Need a protection script agenst DDoS attacks for my counter strike server

Hey guys, my css server recently got attacked by a DDoS, And i was wondering if anyone has a script to protect my server, If anyone has a script that will work for a counter strike sever that would be great.

 

hello jamesfenwick what is the OS (operating system) are you using, what network equipment are installed before your server etc.

Much more informations will be apreciated to solve your problem.

 

hi
if you run linux apache 2.x do this

cd /usr/src 

Code (markup):

wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz

Code (markup):

tar xfz mod_evasive_1.10.1.tar.gz 

Code (markup):

cd mod_evasive

Code (markup):

Find the location of Apache Extension Tool (apxs) binary and perform the following.

type apxs 

Code (markup):

or

find / -type f -name apxs -print 

Code (markup):

$[COLOR="Red"]APACHE_ROOT[/COLOR]/bin/apxs -cia mod_evasive20.c 

Code (markup):

Configure mod_evasive for Apache Find a location of httpd.conf, and edit with the following contents.

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 300
</IfModule> 

Code (markup):

 

He is trying to stop ddos attacks on his counter strike server, not apache server.

 

There isn't really a script that is going to truly protect your server from a DDoS attack. If you have root on the server you can set up some iptables rules but that isnt going to stop the DDoS from coming in on the line. You need to find a provider that has DDoS protection on their network or ask your current provider what type of filtering you can put in place. They should be able to block whatever type of traffic you ask from going to your server. If they dont currently offer DDoS protection then they prob will not be able to do anything about it.

 

I agree when it comes to dos attacks even if you block then offending ip's its still gonna cause severe usage on a software firewall. most datacenters will usually null the ip until it stops. Are your sure its a ddos attack. It could be just someone packeting your ip intentionally with a script

 

LOL @ people suggesting mod_evasive. mod_evasive is for apache, not hl2 servers.

google hl2 css ddos attack

 

Here's where you can download a patch for major DOS attacks on CSS game servers.

http://adminmarketplace.com/downloads.php?do=cat&id=1

DoS Attack Fixer for TF2 v2 : DAF version 2 for TF2. Includes Linux and Windows binaries. Works with all Orangebox engine games if ...

DoS Attack Fixer for CSS v2 : DAF version 2 for Counter-Strike Source. Includes Linux and Windows binaries. Will work with all EP1 ...

Otto Bohn
AdminMarketplace.com
N00bsalad.net

 

>> There is no such script. You have to control that through the Hardware Firewall.

 

I know this is late, but it can help someone looking for a solution.

I see that this is application level attack. Meaning attack on application, and not on network. We can block at the OS level using firewall.
We will look at number of established connections(only then it can reach application).

Lets find out which IP address is eating up connections, and we can start blocking them.

ss -n -4 state established  | awk '{print $5}' | egrep -v '(Address:Port|127.0.0.1)'  | cut -d':' -f1 

Code (markup):

Now, lets a count on number of hits per IP.

ss -n -4 state established  | awk '{print $5}' | egrep -v '(Address:Port|127.0.0.1)'  | cut -d':' -f1  | sort -n | uniq -c

Code (markup):

Now, decide on a threshold level, beyond which we declare as too many hits per IP, and is participating in a DDoS. Let's say we decide, as 20. Lets get those IP, which have more than 20 connections. In this example, we are looking at IPv4.

ss -n -4 state established  | awk '{print $5}' | egrep -v '(Address:Port|127.0.0.1)'  | cut -d':' -f1  | sort -n | uniq -c | awk '$1 > 20 {print $2}'

Code (markup):

Lets use ipset and iptables to block these IPs.

ipset create ddosingips hash:ip
iptables -I INPUT -m set --match-set ddosingips  src -j DROP

Code (markup):

Now lets populate, the ipset.

ss -n -4 state established  | awk '{print $5}' | egrep -v '(Address:Port|127.0.0.1)'  | cut -d':' -f1  | sort -n | uniq -c | awk '$1 > 20 {print $2}' | while read ipaddress; do ipset test ddosingips $ipaddress || { ipset add ddosingips $ipaddress ; echo "Blocked $ipaddress"; } ; done   

Code (markup):

You can run the code regularly, by putting it in a script, and running watch.

watch -n10 mitigateddosh.sh

Code (markup):