As I was making a player bot the other day I stumbled on something that most small scale servers should watch out for. As I was making the bot, I left out a end of line around the "ping" portion of the code and since the code was then designed to keep always online, these Ping process became zombie's but yet still pinged, moving on 10 minutes. There was 1,000 of these process that I never realised happened. I was testing it out on a random server I found at the time, Jon's sever. And eventually, and unintentionally, it became a dos (You can call it a ddos since there was a large amount of shells running it) and crashed his server unintentionally. Luckily my ISP locked me out for 10 minutes which caused me to search for what went wrong. Now that backstory is all set, we can move to my point. DDOS PROTECTION. You wouldn't realise it most small lets say 1GB vps server resellers ship your VPS without decent ddos protection. Or if they do, they ship it to you with null routing which basically just wreaks your internet connection while they wait for your sever to stop being under attack. What happens if I don't have DDOS protection? Well first you'll see small amounts of lag, then player locations will be muffled. And this continues until unplayable lag while the networking portion of the pocketmime code uses memory to accept socket connections and to keep them open. And when you're memory is gone, the server goes dead and crashes. If you've given most of your VPS' ram to the server , well then the VPS itself might crash. And that's bad news for data retention as Linux saves data in blocks to a storage medium , occasionally , not instantly to save performance. So what am I really saying? 1) Good DDOS shield from providers, Arbor is am example a decent DDOS shield 2) Implement IPTable blocking if the DDOS comes from the same source. 3) Install a SSH guard if a DDOS is to hurt your VPS rather than your Server which will prove the same result 4) Try to be nice to your players since most of them can't drive and might get "upset" and attack your server with the online tools of the internet that I'll not be mentioning. Slàn.
At least have some implemention of open source DDOS protection like https://github.com/FastVPSEestiOu/fastnetmon
Having been the target of up to 10Gbps attacks during my time of hosting Minecraft (PC) servers I quickly learnt that there's no such thing as software DDoS protection. You need powerful hardware that is dedicated to filtering bad network packets.
Depends on what you consider "Software" fail2ban would be an example of potential DDOS protection or brute force software defense against SSH logins on Unix systems in accordance with the firewall, but the same method could be regurgitated if a script kiddy is using something like LOIC that repeats its packet contents which would make it easy for a system similar to fail2ban defend against DDOS attacks.
fail2ban wouldn't defend attacks from random ips. There are booters that send a packet from another IP ever time in the end bringing a server offline. Though I have nothing to worry about because of having ddos protection anyway.
It would actually, depending on your timeout and leniency. The only way it would be under preforming if a DDOS network was harmonizing IP's to use them selves at certain points then have a cool off period and be removed from the "pool" and vise versa.
OVH comes with very good and very cheap DDoS protection.. I'm guessing most people here use control panels and what not, so switching to unmanaged hosting might be difficult.
100mbps is rubbish and it's not as if you're actually going to get that amount maybe less. Yes ovh have good ddos protection but thats about it.
