New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Good Idea.
LOL no one has null routed the server, unfortunately, you were unsuccessful, Ahzam has already closed the community and you guys remember your father name very clearly, Don't you remember how he has overthrown you so many times so don't recall him otherwise you will regret it.
And the attack you sent, you know you will bear the consequences sooner or later, Mr Shaheer Faisal Rizwan, wanted for the murder of his wife.
https://www.thenews.com.pk/print/202278-Tight-lipped-about-possible-dealmother-wants-killer-behind-bars
In 2015 you used lizardstresser : https://zaufanatrzeciastrona.pl/post/polskie-ofiary-i-uzytkownicy-serwisu-ddos-od-lizard-squad/
Now you are using Jeff spender, you are nothing on your own, plus you have no life, get a life, there's nothing you can do except DDoS, in real life you are shit, keep running from the sins you did, but you would bear the consequences sooner or later.
To be honest, no money is wasted, when you have a will there's a way, so many providers are with me providing me the servers without any cost, and you can't be Ahzam even in your dreams buddy, you can just lick and live that's in your veins
Oh this thread just got infinitely more :popcorn:
I am sure from your history $5 - $10 is so much money for you & you would chill out in a beach with that money rofl.
I think that comment was just to make you calm down a bit because of problems you are facing .. you can say it was joke but you took it seriosuly.
When the Pakistani drama is just about right..
haha nice 1
@Habeeb post a tcpdump of the "application layer attack" here. I'm sure its just some public stresser in the end. 800 Gbps of TS3 reflection traffic, I call bullshit right now. Whatever passes the filter, you can likely block with local firewall.
this wont helped . you remember mine? your rules i put exactly same OVH could not block it but i found 1 provider that fix this flood for me .
Are you xoxx by any chance?
it depends on the attack. you suffered from this one, remember?
https://gitlab.com/cryptio/ddos-research/-/blob/master/attacks/kill-all.md
There was no solution like the above link for that one, at the time.
You also suffered from TCP/UDP based 585858585858 A2S attacks.
Which the cure for it was:
iptables -A PREROUTING -t raw -p tcp -m multiport --dports 22,27015,10011,9987,5901,30033 -m string --algo kmp --hex-string '|5858585858|' -j DROP
iptables -A PREROUTING -t raw -p udp -m multiport --dports 22,27015,10011,9987,5901,30033 -m string --algo kmp --hex-string '|5858585858|' -j DROP
Your problem was also the lagspikes before the anti-ddos came active, and not that the server would be completely dead.
tried all but it was query flood 12,000 packets per second.
i have email from OVH provider that told me even they cant stop.
12k PPS is very low amount, something is wrong with ur configuration, or its not updated to counter further attacks. I never had access to your server so I can't keep up what kind of attacks you received after, or investigate them in real time. It's constant cat and mouse.
This is my server when suffering from attack, and theres nothing wrong with it.
Overall, limit the allowed ports, and drop rest in prerouting, and then apply A2S rules for any traffic that targets the ports you must allow. Its also good idea to distribute the services.. as in, don't host TS3 server at the same machine/IP as your gameserver.
Ok i will once again look into it. Thanks
@Habeeb you mentioned that OVH "drops your country"-- well I've seen this first hand, and I was able to fix this by white-listing my IPs that I don't want dropped on the OVH IP Firewall. Just add a rule to allow all IPv4 to your address and problem solved.
OVH firewall has a limit of 20 rules, so this is kinda useless unless he only has a few people, not a whole ISP/country blocked.
This is true. I am still a bit skeptical about the size of these attacks; it seems highly unlikely that he is seeing 200+gigabit regularly. MAYBE once a month for a very short time. We host several game servers and our transit drops every standard SYN/flood/ICMP non-spoofed DDoS. Only issue is the games that are UDP heavy tend to be more problematic so we use GRE tunnels to a Magic Transit host.
I would say your best option is CF Magic Transit, assuming your math on the attack volume is even remotely in the ballpark.
We had a customer eat a 700 - 800 gbit flood the other day. Crazy stuff.
Francisco
This started to turn into a drama thread. Finally!
long ago asked?
Hello Habeeb could you give us a try please?
All our products are DDoS protected. Take a look