Still getting DDoS Attacks

[[NotD] localhost]

Hello fellow gamers,

Some services have been down due to a intermittent DDoS attacks. I have set up extensive IP Table rules, but these cannot protect against the current attacks. The attacker has extensive bandwidth resources which overflows my 1 Gbps connection. We can only ride it out since I cannot upgrade to a 2 Gbps port and cannot pay $500/m for DDoS mitigation hardware on top of the current $185/m server.  Here are some pretty images.

[Mominator]

That ss went right over my head LMAO

[[NotD] Tactical Flannel]

MOOOOOMMMMMMMMM!!!!!!!

Someone else is speaking Swahili!!!
I need a translation!!!

[[NotD] lespy]

Lame, dont ddosers have something better to do then attack a CSS server? guess not.


alright just gonna have to ride it out, tks for the pretty pictures for me local, Iam a visuals kinda guy.

[Pottymouth]

So basically where the peaks in the graphs are is when the server is being DDOSed. Damn look at all that bandwidth being wasted. What an asshole.

[ChaoticTundra]

Swahili For dummies

The "out" of the chart shows the servers output data flow (latency levels, player count, server information, etc...)

The "In" of the chart shows server data flow intake (Player data packages, Player joins, outside server commands, Command data packages, attempted joins, etc...)

what this chart is showing is that the standard flow that should be coming in should average the same as the output, but instead someone is DDoSing, causing (what looks to be) 29x-42x more Data package information then it should have. If this amount of data flow continues on solid server (running) it will cause the server buffer to overload and the server will shut down to protect itself.
By the looks of it this DDoS'er has an immense amount of resources, and paying for just 1-2 months of DDoS mitigation would not be enough, because this DDoS'er would continue to regularly test the server until he knows he can crash it again...the server would most likely have to be on this plan for 1+ years until this guy stopped DDoS'ing.

Sorry Flannel my "Swahili" translation drifted back into "Swahili"

[[NotD] Wooki3]

HOORAY FOR PRETTY COLORS... oh wait no i guess i want to see less pretty cause more is BAD

[[NotD] Bob The 3RD]

Swahili For dummies

The "out" of the chart shows the servers output data flow (latency levels, player count, server information, etc...)

The "In" of the chart shows server data flow intake (Player data packages, Player joins, outside server commands, Command data packages, attempted joins, etc...)

what this chart is showing is that the standard flow that should be coming in should average the same as the output, but instead someone is DDoSing, causing (what looks to be) 29x-42x more Data package information then it should have. If this amount of data flow continues on solid server (running) it will cause the server buffer to overload and the server will shut down to protect itself.
By the looks of it this DDoS'er has an immense amount of resources, and paying for just 1-2 months of DDoS mitigation would not be enough, because this DDoS'er would continue to regularly test the server until he knows he can crash it again...the server would most likely have to be on this plan for 1+ years until this guy stopped DDoS'ing.

Sorry Flannel my "Swahili" translation drifted back into "Swahili"

^^^ someone knows a lot. Anyway, Fucking DDOSers. Losers have nothign else to do. I hope they learn there lesson when/if/or they're caught.

[[NotD]*sorrow*FatesMoM]

thnx for the for the more in-depth explanation local. i am really tired of people saying local isnt doing anything about the attacks. so here you go, what it all means i dont know. but now you can stop saying he's doing nothing.

wow the people doing this are not gamers, i wouldnt even know what to call them.

[virus.ca]

thnx for the for the more in-depth explanation local. i am really tired of people saying local isnt doing anything about the attacks. so here you go, what it all means i dont know. but now you can stop saying he's doing nothing.

wow the people doing this are not gamers, i wouldnt even know what to call them.

Amen ^^^
And just simply "The Schemers"....
Makes my heart stop beating when it says "Server Not Responding"

[ChaoticTundra]

thnx for the for the more in-depth explanation local. i am really tired of people saying local isnt doing anything about the attacks. so here you go, what it all means i dont know. but now you can stop saying he's doing nothing.

wow the people doing this are not gamers, i wouldnt even know what to call them.

But I went even more in depth then local! sad face on not getting recognition....

I'm gonna go cry in a corner now! all because of you sorrow!

[[NotD] tea baggins]

well....

the pretty picture is actually a really ugly one.

to break it down;
the days without ddos attacks show a standard in and out bandwidth usage (that means how much data going in to the server and what the server sends back out) around 3 GB per day.
the ddos attack days shows output ten times that because the server thinks its supposed to respond to a request more often) and in is around 1000 times  more.

the long and short of it is the server is unable to keep up with the fake crap it's thinking is legitimate connections and those fake connections are 1000 times the normal incoming traffic that should be arriving.


local quick question on your server host...
are you renting the whole box and allowed os and server layer choices etc...
or is it strictly game hosting and they decide the os etc... and all you get is the ability to upload your game plugins etc...

the reason i ask is that from what you've said in the past i.e. changing os from linux to windows etc... is it seems that you have a virtualized hosted enviornment and the only thing set in stone is the ip per virtual partition. if that's the case...
wouldn't it be easier to rent a secondary host during these lame attacks and copy the image over to it from the attacked server partition and simply use an external dns server to route to whichever one is more available and make the fuckers doing this have to sweat their ddos attacks twice as hard as they'll have 2 seperate targets to try to bring down. i know you couldn't host everything this way due to costs but maybe one z-hell and minigames on a seperate server during these "crisis" times if the donations for the month allow.

or even possibly host an "emergency" game server from home or a friends home or something. that other server would undoubtedly come under fire but if it's a fast enough home line with dynamic ip's they could dodge the attack by reconnecting the modem at home and you simply erasing the dyndns entry to their ip.


another thing is if it's "those other guys" who have a history no need to mention names etc... pulling this crap. sue them. nothing says hey you have to play by the big boy rules now no more child crap like a lawsuit they have to pay to defend, and they get to pay for your lawyer and damages when they lose. i know it's a huge headache, and this is all supposed to be for fun and all but if it's "them" well i'd already have been talking to their local law enforcement agencies about a raid and confiscation of their p.c.'s and if he lives across state lines then fbi.

[[NotD]*sorrow*FatesMoM]

But I went even more in depth then local! sad face on not getting recognition....

I'm gonna go cry in a corner now! all because of you sorrow!

its not that i didnt give you credit tundra and i do for the wonderful explanation.  its just that everyday i have to try and defend local and tell people he has done all he can do.

tea i dont know what you are talking about but i know local will be reading it.

[[NotD] Dr.Nick]

For the people think there can be done even if he block they can just find a new hole in the system to get through. Unless we pay the 500(which no way we can keep up) there is no way we can block the attacks, this is something we have to wait out.

[Mr.GooGle(ALASKA)]

Thanks local for letting us know and see with the graph..