DDOS Attack
My dedicated server is currently being ddosed 3 days after our Grand Release. What is the best course of action that I can take right now? The server is offline and I am unable to connect to my Pterodactyl panel.
35 Replies
who is hosting it?
PebbleHost
they should have solid antiddos
have you made a ticket with em?
Yes, I have, they haven't responded yet
They are typing now
yeah you'll want to ask them, don't think there's much else you can do on your end
Okay awesome, thank you
#1 Change the Dedicated Servers IP so they cant attack directly
#2 Hire a specialized DDoS protection service
#3 Firewall correctly to avoid exposing the new server's IP
#4 Either hide pterodactyl or setup DDoS protection (Cloudflare is free and should be enough for this case, still recommend you hide it tho as cloudflare free isnt that hard to bypass and may still crash the server if its weak)
They dont lol
What DDoS protection service would you reccomend?
I mean im biased
¯\_(ツ)_/¯
What location is the server hosted?
It's currently being hosted in the UK
Ooof
weird location
Do you know if it was a layer4 (big traffic, 10gbit+) or layer7(Too many pings, joins) attack?
Dan said it was over 800 GBPS, so layer4
Ah
So they are nullrouting you because its bigger then their capacity
thats crazy
how big is your server?
We hover around 20 - 25 players during our peak hours
Wtf
So your budget is not big
Hmmm
This is though
Might be worth reaching out to new hosts
they do have ddos prot, I wouldnt say solid but enough to get by with most attacks
no
a host DDoS protection will never be enough
look at it this way, a Bare Metal service hosts:
- Websites
- Databases
- Minecraft Servers
- Minecraft Bedrock Servers
- Other hosting companies
- Team Speak Servers
- Random game servers
- Custom protocols
- VPNs
- etc
They are a host, not a ddos protection company so most budget wont be allocated on upgrading their protection
Added to this, the host's side has no idea of what is it that you are hosting
Ahhh, didn't see you had a dedi
so their DDoS protection has to cover 30000 different use cases while not dropping legitimate traffic
which means it can get bypassed as easily
now if you hired a service specially made for the application you are hosting (Website, Minecraft, FiveM, etc)
they know you are hosting that and can deploy more specific measures to help with it
Even panel hosting
to my knowledge only Bloom and Servcity have actually decent included DDoS protection
And bloom was under fire not too long ago for providing hetzner default IPs that were non protected
Yeah i mean they do, like any host... mostly volumetric that prevents script kiddies w free booters from taking you down, but in his case the attack is big enough to saturate pebble's entire network so hes better off hiring a specialized service
hm
fair enough
thats being worked out btw, we have an announcement on the bloom.host web if you hover over ddos prot to say we are migrating all ips to our protected ones :thumb:
just clarifying it incase you didnt hear / see it
i mean its not the hosts fault
Its the people that treat a bare metal provider as a DDoS protection company when they arent
agreed
Ah yeah i see
yep
cant imagine how many extra drain on resources maintaning that "decent ddos prot" image costs OVH
We actually re-announced over Cosmic, but one of our upstreams null-routed the IP temporarily due to it causing them problems (and Cogent propagates nullroutes like crazy)
We've got CosmicGuard for this exact reason, which our pricing of $15/month I feel is pretty fair in the situation and probably equal to anything extra that you'd be paying with another host or for additional DDoS Protection
(The re-announcement over Cosmic is standard for attacks exceeding or coming close to our own capacity of 800Gbps)
Tbh i hate on cosmic but mostly cuz they try to sell it at enterprise pricing.
$15/m its honestly p good
its good for people who want/need it, its not good for people who dont care for it lol, which we couldnt care for since those people dont know much in the world
:YEP:
i mean if u dont get ddosed dont buy it lol
yeah
but for them it seems like a good idea to take
Hmmmmm
not quite sure
If they are getting hit with 800gbit/s+ it means the attacker is pretty stubborn
cosmic isnt that hard to bypass
or they can just send a L7 method
I ran a server and got 47 gigsbits holy shit 800
☠️ someone must really hate you