CaioVictor Posted August 13, 2013 Group: Members Topic Count: 22 Topics Per Day: 0.00 Content Count: 75 Reputation: 0 Joined: 05/26/12 Last Seen: November 27, 2013 Share Posted August 13, 2013 Hi rAthena xD First excuse my English. I'm needing to protect my server against DDOS attacks. But i do not know which firewall is best and how will be the first time i set up a firewall on linux, i wonder if someone can help me to install and configure. Can anyone help me? I appreciate any help intention. Att, CaioVictor. Quote Link to comment Share on other sites More sharing options...
Asura Posted August 13, 2013 Group: Members Topic Count: 3 Topics Per Day: 0.00 Content Count: 707 Reputation: 168 Joined: 01/26/12 Last Seen: February 7, 2014 Share Posted August 13, 2013 Hi CaioVictor, CSF requires IPTables to work. Also, Software Firewall can only protect you from DOS attacks; DDOS attacks will either consume all your RAM/CPU while your Software Firewall blocks it. And there's also your server port limitation; say if you have a 100mbit port, then a 10mbps flood would hit off your server (same with 1gbit with a 100mbps flood). If you are serious about server hardening; you will need to make modifications on your sysctl.conf to harden your kernel for TCP-based attacks/floods. You are only able to do this if you have a KVM/XEN or a Dedicated Server; OpenVZ-based service should have been set up by your hosting provider. The only legit way of protecting your server from DDOS is if you have a hardware filter; NOT hardware firewall, firewalls can block most UDP-based attacks but you will have trouble with TCP (SSYN, ESSYN, SYN, ACK, etc.) Quote Link to comment Share on other sites More sharing options...
CaioVictor Posted August 13, 2013 Group: Members Topic Count: 22 Topics Per Day: 0.00 Content Count: 75 Reputation: 0 Joined: 05/26/12 Last Seen: November 27, 2013 Author Share Posted August 13, 2013 (edited) Hi Asura, thanks for answering! My problems with ddos attacks are not serious, however, it's making the map-server crash time to time. In that case what would be best to solve the attacks? Again thanks for replying! Att, CaioVictor. Edited August 13, 2013 by CaioVictor Quote Link to comment Share on other sites More sharing options...
ccjosh Posted August 13, 2013 Group: Members Topic Count: 13 Topics Per Day: 0.00 Content Count: 66 Reputation: 6 Joined: 11/13/12 Last Seen: November 17, 2014 Share Posted August 13, 2013 Are you sure that you're receiving attacks? Maybe it's just a faulty svn version(?) Could you paste here your crash dumps? Quote Link to comment Share on other sites More sharing options...
Asura Posted August 13, 2013 Group: Members Topic Count: 3 Topics Per Day: 0.00 Content Count: 707 Reputation: 168 Joined: 01/26/12 Last Seen: February 7, 2014 Share Posted August 13, 2013 Hi CaioVictor, ccjosh may be right. If all you are receiving are map-server crashes, it is most likely not a DDOS attack. I would recommend that you try to get a core dump if it is crashing completely or try to run map-server verbose and log everything to see what error message(s) you get when it crashes. Quote Link to comment Share on other sites More sharing options...
Jasc Posted August 13, 2013 Group: Members Topic Count: 29 Topics Per Day: 0.01 Content Count: 270 Reputation: 20 Joined: 12/10/11 Last Seen: June 28, 2022 Share Posted August 13, 2013 Use GDB, it will tell you where in the source that the error originated from that caused the crash Quote Link to comment Share on other sites More sharing options...
CaioVictor Posted August 13, 2013 Group: Members Topic Count: 22 Topics Per Day: 0.00 Content Count: 75 Reputation: 0 Joined: 05/26/12 Last Seen: November 27, 2013 Author Share Posted August 13, 2013 Hi ccjosh, Asura and Jasc xD Thank you all for helping! Referring to the map-server crash this stopped falling, however, i've found DDOS attacks in logs, then the server simply closes, it is due to the attacks right? I have used the GDB to identify the problem and there was no problem with the source and SVN version, which leads me to believe that the problem is ddos attacks. I'll try to install IPTABLES, is there any existing configuration so that i can apply while i learn how to set it up myself? Please, if not more uncomfortable, help me to install and configure, because with time i will learn to make my own settings, but at the moment i really need to stop these attacks! Asura, i'm from Brazil and would have to convert the BRL to Dollar, you could do a special price on their host with ddos protection? Att, CaioVictor. Quote Link to comment Share on other sites More sharing options...
Asura Posted August 13, 2013 Group: Members Topic Count: 3 Topics Per Day: 0.00 Content Count: 707 Reputation: 168 Joined: 01/26/12 Last Seen: February 7, 2014 Share Posted August 13, 2013 Hi CaioVictor, If your emulator has stopped crashing, and you are getting a 'Server Disconnection' issue while playing; then it probably is DDOS. When you are able to access your server again, is your map/login/char servers still running? Please let me know. As for purchasing a hosting service, please send me a PM of what specifications you need (Disk Space, RAM, CPU); thanks. Quote Link to comment Share on other sites More sharing options...
CaioVictor Posted August 13, 2013 Group: Members Topic Count: 22 Topics Per Day: 0.00 Content Count: 75 Reputation: 0 Joined: 05/26/12 Last Seen: November 27, 2013 Author Share Posted August 13, 2013 Hi Asura ^^' Actually the map/login/char servers close, and I have to reboot, it happens sometimes! Can, you help-me to install and configure IPTABLES? Att, CaioVictor. Quote Link to comment Share on other sites More sharing options...
Jasc Posted August 13, 2013 Group: Members Topic Count: 29 Topics Per Day: 0.01 Content Count: 270 Reputation: 20 Joined: 12/10/11 Last Seen: June 28, 2022 Share Posted August 13, 2013 Packet_Athena.conf //----- IP Rules Settings ----- // If IP's are checked when connecting. // This also enables DDoS protection. enable_ip_rules: no Try setting that to no. Then use an auto-restarter script for linux, that way you don't always have to reboot it, it will reboot itself when it goes down Quote Link to comment Share on other sites More sharing options...
CaioVictor Posted August 13, 2013 Group: Members Topic Count: 22 Topics Per Day: 0.00 Content Count: 75 Reputation: 0 Joined: 05/26/12 Last Seen: November 27, 2013 Author Share Posted August 13, 2013 (edited) Hi Jasc ^^' I had configured the "enable_ip_rules" to "yes" earlier! But what would this auto-restarter? I do not know, can you explain better what would it be? Att, CaioVictor. EDIT 01 => I wonder how do I install iptables and what settings I apply, can someone help me? Doing that shows on this topic http://rathena.org/board/topic/67002-iptables-rule-for-rathena/?p=123843 answered by Asura Is correct and work? Even with external connection of the database? Att, CaioVictor. EDIT 02 => I believe that the subject of the topic is closed, right? To keep the forum organized, I think this topic can be closed.I'll open a new topic on configuring iptables!Many thanks to all for your help and support! Att, CaioVictor. Edited August 14, 2013 by CaioVictor Quote Link to comment Share on other sites More sharing options...
Asura Posted August 14, 2013 Group: Members Topic Count: 3 Topics Per Day: 0.00 Content Count: 707 Reputation: 168 Joined: 01/26/12 Last Seen: February 7, 2014 Share Posted August 14, 2013 Hi Asura ^^' Actually the map/login/char servers close, and I have to reboot, it happens sometimes! Can, you help-me to install and configure IPTABLES? Att, CaioVictor. Hi CaioVictor, I recommend that you check your actual provider's uptime by going to your SSH/Terminal and typing; uptime It's possible that your host is restarting your node constantly, causing your service to close. I have never seen all 3 servers (map/char/login) crash at the same time for no reason... Quote Link to comment Share on other sites More sharing options...
CaioVictor Posted August 14, 2013 Group: Members Topic Count: 22 Topics Per Day: 0.00 Content Count: 75 Reputation: 0 Joined: 05/26/12 Last Seen: November 27, 2013 Author Share Posted August 14, 2013 Hi Asura xD This is the uptime and is just 4 days online because 4 days ago I rebooted the host. 19:36:13 up 4 days, 1:43, 1 user, load average: 0.00, 0.01, 0.00 Thanks for replying again! I know the server is falling attacks because the consoles emulator displays the message =\ Att, CaioVictor. Quote Link to comment Share on other sites More sharing options...
Asura Posted August 14, 2013 Group: Members Topic Count: 3 Topics Per Day: 0.00 Content Count: 707 Reputation: 168 Joined: 01/26/12 Last Seen: February 7, 2014 Share Posted August 14, 2013 Hi Asura xD This is the uptime and is just 4 days online because 4 days ago I rebooted the host. 19:36:13 up 4 days, 1:43, 1 user, load average: 0.00, 0.01, 0.00 Thanks for replying again! I know the server is falling attacks because the consoles emulator displays the message =\ Att, CaioVictor. Hi CaioVictor, Can you copy & paste the message? Quote Link to comment Share on other sites More sharing options...
CaioVictor Posted August 14, 2013 Group: Members Topic Count: 22 Topics Per Day: 0.00 Content Count: 75 Reputation: 0 Joined: 05/26/12 Last Seen: November 27, 2013 Author Share Posted August 14, 2013 (edited) Hi ^^' Sure I can, but in my case is in Portuguese, is as follows: [Aviso]: connect_check: Ataque DDoS detectado a partir do endere‡o xxx.xxx.xxx.xxx! Att, CaioVictor. Edited August 14, 2013 by CaioVictor Quote Link to comment Share on other sites More sharing options...
Asura Posted August 15, 2013 Group: Members Topic Count: 3 Topics Per Day: 0.00 Content Count: 707 Reputation: 168 Joined: 01/26/12 Last Seen: February 7, 2014 Share Posted August 15, 2013 Hi CaioVictor, But DDoS attacks do not shut off your map/char/login servers; they only affect your server's network... it shouldn't be closing your servers down. Quote Link to comment Share on other sites More sharing options...
CaioVictor Posted August 15, 2013 Group: Members Topic Count: 22 Topics Per Day: 0.00 Content Count: 75 Reputation: 0 Joined: 05/26/12 Last Seen: November 27, 2013 Author Share Posted August 15, 2013 Hi Asura xD That is what I'm thinking. Anyway, i need protection to prevent future problems with attacks, right? Many thanks for your help and support! Att, CaioVictor. Quote Link to comment Share on other sites More sharing options...
Abueloton Posted August 15, 2013 Group: Members Topic Count: 2 Topics Per Day: 0.00 Content Count: 6 Reputation: 0 Joined: 08/24/12 Last Seen: June 4, 2023 Share Posted August 15, 2013 Hi CaioVictor The one solution is faildBan Guide for Debian To install fail2ban we just have to: Refresh our system and likewise give you a cleaned ara not all bad: # aptitude update && aptitude safe-upgrade && aptitude clean && aptitude autoclean Then make install fail2ban # apt-get install fail2ban Now our fail2ban is installed. These can ayduar you to configure: Restart # /etc/init.d/fail2ban restart Starte # /etc/init.d/fail2ban start Stop # /etc/init.d/fail2ban stop Status check fail2ban # /etc/init.d/fail2ban status Configure: Enter residence address and edit the file. /etc/fail2ban/jail.local The log ban was faild residence address: /var/log/fail2ban.log Note: Remember that "#" indicates the console commands Quote Link to comment Share on other sites More sharing options...
ccjosh Posted August 15, 2013 Group: Members Topic Count: 13 Topics Per Day: 0.00 Content Count: 66 Reputation: 6 Joined: 11/13/12 Last Seen: November 17, 2014 Share Posted August 15, 2013 CaioVictor, Weird. Can you specify your server specs? Maybe your RAM is failing. Do you have other services running in your server other than your emulator and MySQL? You could do a top to see what's eating your RAM. Also, do you have custom cron jobs to check your emulator's services? Quote Link to comment Share on other sites More sharing options...
Asura Posted August 15, 2013 Group: Members Topic Count: 3 Topics Per Day: 0.00 Content Count: 707 Reputation: 168 Joined: 01/26/12 Last Seen: February 7, 2014 Share Posted August 15, 2013 Hi CaioVictor, I would not recommend fail2ban over CSF, CSF is definitely better. Also, I would recommend that you find out why your RO emulator is crashing; I still doubt that it is DDOS attacks. Quote Link to comment Share on other sites More sharing options...
CaioVictor Posted August 15, 2013 Group: Members Topic Count: 22 Topics Per Day: 0.00 Content Count: 75 Reputation: 0 Joined: 05/26/12 Last Seen: November 27, 2013 Author Share Posted August 15, 2013 (edited) Hi Abueloton ^^' I've thought about installing fail2ban, but first need to apply a minimum of protection with firewall, then install the fail2ban. However, thanks for the detailed information will be very useful. ccjosh thanks for replying too xD The only things that are currently running on the server are mysql and emualdor! There is no active cron jogs. I'm sure the problem is not exceeded memory, for I always do checks memory consumption xD If it is not asking too much, you could check this post for me? http://rathena.org/board/topic/86250-iptables-configuration/?p=216890 I will study the CSF to see if learn something, and stop the mess you xD Att, CaioVictor. Edited August 15, 2013 by CaioVictor Quote Link to comment Share on other sites More sharing options...
Asura Posted August 15, 2013 Group: Members Topic Count: 3 Topics Per Day: 0.00 Content Count: 707 Reputation: 168 Joined: 01/26/12 Last Seen: February 7, 2014 Share Posted August 15, 2013 Hi CaioVictor, CSF is really easy to use; after installation, you just edit '/etc/csf/csf.conf' and change values to whatever you like. Everything is explained well in the csf.conf file. Quote Link to comment Share on other sites More sharing options...
CaioVictor Posted August 16, 2013 Group: Members Topic Count: 22 Topics Per Day: 0.00 Content Count: 75 Reputation: 0 Joined: 05/26/12 Last Seen: November 27, 2013 Author Share Posted August 16, 2013 Hi Asura ^^' Thanks for all the help you gave me!I installed and configured the iptables, i'm using basic settings for a while i did not learn about this firewall. Thank you for not abandoning this topic! Att, CaioVictor. Quote Link to comment Share on other sites More sharing options...
Question
CaioVictor
Hi rAthena xD
First excuse my English.
I'm needing to protect my server against DDOS attacks.
But i do not know which firewall is best and how will be the first time i set up a firewall on linux, i wonder if someone can help me to install and configure.
Can anyone help me?
I appreciate any help intention.
Att,
CaioVictor.
Link to comment
Share on other sites
22 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.