New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
have you checked out /etc/sysctl? It might lower the effect of the attack.
You should not negotiate with him. If he is banned, let him stay banned. You are paying for the server not him.
Get his IP and ban him from server and also share his steam id.
I wouldn't mind his steam_id.
@Jack
How is a dedicated 100Mbit line going to avoid 286Mbit/s?
@GaNi
What's his 'name' anyway?
He'll most likely have to pay for dedicated 100Mbit, and that won't even fix his problem
Sorry for the lag, he is http://steamcommunity.com/id/kobraxp
I've tried to contact him in all the possible way, but he has me blocked on steam. One of his friend passed me a message stating, he won't quit attacking me.
His IP Range: 5.13.0.0/16, ISP: RCS & RDS Residential, Romania (Blocked it on CSF)
Jack, the attack max went upto 500mbit and stayed there. Seems he's using his home network with loic.
I may be incorrect, Prometeus gave me a log last week and IPs were indeed spoofed.
Log: https://docs.google.com/file/d/1FYBx94JG1QDFJqem1jvS63Uu9ONfDVkfJ54hXi9o3s1Jalv7BJ9CcDFGOo21/edit?usp=sharing
500Mbit with a home network eh..
Do you have something running on port 80?
@jack
It was pulled offline, I am not planning to go online again. Troubled prometeus enough already....
@Mun
yea, nginx. I provide players a link to download the game addons. The KVM has 3TB+, I wouldn't waste that.
Dns amplification and syn floods are both used together in every attack.
Even a dedi with 100m doesnt help since attacks grow quickly and if the ip isn't nulled the used bw will be a lot.
A real ddos mitigation is required...
@prometeus
I've contacted over 10 mitigation services, most of them don't want to provide proxy/tunnel service and rest of them are way over an "under-grad student's" budget.
well they are attacking port 80, I was going to say remove or ask promethus to block all port 80 traffic.
woops
So you did scroll all the way down right? Initial Port 80 connections were legit, then began the flood.
that was my first option, since it was in Italy, but
No double posted.
My suggestion, buy another VPS, and throw all your website data on it. Make it go through cloudflare, and have promethus block all port 80 traffic.
If you go through the log, towards end you'll see where they are attacking.
@Jack
I am not using Port 22 for SSH, in fact I've stopped using SSH. I use Console to manage server for now. My budget wont go beyond 20$.
There is another way, tough it isn't legal. If he really causes you that much trouble just ddos his ip. I'm pretty sure he likes his own network more than yours.
As stated earlier, he himself hosts game servers on windows, and pretty much made many community members mad, and they did attack him too but that guy is behind dynamic IP. Not easy to track on.
Whoever this guy is he sure knows how to hide himself.. I traced his usernames and they all come back with 137.116.32.32
Which seems to be:
OrgName Microsoft Corp
OrgId MSFT-Z
Address One Microsoft Way
City Redmond
StateProv WA
PostalCode 98052
Country US
So yes, however he's doing this he knows how to spoof.
Steam_ID please.
Also a good half of that is port 80, start there and continue.
Steam_ID please.
Also a good half of that is port 80, start there and continue.
@Mun
http://steamcommunity.com/id/kobraxp
Also congrats you are getting hit by a DNS reflection attack, I have had never the honor to be hit by one.
@Ishaq
I am sure he is not from the US, he is a Romanian. I was a Channel Admin @ Garena Client. Being an admin, I had banned many users for violating the rules back then, few took it seriously. Among those few, he was one, didn't know he would follow me up till here.
@Mun
you lag
you lag
Actually, my internet is now faster and thus when I click post it goes so fast it knocks two in place.
3.1 - 2.0 MB sessions coming from port 53, as well as a lot of smaller traffic from port 80.
Would a i3D 20Euro server tank this attack?
@Zen
Would forward this to @prometeus.