1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Need a protection script agenst DDoS attacks for my counter strike server

Discussion in 'Security' started by jamesfenwick, Nov 26, 2008.

  1. #1
    Hey guys, my css server recently got attacked by a DDoS, And i was wondering if anyone has a script to protect my server, If anyone has a script that will work for a counter strike sever that would be great.
    SEMrush
     
    jamesfenwick, Nov 26, 2008 IP
    SEMrush
  2. night_fall

    night_fall Peon

    Messages:
    70
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    hello jamesfenwick what is the OS (operating system) are you using, what network equipment are installed before your server etc.

    Much more informations will be apreciated to solve your problem.
     
    night_fall, Nov 29, 2008 IP
  3. hexmax

    hexmax Peon

    Messages:
    44
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    hi
    if you run linux apache 2.x do this

    cd /usr/src 
    Code (markup):
    wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
    Code (markup):
    tar xfz mod_evasive_1.10.1.tar.gz 
    Code (markup):
    cd mod_evasive
    Code (markup):
    Find the location of Apache Extension Tool (apxs) binary and perform the following.

    type apxs 
    Code (markup):
    or

    find / -type f -name apxs -print 
    Code (markup):
    $[COLOR="Red"]APACHE_ROOT[/COLOR]/bin/apxs -cia mod_evasive20.c 
    Code (markup):


    Configure mod_evasive for Apache Find a location of httpd.conf, and edit with the following contents.


    <IfModule mod_evasive20.c>
    DOSHashTableSize 3097
    DOSPageCount 2
    DOSSiteCount 50
    DOSPageInterval 1
    DOSSiteInterval 1
    DOSBlockingPeriod 300
    </IfModule> 
    Code (markup):
     
    hexmax, Nov 29, 2008 IP
  4. sclek

    sclek Banned

    Messages:
    28
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #4
    He is trying to stop ddos attacks on his counter strike server, not apache server.
     
    sclek, Nov 29, 2008 IP
  5. fiberand

    fiberand Peon

    Messages:
    102
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    There isn't really a script that is going to truly protect your server from a DDoS attack. If you have root on the server you can set up some iptables rules but that isnt going to stop the DDoS from coming in on the line. You need to find a provider that has DDoS protection on their network or ask your current provider what type of filtering you can put in place. They should be able to block whatever type of traffic you ask from going to your server. If they dont currently offer DDoS protection then they prob will not be able to do anything about it.
     
    fiberand, Nov 30, 2008 IP
  6. zeromaster

    zeromaster Peon

    Messages:
    38
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    I agree when it comes to dos attacks even if you block then offending ip's its still gonna cause severe usage on a software firewall. most datacenters will usually null the ip until it stops. Are your sure its a ddos attack. It could be just someone packeting your ip intentionally with a script
     
    zeromaster, Dec 4, 2008 IP
  7. SSANZ

    SSANZ Peon

    Messages:
    865
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    0
    #7
    LOL @ people suggesting mod_evasive. mod_evasive is for apache, not hl2 servers.

    google hl2 css ddos attack
     
    SSANZ, Dec 18, 2008 IP
  8. Ottobohn

    Ottobohn Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #8
    Here's where you can download a patch for major DOS attacks on CSS game servers.

    http://adminmarketplace.com/downloads.php?do=cat&id=1

    DoS Attack Fixer for TF2 v2 : DAF version 2 for TF2. Includes Linux and Windows binaries. Works with all Orangebox engine games if ...

    DoS Attack Fixer for CSS v2 : DAF version 2 for Counter-Strike Source. Includes Linux and Windows binaries. Will work with all EP1 ...

    Otto Bohn
    AdminMarketplace.com
    N00bsalad.net
     
    Ottobohn, Apr 1, 2009 IP
  9. hostechsupport

    hostechsupport Well-Known Member

    Messages:
    411
    Likes Received:
    23
    Best Answers:
    7
    Trophy Points:
    138
    #9
    >> There is no such script. You have to control that through the Hardware Firewall.
     
    hostechsupport, Jul 7, 2018 IP
  10. bountysite

    bountysite Member Premium Member

    Messages:
    42
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    33
    #10
    I know this is late, but it can help someone looking for a solution.

    I see that this is application level attack. Meaning attack on application, and not on network. We can block at the OS level using firewall.
    We will look at number of established connections(only then it can reach application).

    Lets find out which IP address is eating up connections, and we can start blocking them.
    ss -n -4 state established  | awk '{print $5}' | egrep -v '(Address:Port|127.0.0.1)'  | cut -d':' -f1 
    Code (markup):
    Now, lets a count on number of hits per IP.
    ss -n -4 state established  | awk '{print $5}' | egrep -v '(Address:Port|127.0.0.1)'  | cut -d':' -f1  | sort -n | uniq -c
    Code (markup):
    Now, decide on a threshold level, beyond which we declare as too many hits per IP, and is participating in a DDoS. Let's say we decide, as 20. Lets get those IP, which have more than 20 connections. In this example, we are looking at IPv4.
    ss -n -4 state established  | awk '{print $5}' | egrep -v '(Address:Port|127.0.0.1)'  | cut -d':' -f1  | sort -n | uniq -c | awk '$1 > 20 {print $2}'
    Code (markup):
    Lets use ipset and iptables to block these IPs.
    ipset create ddosingips hash:ip
    iptables -I INPUT -m set --match-set ddosingips  src -j DROP
    
    Code (markup):
    Now lets populate, the ipset.
    ss -n -4 state established  | awk '{print $5}' | egrep -v '(Address:Port|127.0.0.1)'  | cut -d':' -f1  | sort -n | uniq -c | awk '$1 > 20 {print $2}' | while read ipaddress; do ipset test ddosingips $ipaddress || { ipset add ddosingips $ipaddress ; echo "Blocked $ipaddress"; } ; done   
    Code (markup):
    You can run the code regularly, by putting it in a script, and running watch.
    watch -n10 mitigateddosh.sh
    Code (markup):
     
    bountysite, Jan 24, 2019 IP