ovh game server GoldSrc Counter-Strike 1.6 freezes with packets flood and CPU Spike 200 above
since 1 month i am facing problem with my game server counter-strike 1.6 hosted on ovh game vps. when the flood happens , the port 27015 is not responding and when i look closely it says [REUNION]: Query flood blocking: 37022 pps
now in my iptables i can see that in one u32 rule it has like many packets dropped .
i want to limit that so when packets come it takes some time so it does not freeze ovh game and my port 27015 becomes not responding.
when ever flood comes cpu spikes . i asked ovh game in email about this situation but until now there is no fix.
so i ask if the rule that has packets dropped can be limited avg so it does not flood my port 27015.
The players who are inside does not have issues but the port 27015 does not show in favorites and server browser and in gametracker monitoring system.
see the image on below. and tell me how can i limit avg per PPS
image deleted!!
Thanks.
Comments
Hi,
Ah an A2S flood, you pissed off someone smarter than average.
We can cache A2S queries for mitigation purposes (Standard & Premium lines only). A ticket is required to activate. A2S caching is normally a paid feature. Happy to help out someone receiving a flood however (for the length of the flood).
You can't rate limit the queries without being hidden from global server lists unfortunately. As you will block those querying normally too (assuming the attacker is spoofing, as they likely will be).
will the ping be same for all players? if i get this?
Hi,
During the time A2S cache is active for mitigation purposes your ping will display lower. However that will end at the time the attack ends.
A2S caching is a paid feature sponsored by a couple customers of ours. We can offer it to you only for mitigation purposes (not latency optimization / listing optimization) for free. Offering it to you for ping reduction would be unfair to those who fund it (development & maintenance).
As for general latency that is a factor of distance. Our locations are public (https://www.x4b.net/datacenters & https://www.x4b.net/protection/prices) the looking glass is also available for route checks.
thanks how can i contact you and go ahead for this ?
@amsaal Once you have your service setup (ordered & configured) and ready for A2S Cache activation contact me via support ticket to get A2S Cache enabled on your service.
Please do mention this thread.
In light of @amsaal's ticket let me clarify in case there was any doubt.
This is not an offer for a free mitigation service.
It is an offer for free access to a paid addon (A2S Cache) for a very specific purpose (and in passive mode, not active). It requires a service on the Standard or Premium lines. We don't currently have the modules & service deployed on the Budget line servers so this offer does not extend there.
the standard 20 USD is this what i need to activate this feature?
Thanks.
clean traffic 50 GB would be okay for 20 USD?
Or just post tcpdump here and we can see whats in the attack packets and help you block it lol.
Check this for specific info how to capture the attack.
https://www.lowendtalk.com/discussion/comment/3107906/#Comment_3107906
deleted
You can edit "--limit-burst" value from 1 to higher if people are still unable to join but no more than 10 suggested. In fact I would use default values "1" for all since its usually just enough for people to still be able to join or use the serverquery when under attack.
Alternatively you can just do this if the CPU still goes into 100% with the above rules:
Also, make sure you remove existing rules against this from input chain or change the order so these get executed first, otherwise it will just execute the old rules first against the flood. This would make the CPU remain at 100%.
If you have zero idea what to put in, try these rules as a base. This assumes you have SSH port on 22 and that you only run srcds on port 27015:27030. Do not apply these without editing unless your SSH is on port 22, otherwise you lose access to the SSH after applying.
You can save this into ip.sh and run the ./ip.sh
Just a fyi
Sorry for taking your potential customer lol.
Anyway, the above iptables only limit the incoming queries to x amount and then drop the rest.
how do i load this module in openvz?
@stefeman He isnt a customer. Nor do I think he will be. Your solution may be the best option for him (budget and know-how).
@amsaal You can't load modules OpenVZ, you provider might but you are really barking up the wrong tree trying to do attack mitigation on OpenVZ (or any paravirtualization). At-least get a KVM.
P.S I'm suprised OpenVZ is still a thing in 2020
If the host is 100up, hes fucked anyway no matter what he does. They give 100Mbps ports by default and are the only OpenVZ host that offer OVH Game that I know of.
bad solution !!
@FAT32 close this thread and lock i fix it myself
I think the topic can be closed at this point.
So much appreciation for the community that helped you, you know, for free.
you agree to loose players while you do this?
i agree on support but i said is bad solution .... it does not works it blocked legitimate traffic players cannot even see the server lol
sure
Its just an example. you would need to find out required ports and edit it anyway lol. You could remove all A2S rules except ffffffff54 and fffffff67 and change default input policy to accept for example.
port is 27015 and your limiting the query which means players cannot see server so they wont join meaning what you send for me does not work. its a BAD SOLUTION !!
but i figure it out taking capture and blocking i know very well too. it was complex attacks which i mitigated already and my server is up and running .
Thanks for your support appreciated.
everyone who advice i appreciate it
You can always raise the burst limits, but whatever. Its a perfectly working solution.
Glad to hear that you solved it yourself though. Wouldn't hurt to be more humble if you ask for advice here. People would be more inclined to help you next time.
yes sure. i was frustrated by this attacks and did not wanted to hurt anyone by my comments
Thanks for your advice
amasal,
i have a vps from ovh with 2 G/s and i recive ddos with 86 mb/s and i need your help
tell me how did you fix you cs 1.6 server
thanks in advance
What VPS do you have?
What location? (rbx, bhs, where? (maybe there are better alternatives than ovh in such locations)
Where you purchased the VPS?
Is the VPS has Antiddos Game or not?
Who is your key audience?
Is the game server new or old?
If you will change your IP, will you lose all of your players?
What operating system do you use?
How did you identified that you consume up to 86mbit/s under attack?
Have you tried to make a tcpdump of the attack and report about the attack to the OVH?
Is the DDoS attack comes from one IP, or from the botnet (many IPs)?
If the attack comes from one IP, have you tried to block just this IP in the OVH firewall?
There are a lot of questions, DDoS protection, not a simple thing that everyone can organize for themselves, that's why there is a market that offers DDoS protection solutions.
ask your provider for fix. better instead you apply in on vps and make laggy