• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Linux My server was attacked yesterday. First time in 7 years of server hosting...

bury

bury

Active Member
Joined
Jul 27, 2008
Messages
421
Solutions
7
Reaction score
25
Hello, my server was attacked yesterday at night by a person who threatened to do it before.

This person also started insulting and threatening everybody so a helper of the server banned the char and his ip with ctrl+Y, as we have done so many times before with people who dont follow the rules (especially people that promote other ots).

Suddenly server started lagging but I think it was not because of the attack, it was because the mitigation system of the hosting detected one attack and deviated the conections to their infrastructure. In some minutes (around 30') the server was playable and lag dissapeared, but lot of people got out of the client and thought server was unstable and it had got down.

What can I do? I respect everybody and every ots... I just have a humble server and this person is going to attack me again for sure. I dont know how could I ban his ip ranges or ban him via hardware. I find it hard to believe that only a person could make all this.

I'm using OVH - Soyoustart: E3-SSD-1-32

Thanks you.
 
Sort by date Sort by votes
I am not much of an expert. But I saw a thread before and they were talking about Packets.
Maybe someone is using packets to bot, etc...
 
Upvote 0 Downvote
XeekXeek said:
I am not much of an expert. But I saw a thread before and they were talking about Packets.
Maybe someone is using packets to bot, etc...
Click to expand...

Yeah, he did something like that i think...

Ricarpe said:
Use a good iptables protection, you can find some at google
Click to expand...

I have watched around 2 different websites, first of all I think I need a tutorial because I see is kinda advanced Linux and I never went so deep... (didnt need it tho).

The thing is that I think the mitigation system of my soyoustart launched by a small attack... thats my impression because the guy that said that wanted to DDos the server seems to be a kid...
 
Upvote 0 Downvote
I can help you, i now how to setup the firewall. PM me. That happen to me so many years ago, and i talk to the manager of my vps company and they send to me a tutorial how to do it, i will shared the email with you
 
Last edited:
Upvote 0 Downvote
First DOS attack in 7 years of hosting? Lucky you...

Seriously though, not much you can do if it's a DOS attack. Just blocking ports on a firewall doesn't do anything. The packets don't need to get in to cause a disruption

If you know the IP it's coming from, you can certainly just firewall it off to mitigate the issue, but short of forking out a bunch of money for a stronger DDOS mitigation service, you pretty much just wait it out.
 
Upvote 0 Downvote
bury said:
I have watched around 2 different websites, first of all I think I need a tutorial because I see is kinda advanced Linux and I never went so deep... (didnt need it tho).

The thing is that I think the mitigation system of my soyoustart launched by a small attack... thats my impression because the guy that said that wanted to DDos the server seems to be a kid...
Click to expand...
If the guy above doesn't help you i could help you on that, it's the easiest thing to do
 
Upvote 0 Downvote
Stopping DDoS attacks isn't as easy as just blocking an IP on your firewall, most of them come from a botnet theres multiple IPs involved else it wouldnt be able to takedown your server alone.
 
Upvote 0 Downvote
Catalyst said:
Stopping DDoS attacks isn't as easy as just blocking an IP on your firewall, most of them come from a botnet theres multiple IPs involved else it wouldnt be able to takedown your server alone.
Click to expand...

I know, the thing is that idk if the attack would have been stronger enough to take down the server, since the mitigation of the ddos protection launched and all the conections to the server were rejected. Lag appeared with some log outs, this happened for 20 or 30 minutes, until the proccess ended, although the email of "mitigation is over" arrived me the next morning.

So maybe it was not a hard attack but the mitigation acted anyway, thats why im worried... obiously he used vpn and lot of ip, I take that for granted
Post automatically merged:

Evil Puncker said:
nothing to do with the topic itself, just curious: what is your ot engine version?
Click to expand...

TFS 0.4
 
Upvote 0 Downvote
bury said:
obiously he used vpn and lot of ip, I take that for granted
Click to expand...

Probably not, what he used was a BOTNET service, which are incredibly illegal.

Botnets are just groups (like thousands) of infected computers all spread out on the internet somewhere. When activated, all those computers start flooding traffic to a single IP address, which usually falls to it's kneeds, unable to keep up with all the traffic.

This kind of thing is detectable, IPS will usually start null routing this traffic until it dies down.
 
Upvote 0 Downvote
Catalyst said:
How can you 'null route' something that is being spreaded everydays across different users?
Click to expand...

Easily. All traffic is and looks different. Only garbage traffic would be dropped, not all normal data.

I'm just saying the traffic for a DDOS attack is usually quite obvious and there are things ISPs can do to mitigate the attack.
 
Upvote 0 Downvote
I have proxy system solution which can solve your problem. Servers like retrocores, kasteria, kivera-global.net use it. Works with otclient and classic tibia. All of them had the same problem, they came to me and I solved it =)

1577701831735.png
 
Last edited:
Upvote 0 Downvote
Back
Top