I'm here too representing the brazilian league GridLFS (www.gridlfs.com), a oficial league by Live for Speed.
We conduct events for over three years, and unfortunately now we go through situations that are unbearable. I mean the server attacks.
I wonder if there is any way to protect our server against such attacks, it seems that the IP and PORT of INSIM servers are open to everyone, making it very easy these offenses.
We await a response, or otherwise we will have serious problems with the league and our future events, and this is certainly doing a lot of people give up competing for your simulator.
Thiago Carvalho - www.gridlfs.com.br
attacks are really becoming a serious inconvenience for our events and making many users fail to compete in this simulator and leading them to seek other alternatives if there is a way to solve this will be very important for continuity of our league and outreach work we're doing LFS
Just so you know, IP is "open" to everyone because when you try to join a server, even if you don't have its password, you must contact it first, so your PC will contact a server by its IP address. But having an IP address doesn't mean anything at all. In fact, if someone knows how to attack your server, getting your IP address is the easiest thing tbh.
Anyway, I don't believe there's anything you can do about it. In fact, not even PayPal could do anything when Anons attacked them (after Wikileak got taken down - google it), simply because the server would hang up after so many requests from so many different computers. And we are talking about such a big company as PayPal, so in a BR connection it would be even worse, as we all know our infrastructure sucks. Not to mention your firewall must be useless...
That video is from 2007, I believe Scawen has already fixed it, so no need to bring this up and that is why shorty943 could not trace to that IP.
Btw, I'm not an expert in networks, so what I said can be wrong.
You're not wrong, 1 of the problem for all gamers, not just LFS, are this DDoS attacks, we had this problem last year, and we could improve it with some initiatives.
I'm thinking about start monitoring IP's and its packets when the race starts, to get and block the little mouse, and take legal action against the person who doing it.
Thank you @Lucas Renvon and @shorty943 for instructs.
I wonder if the developers of LFS have any solutions to this problem, buy a license and at least have to have a support at this time to continue to give credibility to the simulator.
The same could happen to iRacing or any other game or any other website.
But if you get the IP from connecting to the server, it must mean someone who goes on your servers is doing it or has given the IP to someone else - so perhaps change the IP, password the server, see if it keeps doing it and work out who it could be. Or maybe your website and LFS server are on the same IP, so it would be really easy to get it from resolving the domain name.
Don't talk shit, buying LFS doesn't protect you from DDoS attacks - it's like paying someone to make a website and then having it DDoS'd - nothing they can do about that...
All that said you have done and continue bringing down the server
[/QUOTE]Don't talk shit, buying LFS doesn't protect you from DDoS attacks - it's like paying someone to make a website and then having it DDoS'd - nothing they can do about that...[/QUOTE]
I think you did not understand what I said, we are asking for help.
Now has more education with his words.
As much as I'd recommend using a Linux based machine to run the server, there are few general rules that always apply
- Run as light as possible, each unnecessary service or task will only slow you down and could possibly compromise the security.
- Stay up to date. New exploits are being found every day so make sure all your critical software has all the security patches.
- Be as restrictive as possible. Keep all ports closed unless you absolutely have to have them opened. If it's possible, use IP address restrictions too (like if you have an InSim app running on another machine disallow all connections to port 29999 except for the one coming from the machine the InSim app runs on).
- Use a good firewall. Firewalls can be pretty smart and they can detect a DoS attack. When they do, they start automatically dropping all communication from the attacker. It comes with some slight overhead because even dropping a packet causes some CPU load but it's still much better than processing the packet completely.
- Use good networking hardware. You can have the best server in the world but if it's behind a crappy router or switch it will be no use.
- If you don't physically own the server but you rent one from a hosting service, contact them and ask if they can help you in any way.
Chances are that you aren't dealing with Anonymous or LulzSec grade of hackers, so you should have a real chance to fight back. Unless you're in some sort of guerilla war with other server maintainers a few failed hacking attempts should make these morons lost their interest.
i'm not sure why they recommended running linux, iptables won't save you from a DDoS. all it will do is drop the packets, but it will still consume your bandwidth. i would ask your hosting provider to see if they have any form of upstream filtering that would keep your server safe and provide the protection you need.
Well, strictly speaking there is nothing that can actually protect your from a DDoS attack. If a bunch of dudes with too much free time decide to bombard you with packets, you can't stop it. The idea is to have avaliable as much resources as possible to make it hard for the attackers to overwhelm your server with requests.
Reasonably configured Linux server can run ligher on system resoures plus it has more robust TCP/IP stack with support of all kinds of packet filtering. Even Google uses and develops some parts of it
Filtering communication on the provider side would take some load off your server, but it wouldn't really solve the problem - it would just move elsewhere. It might or might not be a better solution, it's certainly worth a try if you rent a VPS or a regular server from someone. The only problem is that you probably won't have access to the filtering rules applied by the provider so if the attackers change thier tactics, you'll have to wait for the provider to update the rules. Provider-side filtering might also come with some collateral damage because the provider won't probably fine-tune the rules as much as you would.
