https://open.mp logo
Join Discord
Powered by
Host with Best DDoS Protection?
# support-forum
b
Do you know any host with the best DDoS protection with singapore location? I currently using Advance Apac Dedicated in OVH and still my server getting delay by attacks they using udp flood.
b
OVH does not filter attacks coming from vps's on it's own network. So I don't recommend them for game servers.
b
Do you have any recommendation for host that has good ddos protection and also have singapore data location?
b
Hetzner/Netcup/Online.net/Linode/Digital Ocean all have fairly decent protection
n
I have question about that what is the best? Hetzner other?
p
You can block internal traffic, they have available all their IP's on website.
b
it doesn't work
well not all the time, if you have monitoring enabled on your server, then other servers can still attack you
it's a bit of a tedious work around, but it's still possible
p
I had that problem and solved by blocking all other OVH IP's except mine
I recommend 100up.org they provide their layer of protection with XDP
b
yeah for most attackers who are not aware of the problem where OVH actually whitelists certain ports regardless of your firewall settings from the inbound network, like monitoring ports
p
yeah but it's done with netfilter not OVH's firewall
if it is done with OVH only it will be still vulnerable
b
blocking shit on the same server doesn't do anything to prevent DDOS
iptables will not help you
because the attack is designed to overload the network, the layer before your server
p
that's true
but it can help, I solved a lot of attacks with iptables
b
it can help with small scale exploit attacks and resending of data, but on a large scale DDOS, you are mostly fucked and only OVH can save you
but since they don't do anything on the internal network, for that, there is not a lot of you can do
especially since workarounds still exist that get past the firewall itself
p
well hetzner is not good option too, idk for digital ocean, linode and others but I'm pretty sure hetzner have shit protection because I had server on their hosting
they will just shut down your VPS if it's being ddosed
b
Hetzner does a pretty decent job of it tbh.
and Netcup does an even better job of it
p
path is good
but I couldn't find server near my playerbase location
they have amsterdam I used it for a while when 100up reselled from them and it was very powerful
but they don't work with 100up anymore and I can't find new reseller of their servers
b
6.5tbs is not that much anymore, for a game server it might be fine, but it depends really on the scale of the botnet that is being used
generally they keep it small enough to not get noticed
p
yes, but their samp filter was great and it worked good
I'm just waiting for some good reseller of their servers to provide Europe locations
kubbur.com was the one, but they stopped working idk why
b
no idea haha
it's been a while since I started hunting for new providers
p
I stopped too, my currently OVH server is doing well but I came here to see if someone knows IP's of game-state.com because I need to whitelist them in my firewall to make server online on their list
and when I tried to add my server on open.mp server list too it says "This IP didn't resolved as SA-MP Server"
some of my UDP filters are blocking that traffic
b
hmm
you could run it locally and try to capture all the ip addresses that access the port 7777 and then you'll know the ip range
p
yeah, I will do it like that then, thanks
m
They do?
they suspended a service of mine because of a large attack
never getting anything from hetzner ever again
They were sold
not sure what direction the new company took now, but their virtual machines were pretty cheap
p
yes, they had a beautiful website and panel
b
I get attacked a lot on Hetzner, but never once actually felt the damage
never been suspended
l
OVH = Internals (some of them cant be stopped using software because they saturate your bandiwth) I used OVH for about 4 years and they still cant solve that, I moved to Path (tempest.net) and thekr filters are very good tbh
Hetzner, Linode, digital ocean can be good against DDOs attacks but they dont have specific filters for SAMP, so expooits will take your server down.
n
Yes but what with ping when someone live so far away?
l
Where is your player base?
n
Serbia
l
Tempest have server near there i think
m
You probably never got hit by anything significant then
There is many issues with Path tho
especially with routing. Sometimes my players get disconnected randomly
If it wasn't for that, I would remain with them
I don't think they will solve it, which is sad
It is nothing new either, they just don't seem to care
b
What host u currently using?
m
OVH with 10g port burst
Received internals, but none above 2 gbps or so
And given you can't abuse each individual OVH server's bandwidth for attacking (they easily suspend you), you would need many servers sending little traffic to saturate the port, so getting enough servers to just saturate my 10g port would be a huge waste of money for anyone to try, especially since a simple report could get all these machines banned
I mean yeah, you can't compare Path with OVH. Path has one of the best mitigation stacks in the market, but when it comes about stability, it is what holds me back in OVH
l
The attackers aren't sending you SAMP exploits?
m
No, I was receiving syn floods
over 200 ips, sending low packet count
l
I see
m
The udp floods I received before were samp cookies, but in a service not related to samp
l
OVH 10G doesn't have game firewall, so you will not be able to stop SAMP exploits, at least without filters made by you
m
it was so weird
l
btw which location did you use in path?
I'm using NY which is very stable tbh
m
NYC, had downtime too
idk how it is today, been some months
l
Yeah today is fine
m
Yes, but OVH Game is useless tbh
even with samp filters I have seen garbage udp traffic coming in
l
yeah sadly
m
At least with 10g there is a little more you can do
I offload my XDP, but I don't have anything complex yet.
l
Can you DM me your server IP please?
I tried OVH 10G but I was getting hit with a lot of attacks directly to 7777 port
m
How much bandwidth?
I assume below that
l
20MB/s lol
OVH engineer told me to use cloudflare spectrum hahaha
m
You could create a XDP + eBPF filter. (Edit: oops, too many details haha)
Recommending other solutions when they should focus on theirs
l
Yeah, for me its less time to just host it in path and they take care of protection
m
OVH support sucks tho
Sometimes they answer nonsense
l
yeah its like talking to a bot
m
looks like tempest* has microcloud services now
not too expensive
l
yes very nice for samp
lol they don't understand that with software you cant block an attack that its larger than your port speed
m
I think I figured why they allow internal traffic, faulty design
there is some OVH servers sending ICMP to your server, if it fails to respond mitigation is enabled
maybe they planned on making it not possible to block these ips, pretty dumb
l
I think it is for their "monitoring"
but that sucks, anyone could spoof those IPs with UDP
And the "antihack" which should prevent outgoing attacks doesn't work, I tried to send 800 mb/s to another OVH and it didn't trigger the antihack
m
800 mbps udp?
with dedicateds you can even use the entire bandwidth for some seconds with no anti hack warning
l
yeah with failover IPs I could attack anyone
When I tried to send the entire port speed for attack it also didn't detect
m
there is some tolerance probably, given you have a "dedicated link", but that is bad
l
It just detected couple times and I had to "unblock the failover IP" which took me 5 minutes to do and started to attack again
Allowing internal attacks without filtering them is very dumb
it is not a new problem
m
if their firewall at least worked to block OVH ranges
l
lol yeah there should be an option to filter internal IPs
m
it is so dumb
you block an ovh ip there, it still reaches your server like if you did nothing
l
Tempest is implementing an option to block entire ASN's by ASN Number
yeah, and if its UDP even if you block it with software firewall the traffic still reaches your server and saturate your port speed
m
Is GRE still forbidden for non business customers?
l
I think so
you can tunnel using frantech
it is allowed there
m
I still don't get how that fire happened
l
lol
they store the servers in physical containers
m
I can only imagine the legal trouble they might have had, since they have backup services under their responsability which are forever lost
l
Yeah there is no sense in storing a backup in the same DC
lol
backups should be redundant
h
Not a lot is really their responsibility, if you didn’t have a backup elsewhere that’s your fault not theirs tbh
l
But there is no sense in doing a backup in the same DC
h
Exactly
o
@little-cat-35250 dedipath.com is good?
l
Thats path network
PreviousNext
Powered by