[ish12321]

Hey guys,
My server is getting TSource Query Floods. Rate limiting doesnt helps as that makes server appear offline but just allows to stop lag to those who playing however ddos ends hours so on map change server gets empty. I find query cache an option.

https://forum.i3d.net/threads/hlds-s....157942/page-2
Here is a script for query caching which as per me could help us but the script is old and so no more functional. Does anyone have enough knowledge and could please spare some of his time to fix it?

Please if possible also make it like during too many incoming packets (suspected ddos) do query cache interval to 5secs while in normal 1secs maybe?

Please help..

I read OVH site. For TSource Query Floods they also use query caching but with their own high quality hardware which could handle too much. My server could atleast be able to handle basic such floods.

NOTE : Each packet is from.different IP (spoofed)

[ish12321]

Quote:

Originally Posted by joropito If the attack don't overload your connection but affects your HLDS stability, you could try filtering using iptables. As I see your capture, they're using more than 5k bots doing A2S_INFO attack. Best thing you can try is to rate-limit A2S_INFO packets to avoid high cpu usage on your hlds. Any action you may take on the server could not stop nor avoid connection overload.

Query caching could help as per my knowledge.

[ish12321]

Quote:

Originally Posted by brlight OVH , check their Website

Not available in our country

[balonfx]

Check out x4b, you can try or check out gre tunneling.

[ish12321]

Quote:

Originally Posted by balonfx Check out x4b, you can try or check out gre tunneling.

Not in our country. Will rise ping tremendously. :/

[aron9forever]

is it a linux server? do you have access to SSH?

[ish12321]

Quote:

Originally Posted by aron9forever is it a linux server? do you have access to SSH?

Ubuntu. Yes, I've access to SSH

[aron9forever]

Quote:

Originally Posted by ish12321 Ubuntu. Yes, I've access to SSH

You can install csf (configserver security & firewalll) and configure it to limit max connections per address to 5 and also set a limit on specific ports (such as 27015). Limits can be set such that if a user opens too many connections in a certain interval (say 5 seconds) then they will be banned for the same interval. It worked wonders for stopping DoS attacks on my server

be very careful when setting it up, if you don't allow SSH ports for example you WILL lock yourself out of remote connections and your machine will have to be serviced unless you have KVM ofc


If it's really a DDoS (make sure you know what that means and implies) then there is nothing you can do on software side.

[ish12321]

Quote:

Originally Posted by aron9forever You can install csf (configserver security & firewalll) and configure it to limit max connections per address to 5 and also set a limit on specific ports (such as 27015). Limits can be set such that if a user opens too many connections in a certain interval (say 5 seconds) then they will be banned for the same interval. It worked wonders for stopping DoS attacks on my server be very careful when setting it up, if you don't allow SSH ports for example you WILL lock yourself out of remote connections and your machine will have to be serviced unless you have KVM ofc If it's really a DDoS (make sure you know what that means and implies) then there is nothing you can do on software side.

Already tried those actually. Would never work when each packet is from different IP. I dont use CSF but iptables directly.

[aron9forever]

Quote:

Originally Posted by ish12321 Already tried those actually. Would never work when each packet is from different IP. I dont use CSF but iptables directly.

each packet from different ip? are you sure it's not being spoofed?

sorry to hear that, sounds like a nightmare, nothing you can do about it except switch hosting providers, and even then, nobody offers real protection against fat DDoS for low prices