"Questions about server hosting and (d)dos"

[coolzeldad]

Hey guys, I just got asked this question recently and have also in the past. I thought it would be useful to post this so everyone could understand an idea of how to go about basic security in hosting. I may add to this in the future if I think of something else. Feel free to ask questions if you have any.

First of all, how many attacks (connection-, command spam, etc.) have you received in a year, approximately?

Do you think your protections that you currently have actually do anything? How many attacks would you say they block?

Hi,

Well, attacks are common for most public services. I would say you are most vulnerable from 0day exploits, which has happened even for GMod multiple times in the past years. These are exploits found and used before production environments get a chance to respond to them and as such can be very catastrophic.

Obviously your level of control over the server determines what you can do, but I would make sure that your server is running under it's own limited access user account. Make sure all of the permissions are set securely ( not allowing write or read for users outside of the group or something else depending on your configuration ). Lock down the server as much as possible; the more things that are open means more potential risk.

The most attacks from GMod specifically that I have received were simple DoS. It usually involved some sort of source engine exploit or a single box attempting to saturate the servers' connection. However, there were periods of time where certain DDoS headed the servers' direction via reflection. The main target being the bandwidth and the intention to saturate it. These were particularly hard to deal with because even if you drop the attack it is still routed to you. If you have a good provider you can maybe request them to not route the attack traffic to you from their end, assuming they have bigger pipes, which may allow service to return to normal. If not, you can either change your address or wait it out.

I don't have specific details for amount per time, however it hasn't really stopped. We have been getting stuff recently as well.

Typically DDoS protections promise to do what I was explaining above due to the nature of the attack, however DoS 'protections' may be helpful. Unfortunately, I think those are usually packages of relatively common and existing DoS vectors that probably won't pertain to GMod specifically. If you can run your own firewall you can write your own rules to help block trivial DoS attacks. I would never pay for DoS protection personally ( hopefully the host would have their own network relatively secured... ).

OS level bugs can happen of course too; you should always attempt to keep software securely patched, avoid development versions of critical software, etc.

Also, just remember that you should not rely on 'hiding' something as a means to protect it, and if a server does get compromised in most cases you should quarantine and never trust that server or data from it again until reformatted, etc.

Good luck with your hosting.