Make Game Server DDoS-Protected

0

0

I'm a real noob in "server discussions".

Im running game servers on Debian 8 but the datacenter doesn't provide physical firewall, So Im looking for a way to make my servers ddos protected, I did blocked all ports except SSH Port, GameServer Ports, FTP Port, MySQL Port and HTTP Port..

I also changed SSH Port so It's harder to attack my server using SSH Port.

Server only returns ping when I ping it on GameServer port, SSH port, HTTP Port and FTP Port, other ports are blocked or only reachable from the localhost.

My questions are:

  1. Is there any way to hide my server IP and list the server with domain?
  2. Is there any way to use CDN on a gameserver?
  3. What else can I do to make my server more protected?

DarkSuniuM

Posted 2017-06-29T12:23:22.630

Reputation: 103

Answers

0

Is there anyway to hide my server IP and list the server with domain?

No. A domain name is just a human-friendly alias for an IP address. Try typing in a command prompt:

nslookup superuser.com

Using a domain name avoids you from giving the exact IP to your users, but does not hide anything. Even if you pick the server from a server selection screen in-game, without seeing its IP or domain name, you can get the IP by analysing packets with a tool like Wireshark.

Is there anyway to use CDN on a gameserver?

There again, no. A CDN is for static content, like HTML pages or JavaScript source files. What you can do is load-balancing, but you will need several game servers, and depending on your game, there is no guarantee that they will work together anyway.

What else can I do to make my server more protected?

  • Choose a server provider that offers DDoS protection. I'm renting a server at Kimsufi, they offer free DDoS protection with all of their servers (I don't work for them, I'm just one of their clients).

  • If the server software has anti-DDoS protections, make sure they are enabled (I doubt a game server has any, but for instance OpenVPN has some).

  • You can host your game server in a VPN you own, but this will only move the problem towards the VPN server (which still can have more anti-DDoS protections).

  • Make sure the SSH of your server is hardened. Disable password authentication (at least for root) and install an anti-bruteforce program like fail2ban. Disable SSH1, and make sure RSA keys (if there are any) are at least 2048 bits long.

  • Make sure your server is up to date. Regularly run apt-get update and apt-get upgrade (or the appropriate equivalent for your OS).

  • Block the FTP port, unless you have a specific application that absolutely requires FTP, you can use SFTP for file transfers, which operates over the SSH port.

  • Make sure that whatever you do with iptables, you also do it with ip6tables. Also make sure that after that, you actually save the rules:

    iptables-save > /etc/iptables/rules.v4

    ip6tables-save > /etc/iptables/rules.v6

(might need to be adapted to your distro)

Nathan.Eilisha Shiraini

Posted 2017-06-29T12:23:22.630

Reputation: 2 503

Thanks for your answer, My clients are from Iran, I have to provide them low ping servers, since they have bad ping on every country except Iran, I can't rent a server from Kimsufi or somewhere like that, Renting a server with physical firewall and DDoS Protection is go expensive in Iran, The best thing they can do is set a rule to make server Iran Access everytime it get attacked. Can u gimme a link about OpenVPN Software Firewall ? Your answer where helpful thanks <3 – DarkSuniuM – 2017-06-29T13:06:18.820

OpenVPN is not a firewall, it's a Virtual Private Network (VPN) software - basically a soft that will emulate a LAN over the Internet. Bad idea if your users need low-ping server, since it just adds the overhead of encryption and encapsulation. It's not easy to set up, I suggest you google for a tutorial if you're still interested. As for good firewalls I don't think any is better than iptables without also affecting performances. Just don't forget to make sure you apply rules to both iptables and ip6tables and that they are persisted. – Nathan.Eilisha Shiraini – 2017-06-29T13:21:56.833

I know, I used word Firewall cause u said it has some functions to do something like firewall does :D. about iptables-save , I didn't use this command but rules I set were working!! Is it Ok If I set connection limit all connected IPs ? is it possible ? and does it helps me ? – DarkSuniuM – 2017-06-29T13:51:51.927

You don't nedd iptables-save to apply the rules, but you need it to prevent your server form forgetting them when it reboots. As for OpenVPN, its anti-DDoS protections only apply to itself, and add to the already heavy overhead of the VPN. – Nathan.Eilisha Shiraini – 2017-06-29T13:57:24.120

1DDoS protection will not prevent a DDoS attack 100% of the time. So your server or service can still be the victim of a DDoS attack. If it happens you deal with it. – Ramhound – 2017-06-29T14:28:51.727

Asked: 2017-06-29T12:23:22.630

Viewed: 563 times

Active: 2017-06-29T13:25:02.757