L4 DDoS Mitigation Help

[airilxx]

Hello DevBest,
Recently for the past few weeks, my VPS has been hit my a large scale L4 and L7 DDoS attacks, which causes huge downtime on my VPS and hotel itself.
However, last night attack was a large scale attack which causes my hosting to temporarily disabled my VPS. Previously, I've already setup a Proxy VPS, running on HAProxy, however they began to attack the proxy VPS and caused it to temporarily suspended by my hosting provider.
I've took necessary measures such as using proxy on my client, harden the security of IIS and only allowing CloudFlare IPs to access my VPS, but they still finds way to exploit it.
BTW, I've already recognized the attackers of my hotel, and method they're using to bypass my VPS, but I won't spill for now.

However back to the point, I would like to ask recommendations for best TCP Proxy that able to mitigate (or at least reduce) these L4 scale attacks. I know there's already multiple similar threads being asked in here. But I find that they're not up-to-date at the time being. Thank you!

 

[Joe]

javapipe.com have good but pricey proxy’s or an OVH game dedicated server, as you can optimise the firewall very well.

 

[BIOS]

It sounds like they are overwhelming the actual TCP proxy rather than your server. I would probably recommend getting a protected server in that case, e.g. from OVH or zare.com. HAProxy is better than nothing but does have limits. There are some higher bandwidth TCP proxies out there but they get quite costly.

Also use the firewall provided by your hosting provider to block malicious traffic (i.e. non-Cloudflare IPs and such), otherwise your server is gonna be processing unnecessary garbage which will also slow it down.

 

[Johno]

Which emulator are you using ?

 

[airilxx]

javapipe.com have good but pricey proxy’s or an OVH game dedicated server, as you can optimise the firewall very well.

Thank you for your recommendation, I've also planned to use OVH as they provide DDoS Protection from their end.

It sounds like they are overwhelming the actual TCP proxy rather than your server. I would probably recommend getting a protected server in that case, e.g. from OVH or zare.com. HAProxy is better than nothing but does have limits. There are some higher bandwidth TCP proxies out there but they get quite costly.

Also use the firewall provided by your hosting provider to block malicious traffic (i.e. non-Cloudflare IPs and such), otherwise your server is gonna be processing unnecessary garbage which will also slow it down.

Exactly! They floods up the entire TCP Proxy since I've already mitigated L7 attacks via CloudFlare. However I'll might look into finding new TCP Proxy , or host it by my own using Linux VPS. By the way , I suspect they're using some kind of botnet to launch the attacks since the traffic was a bit unusual than regular DDoS attacks.

Which emulator are you using ?

I'm currently using PlusEMU. I've already imposed connection limits per IP, but they're able to bypass them.

 

[Maatt]

X4b.net for your TCP proxy.
Use Ddos-guard.net normal package to protect your website.

avoid any of the 4it/xhosts crap as it will down your hotel daily.

Utilise captcha technology on your website and protect as much of the cms as possible from users who are not logged in.

 

[airilxx]

Thanks guys for the recommendations. I've moved my entire hotel to my old VPS Hosting provider. Apparently they've provided me with a VPS from OVH, and immediately managed to mitigate the attacks launched on my hotel right after several hours of reopening.

I've decided to deactivate those suspended VPS since they inform me that I would need to pay some fines if my IPs gets blocked again. I hope these recommendations would help others that searching for the best protections on their hotel.