need desperate help on vps problem!

(twt_thunder) #1

i got this notice:

[This complaint has been sent to us earlier. Please investigate and resolve.

Brian T


Good Day

I wanted to report that one of your IP addresses was used by botnet to DDOS websites of our company: 46.4.175.147


The attack started on 31 October at about a 20:00 ETC+2 TZ 

Most of servers, that participated in attack run game service: Call Of Duty or other Quake ]l[ Arena based services.
These engines have bug that allow remote attacker to use them for UDP flooding victims.
Attacker send spoofed 15 byte UDP packets to game server and server send ~500 byte response to victim.

Please take all necessary actions in order to stop and prevent such DDOS attacks in future.
It cause big loses to our company and our to customers.

Thank you in advance/CODE]

is there any way to secure the server for this?
atleast i know it IS NOT pb doing the ****, coz i've tried without the pb activated

all help are apreciated

it's a linux vps
(king_troll) #2

rent a dedicated clan box to run servers on, from a game server hoster

(gaoesa) #3

You are in luck for having Linux VPS. With Windows servers the problem is far more problematic.

Here is a thread for handling this issue:
http://www.splashdamage.com/forums/showthread.php/22936-POTENTIONAL-FIX-etded.x86-getstatus-exploit

It contains solutions for scripts and dynamic firewall rules. The first thing you might want to do is to block all incoming UDP packets with the sourceport 80. Unless you need that open. Most DDOS attacks attack against websites. But they also attack against other ports so that is not enough as a whole.

(twt_thunder) #4

[QUOTE=gaoesa;383740]You are in luck for having Linux VPS. With Windows servers the problem is far more problematic.

Here is a thread for handling this issue:
http://www.splashdamage.com/forums/showthread.php/22936-POTENTIONAL-FIX-etded.x86-getstatus-exploit

It contains solutions for scripts and dynamic firewall rules. The first thing you might want to do is to block all incoming UDP packets with the sourceport 80. Unless you need that open. Most DDOS attacks attack against websites. But they also attack against other ports so that is not enough as a whole.[/QUOTE]

have looked at this, thanx

found something else too:

http://configserver.com/index.html