DDoS Protection

Discussion in 'Hosting Advice' started by Entri, Jan 8, 2020.

  1. Hi,

    So my Minecraft Server got ddosed a several of times now even if the server haven’t opened yet and the server went down immediately so my host have no DDoS protection. I contacted my host to get a new IP so now i have a new but i can’t release it yet to the public.

    What i was looking for is a DDoS protection service that are free or cheap, we are located in Sweden. I have contacted TCPShield but i got no answer after 2-3 days.

    Best Regards,
    /Entri.
     
  2. Grab a DDoS protected VPS from a nearby country (Germany should be ok for Sweden? there's not too many Swedish hosts) and GRE tunnel traffic through it.

    I just wrote a list of DDoS protected providers in another thread, I'll paste it below:

    • BuyVM
      Unlimited BW, servers in Roost, Luxembourg and currently moving to CloudFlare's Magic Transit protection. I have great hopes for this service in the future (couple of months I guess?), however, at the moment it's still very basic - CloudFlare is only doing a GRE tunnel to BuyVM at the moment (BGP is coming "soon" according to CF) and are basically a guinea pig for CF (CF aren't actually charging them yet for the service) and I've heard the protection is still basically just a ratelimit, however, we can expect very good things from CF in the future (still should be fine if you were to receive an attack through it right now), so BuyVM would probably be a good bet. I'm sure if you open a ticket Francisco wouldn't mind putting your service behind Voxility if you experience attacks getting through.
    • FastPipe
      Combahton's VPS / dedicated server brand, unlimited BW, servers in Frankfurt, Germany iirc. As I said, protection is in-house and had a 250gbps capacity last time I checked, so more than enough. In the past, Comahton's protect has been incredibly flaky, however, in the past few months it's improved tenfold. Worth trying them out imo.
    • DeinServerHost
      2TB BW, €5/TB after that (yeah Voxility charge a ton). Servers in Germany, don't know exactly where, ask a ticket to find out. Personally haven't ever used them, however someone in LET said they've spoke to the owner and they seem decent. They use Voxility for DDoS protection, 1.7tbps capacity, good filter quality.
    • PhotonVPS
      Psychz's VPS brand - servers in AMS and Barcelona, 2TB BW (increases with each plan), includes 10gbps of Psychz's protection. Probably not too helpful if you're getting massive volumetric floods, but if you're getting smaller L3/L4/L7 attacks, Psychz has really good filter quality
    • RamNode
      Servers in Amsterdam, traffic comes though a 100gbps Psychz GRE tunnel. 1TB BW, increases with each plan. I'd probably use RamNode over PhotonVPS if you want Psychz's filters, since they pay for a 100gbps tunnel
     
  3. Thanks, Maybe i can run BungeeCord on a BuyVM vps and then have ddos protected ip
     
  4. Yeah, that's an alternative to having a GRE tunnel
     
  5. I went with FastPipe, i ordered the SSD VPS, then i added credits to the account and i haven't got any email in 30 minutes and the panel seems a little bit sketchy.
     
  6. Oh and yeah i can't not use the credits to activate the VPS, it says something like "Contract has noot been activated" and the support is not that good only open 06-18.
     
  7. Just wait. Haven't used fastpipe directly myself, activations might be manual to prevent fraud, this is a common practice. Give it 24 hours before reaching out to support
     
  8. Do you think they will block L3 L4 and L7? When my server got ddosed it went down immediatly and crashed the whole server. I don’t know what protection my host had, did you said FastPipe had 240GBps protection?
     
  9. Yeah last I heard was their total capacity was 250gbps (not the same as GBps btw)
     
  10. Sorry if i’m dumb but on the GRE Tunnel tutorial what means UNFILTERED IP? Is it the backend server? And also the destination ip, i know that filtered ip is the FastPipe vps?
     
  11. That tutorial is written by BuyVM, intended to be used with their servers, but it will work with other providers provided you actually think about the commands you're typing.

    In this situation, BuyVM servers have 2 IPs - one with DDoS protection (filtered) and one without (unfiltered).

    Since you only have one IP, you'll want to tunnel all ports on your IP to the other server except for your SSH port otherwise you won't be able to SSH back in. If both servers are using the same SSH port, you should change one.
     
  12. Okay i got it to work but i only need to reroute 25565?
     
  13. Web server too?
     
  14. I'm only going to have BungeeCord with subservers on my new dedicated machine, then forward data from port 25565 on FastPipe VPS to the dedi, right? I have my webserver in Sweden, separate machine
     
  15. Yeah that's fine then
     
  16. Do you think JavaPipes "DDoS Protected VPS" SSD1 is good DDoS protection? They have up to 750Gbps protection. I think i might change to them instead.
     
  17. Pretty sure JavaPipe is Voxility
     
    • Informative Informative x 1
  18. Hello @Entri,

    If I was you, I should try to reach out to TCPShield again though, it's more reliable and more than a hundred times better than hosting your own tunnel, you'll have a variety of proxies around the globe hosted and managed by TCPShield, whenever there is an error the proxy will get kicked out of the system to minimize the error rate and you don't have to worry about any maintenance/things that aren't working.

    Steven (The owner of TCPShield) reacts in less than a day on Telegram usually, you should contact him on there, his telegram name is: @sferg

    Hopefully, I helped you out with this terrible problem.
     
    #18 iFlyinq, Jan 15, 2020
    Last edited: Jan 15, 2020
    • Informative Informative x 1
  19. [/COLOR]
    You can't just say that and not go into detail why
     
  20. I did, please see: