[DJEarthQuake]

On a cheap VPS it is part of the cost of doing business. Be sure to maintain a good relationship with your provider. On a dedicated line my FAIL2BAN is never past 0.3 CPU on what I consider stone-age hardware and active ddos. Just a single core.

Their homepage mission statement:

Quote:

HeatShield allows you to easily manage all of your servers' firewalls without having to SSH into them again.

Being in root shell will always put admin 1 up on them. This discounts that and misleads innocents otherwise and wants money.

Quote:

Originally Posted by DJEarthQuake Bad idea. Upgrades overwrite jail.conf. According to this article https://gamebanana.com/threads/128192 cstrike-planet.com disappeared 11 years ago. [counter-strike] has been default in fail2ban years before this thread was written. I see IP rules threads to offloading module threads while we have had one all along with fail2ban preconfigured. The logpath is out of date and needs to point to /var/log/messages in most instances. Code: /etc/fail2ban/jail.conf [counter-strike] logpath = /opt/cstrike/logs/L[0-9]*.log # Firewall: <a href="http://www.cstrike-planet.com/faq/6" target="_blank" rel="nofollow noopener">http://www.cstrike-planet.com/faq/6</a> tcpport = 27030,27031,27032,27033,27034,27035,27036,27037,27038,27039 udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010,27011,27012,27013,27014,27015 action  = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]            %(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]

Quote:

Originally Posted by DJEarthQuake Fail2ban helps. Malformed packets can be tagged for later control. server.cfg Default hlds settings. //max_queries_sec : 3 //max_queries_sec_global : 30 //max_queries_window : 60 More sensitive max_queries_sec 2 max_queries_sec_global 15 max_queries_window 30 Easy test. Refresh server a bunch of times one will see "...was blocked for exceeding rate limits" /etc/fail2ban/filter.d/gearbox.conf Code: # Fail2Ban filter for ddos for GoldSrc # # [Definition] failregex = : Traffic from <HOST>:(\d{1,5}) was blocked for exceeding rate limits ignoreregex = [Init] datepattern = %%m/%%d/%%Y - %%H:%%M:%%S # Author: SPiNX March 2020 jail.local Code: [hlds-ddos] enabled = true maxretry = 50 findtime = 100 bantime = 900 logpath = /var/log/messages tcpport = 27005,27015,27016,27017,27018,27019,27020.27030 udpport = 27005,27015,27016,27017,27018,27019,27020,27030 action = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp] %(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp] [gearbox] enabled = true maxretry = 2 bantime = 1800 findtime = 10 logpath = /home/TUT/Steam/steamapps/common/Half-Life/cstrike/qconsole.log /home/TUT/Steam/steamapps/common/Half-Life/dod/qconsole.log /home/TUT/Steam/steamapps/common/Half-Life/gearbox/qconsole.log banaction = %(banaction_allports)s Be sure to pay attention to or rotate qconsole.log it gets big fast. https://developer.valvesoftware.com/...d_Line_Options -condebug - Stores console output to "Half-Life\qconsole.log". fail2ban-client status Code: Status |- Number of jail: 6 `- Jail list: gearbox, hlds-ddos, nginx-botsearch, nginx-http-auth, nginx-limit-req, sshd Nobody even bothers anymore. Earlier this year it was very active banning bad guys. fail2ban-client status hlds-ddos Code: Status for the jail: hlds-ddos |- Filter | |- Currently failed: 3 | |- Total failed: 18841 | `- File list: /var/log/messages `- Actions |- Currently banned: 0 |- Total banned: 0 `- Banned IP list:

|- Currently banned: 95
|- Total banned: 1431