection than 3 euro VPSes.
For every VPS/dedic IP in OVH you can add 20 rules to their multi-terabit DDoS filters. Rules like: block all GRE packets, block all UDP packets (not used by tibia), block access to SSH to just your home IP etc.
 
As kasteria.pl administrator I had to handle enormous DDoS attacks.

Highest DDoS speed reported by OVH DDoS protection was 800gb/s, but after filtering only 10mb/s want to my dedic. It was some stupid GRE or UDP flood. OVH blocked it after 1 minute and my server was back online in 15 minutes (dedic server frozen/crashed and I had to restart it).

Only DDoS that really destroyed server was attack on website from 10.000 IPs. They passed cloudflare reCaptcha - I don't know how, but probably someone bought trusted IPs.
After that attack I made new ots-website-cams-casts architecture.
I rewrote login server, optimized game server, rewrote website (make it use own database), moved database to second dedicated server. Server was ready to handle 20.000 requests per second to PHP scripts. Even if someone made bigger attack, website could go down, but OTS was on other dedic with other database, so there were no lags.

Last editon we had no attacks (or we did not notice any, because there were too small), but we had to pay around 600 euro per month for all servers used in our anti-ddos architecture.

In case of not very popular server (not in top 25 of otservlist) you should not receive any attack that can take down OVH 'GAME' dedic for ~150 euro ( Serwery dedykowane - Opis produktu (https://www.ovh.pl/serwery_dedykowane/game/1901mc03.xml) ).

IMPORTANT INFORMATION:
OVH VPSes have SAME DDoS protection as dedicated servers! Do not buy soyoustart/kimsufi (OVH cheaper offers), because even if they cost 60 euro, they have worse DDoS protection than 3 euro VPSes.
For every VPS/dedic IP in OVH you can add 20 rules to their multi-terabit DDoS filters. Rules like: block all GRE packets, block all UDP packets (not used by tibia), block access to SSH to just your home IP etc.

Actually allowing only TCP login/game port in OVH firewall blocks almost every DDoS attack. Also you can whitelist all Cloudflare IPs or run website on different IP which is not public-visible.

Also use cache in website so it wont affect gameserver if ddos occurs.
 
Actually allowing only TCP login/game port in OVH firewall blocks almost every DDoS attack. Also you can whitelist all Cloudflare IPs or run website on different IP which is not public-visible.

Also use cache in website so it wont affect gameserver if ddos occurs.
You'll run out of rules before you can whitelist all CloudFlare IP's - also it may be possible that certain IP addresses are in a global whitelist (e.g. CloudFlare), but I'm not sure
 
Last edited:
Unless it's a big project, you can use VPS which is hella cheap.
OVH -> 6gb ram, 100 mb/s etc. etc. for 12 dollars/monthly.

Lol 6GB ran 12 dollars/m, in the company i used before i got a 3gb ram VPS...

Is this one u guys was talking about: VPS Cloud RAM: alojamento Cloud forte em RAM (https://www.ovh.pt/vps/vps-cloud-ram.xml) ?

Actually @LazyBear is right. Most DDoS Attacks you won't even notice.
And that OVH has a great protection might be true, but so do 95% of other hosting services. People here swear on it for some reason that no one was actually ever able to explain to me. But whenever I brought up a different hosting service the argument was "No, if you don't use OVH, you will be unable to host because of DDoS".
Now let me tell you something. I got a productive system running on my server with almost 600.000 registered users. Of course, we ban users almost daily. Of course, we do get attacked, actually more than you think. But most DDoS attacks, we don't even notice. And the ones we do notice are automatically taken care of within seconds since I actually set the system up in multiple ways to be protected if anything gets past the physical firewall of our hosting service. We got 4 layers of protection (counting the hosters' firewall). It works flawlessly.
The funny thing is, most attacks aren't DDoS attacks. Most are brute force attacks trying to get in somehow.
I monitor everything and get weekly reports and instant warnings from my server whenever there is an issue.

Setting up your server correctly and not being scared but just trusting that your hosting service knows what they are doing goes a long way.
Do you seriously think that OVH is the only one with protection? Do you seriously think DDoS aren't a daily thing by now and any service has to deal with it? Stop only talking about expensive as fuck OVH.
Take the best hosting service for your needs and for fuck sake, set up your server and your firewall correctly. AND CLOSE PORT 3306 FFS... 80% of OTs got it open...

Why did u say to close the 3306 port?
It isn't MYSQL port?
Code:
    sqlType = "mysql"
    sqlHost = "localhost"
    sqlPort = 3306
 
Lol 6GB ran 12 dollars/m, in the company i used before i got a 3gb ram VPS...

Is this one u guys was talking about: VPS Cloud RAM: alojamento Cloud forte em RAM (https://www.ovh.pt/vps/vps-cloud-ram.xml) ?



Why did u say to close the 3306 port?
It isn't MYSQL port?
Code:
    sqlType = "mysql"
    sqlHost = "localhost"
    sqlPort = 3306
Yes, but it should be firewalled off if you don't intend for it to be accessible from the outside (which it shouldn't be, unless you have a good reason for it)
 
Back
Top