Skip to content
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Donate
Collapse

Plutonium
  1. Home
  2. BO2 Server Hosting Support
  3. Provider thinks that Plutonium Servers are a DDOS attack?

Provider thinks that Plutonium Servers are a DDOS attack?

Scheduled Pinned Locked Moved BO2 Server Hosting Support
5 Posts 4 Posters 320 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • THS.Shiniriundefined Offline
    THS.Shiniriundefined Offline
    THS.Shiniri
    wrote on last edited by
    #1

    Does anyone have a Provider for their Servers and encounter Messages from their Provider that seemingly there is a DDOS for your Servers?

    Since I switched around way to often thinking it was the providers fault. But as of now 3 different Providers told me that a DDOS strike occured over multible IPs (all IPs from our Player base which were all InGame as the "DDOS" takes place) over our Server Ports send X amount of packets resulting in 300 Mbit/s traffic. This behaviour causing my Servers to be blocked cause they are the Source.

    Since I setup multiple VPS Systems Providers Servers and new configs for them leaving nearly no space for thinking that is something wrong with the Provider nor Servers nor Configs, I think it has something to do with Plutoniums end.

    Thats why I am asking If others have experienced the same. (I host 23 Servers)

    Attachments:

    netcup notification:

    A few minutes ago a massive attack on your product v2202111132827168457 took place. We therefore route the affected IP address 202.61.238.83 via our free DDoS filter. This filters all packets that cause the DDoS. In this way, the services of your server that are not attacked can still be reached. Due to the filtering, the packet runtimes may be somewhat longer.

We check at regular intervals whether the attacks have subsided. As soon as this has happened, we will route the IP address 202.61.238.83 directly to your server again.

Here you will find extracts from the log that describe the attack:
Start: 2021-11-22T14: 59: 24 + 00: 00
Destination: 202.61.238.83
Direction: Incoming
Bandwidth: 301.199920654 Mbit / s
Packets per second: 856 026 pps


The following attack types were recognized:
This alert was generated due to fast flood detection. The "UDP" host alert signature has been triggered at router "bbr01.anx25.fra.de". (expected rate: 100.00 Kpps, observed rate: 250.01 Kpps)



The following pattern were detected:
Protocol: UDP
Destination Port: 4991
Source Networks: 107.XXX.XXX.12 / 32
Source Port: 1024-65535
Traffic Data: 88739163 pps

Protocol: UDP
Destination Port: 4991
Source Networks: 45.XXX.XXX.36 / 32
Source Port: 1024-65535
Traffic Data: 83525773 pps



Following Combinations are now ratelimited:
SRC: 107.XXX.XXX.12 / 32 SRCPORT: 1024-65535 DSTPORT: 4991 PROTO: UDP
SRC: 45.XXX.XXX.36 / 32 SRCPORT: 1024-65535 DSTPORT: 4991 PROTO: UDP

    contabos notification:

    we will contact you to inform you that your server at Contabo is currently the target of a very large network attack. The attack was recognized by our network and is automatically blocked to ensure the availability of your server.

The following IP address is affected by this attack:

XX.XX.XXX.XX

Please note that the filter measures in rare cases also result in data packets that are not part of the attack being discarded by our network. In these few cases, the availability of certain services on your server may be restricted. This measure remains active for the duration of the attack.

If you are in contact with the attacker, do not inform him under any circumstances about this measure. Otherwise a long-term blocking of your server cannot be ruled out.

Please do not hesitate to contact us if you have any further questions or if we can be of assistance with this matter.
    Dss0undefined 1 Reply Last reply
    0
    • Dss0undefined Offline
      Dss0undefined Offline
      Dss0 Plutonium Staff
      replied to THS.Shiniri on last edited by Dss0
      #2

      THS.Shiniri i honestly see no way even 23 full pluto servers could generate 300Mbit/s of traffic..

      1 Reply Last reply
      0
      • Xerxesundefined Offline
        Xerxesundefined Offline
        Xerxes Plutonium Staff
        wrote on last edited by
        #3

        You need to carefully read, you are being attacked and not the attacker.
        107.189.8.12 and 45.61.187.36 are known to try to DDoS multiple Plutonium game server, they don't have a lot of bandwidth (the highest I got in multiple attacks was 252 mbit/s which is not even enough for my residential connection; LOL) and just flood the server with too many shit packets it needs to look at. Simply block them off in your firewall.

        That's what happens when you attract "professional" and "competitive" Tekno Server "Hoster"

        THS.Shiniriundefined Ezzundefined 2 Replies Last reply
        0
        • THS.Shiniriundefined Offline
          THS.Shiniriundefined Offline
          THS.Shiniri
          replied to Xerxes on last edited by
          #4

          Xerxes hmm okay then i try to Block those ips in Windows i guess?

          Protocol: UDP
          Destination Port: 4991
          Source Networks: 107.189.8.12/32
          Source Port: 1024-65535
          Traffic Data: 88739163 pps

          Protocol: UDP
          Destination Port: 4991
          Source Networks: 45.61.187.36/32
          Source Port: 1024-65535
          Traffic Data: 83525773 pps

          Protocol: UDP
          Destination Port: 4986
          Source Networks: 84.248.25.159/32
          Source Port: 4976
          Traffic Data: 24985 pps

          Protocol: UDP
          Destination Port: 4986
          Source Networks: 85.76.111.226/32
          Source Port: 39010
          Traffic Data: 13926 pps

          Protocol: UDP
          Destination Port: 4993
          Source Networks: 79.109.161.224/32
          Source Port: 4976
          Traffic Data: 5324 pps

          1 Reply Last reply
          0
          • Ezzundefined Offline
            Ezzundefined Offline
            Ezz
            replied to Xerxes on last edited by
            #5
            This post is deleted!
            1 Reply Last reply
            0

            • Login
            • Don't have an account? Register
            • Login or register to search.
            • First post
              Last post
            0
            • Recent
            • Tags
            • Popular
            • Users
            • Groups
            • Donate