Over 2 Gpbs DDoS. What should I do?

Discussion in 'Server & Community Management' started by tssge, Dec 7, 2012.

  1. Being the biggest Minecraft server in Finland does come with a price. Usually we do not get DDoSed hard but this time we got hit with over 2 Gbps of traffic per second. Hetzner null-routed our main server and we have a support ticket pending so we can get it up and running again. Players are angry and moderators too.

    What should I do to prevent this in future?

    One thing that comes into mind is dropping all traffic on server query ports which use UDP, maybe there is even a way to throttle the traffic on specific ports. It would probably be a good idea to buy high availability pack from Hetzner, or even change provider if we start getting this frequently. I know that there are a few Minecraft server admins here who have, unfortunately, had to deal with DDoS. Want to help me and give some advice? What do you think about my ideas? Will it help my server?

    Thanks everybody.
     
  2. Get Protection...JavaPipe..
     
    • Like Like x 2
  3. Greetings from the (former) largest server in Russia! I was genuinely astonished several months ago when I learned that running a Minecraft server is a dirty business with rivals using unhonest tools like DDoS.

    There's practically nothing you can do with a 2Gbps DDoS. You can't filter it out; to filter it on your host, you first have to accept the packet, but your bandwidth is capped at 100 (or 1000 if you took care about it) MBit/s. The only option you have is to ask your hoster to put some hardware anti-DDoS solution before your servers (or ask for 10GBit/s channel). As far as I remember, Hetzner just doesn't provide that sort of things and you might need to move to another hosting company.
     
  4. So what did you do about your server being DDoSed? Javapipe and Staminus both have quite big price tags on them, so I see those services as my last resort.
     
  5. Since we knew exactly who was DDoSing us, we decided to play it dirty and counter-attacked. Attacks stopped shortly. There was some sort of acknowledged mutually assured destruction since then.
     
  6. Well, I cannot counterattack. I do not see that as an option, because it is illegal and it I'm not as low as those guys DDoSing me.

    I guess it's DDoS protection then if this starts happening frequently.
     
  7. Better to prevent it :)
     
  8. md_5

    Administrator Developer

    Try not to give kids a reason to DDOS you.
    If they deserve to be banned, just ban them, don't tease etc etc etc.
     
    • Agree Agree x 3
    • Useful Useful x 1
  9. PhanaticD

    Patron

    I have used javapipe with hetzner and it made my ping bad and I used my bandwidth up for the hundred a month package in about two weeks, but its good as a temporary solution till they get bored
     
    • Agree Agree x 1
  10. I do not tease them. Me and our staff act very professionally and we have strict qualifications for staff members. We warn our staff members in case of improper behavior and kick them out after 3 warnings. Even our bans, their appeals and reasons are handled completely private, with the player in question being the only out-of-staff member. Ban reasons/messages have guidelines telling staff what a ban reason must contain and what it must not.

    That makes me think that it's a rival server DDoSing us.
     
    #10 tssge, Dec 8, 2012
    Last edited: Dec 8, 2012
    • Disagree Disagree x 1
    • Creative Creative x 1
  11. Bestle

    Patron

    It probably is a rival sever - You would be surprised at how many of the top servers use underhand techniques to stay at the top.
     
    • Agree Agree x 1
  12. You might try a service like cloudflare: http://www.cloudflare.com/business The L3 and L4 level protection might help out. Although they are primarily geared toward keeping websites up.
     
  13. Doesnt always help.
    it isn't possible to protect Minecraft servers via Cloudflare. Connections cannot be spoofed through cloudflare to the minecraft server.
     
  14. Your best course of action is to use javapipe.com - we use them quite often. If the price is too great, tell them you are having issues and they may cut you a deal.
     
    • Like Like x 1
  15. Incorrect. Javapipe can protect against a 10Gbps ddos. Several websites take that heat daily. Visa.com was hit with a 11Gbps and survived with a Black Lotus in front of them.

    A reverse proxy anti-ddos method can thwart almost any script kid to even the hax0r pros.
     
    #15 Kainzo, Jan 2, 2013
    Last edited: Jan 3, 2013
    • Like Like x 2