FiveM - Solution DDoS Attack/Attempt 3

Hello, I hope you’re fine, me it’s great!

For 4 weeks, I received DDoS attacks, so since the attacks are redirected to the port that the server uses to connect to fivem, the server has no room to communicate with FiveM, I had a dedicated OVH, but it did not serve anything, so no one could log in, he had a Attempt 3 error message.

So I found the solution there are two weeks, but believe me, at the level of players I lost a lot. I recently learned that a person who made me a ransom lately, he asked me 100 € otherwise he continued to crash my server, since I did not have them impossible to give him, (and if you him give everyone will do the same). In short if I create this topic to help you face this situation.

Above I give you the solution, I hope that it will help you:

Requirements:

  • Linux (preferably Debian 9)
  • Have confidence in me: D
  • An Ftp and a terminal to access the machine
  • Have ROOT or SUDO access
  1. First install ipset, this will add country restrictions.

cmd: apt-get install ipset

  1. Then you will download this script.sh (4.6 KB)
    1.1 Change port 22 to the port you use to connect [MANDATORY]
    1.2 Then drag this file into the directory: /etc
    1.3 Then in your terminal type: crontab -e
    1.4 Download this file crontab.txt (29 Bytes) and add the contents of this file manually to the terminal
    1.5 Type in your terminal:
  • cd /etc
  • ./script.sh

Here is, we just added a restriction on all foreign countries, only French countries can connect, but some people can not connect the coup will add their ip manually, here is the command:
iptables -A INPUT -s 0.0.0.0 -j ACCEPT (replace 0.0.0.0 with the IP you want to allow to connect)

But if you are not French how are you doing?

Answer: you go to this site: http://www.ipdeny.com/ipblocks/data/countries/

Try to think, to understand how the script works, and you add your countries, and you remove the useless countries: D

  1. Now that it is done will be necessary to avoid that each reboot of the machine will have to enter the IP of the players to authorize and your rules to you, for that install: iptables-persistent

Here is the command apt-get install iptables-persistent

During the installation they will ask you if you want to integrate your current rules in the module, I advise you to accept to avoid retyping all your rules :slight_smile:

Here is a tutorial to teach you how to use iptables-persistent: D

FR: https://doc.ubuntu-fr.org/iptables
EN: https://www.digitalocean.com/community/tutorials/how-to-implement-a-basic-firewall-template-with-iptables-on-ubuntu-14-04

Here is, if now I make this message, it is to help people, because me for 1 month I would have liked to help, but nobody does it. And especially because a person just announced that he was going to crash all the servers that have more than 70 players and he was going to ask them a ransom of 300 €, so stay on your guard, this technique helped me a lot and I hope it will help you ^^, I took 1 hour to write you that I hope you will appreciate: D, if there is need for help I am there, do not hesitate to answer this post , and to share it like that a maximum of people will help.

If that does not help you, it is possible that the person who attacks you stays in your country so to find it here is another tutorial:

  1. CMD: apt-get install net-tools
  2. Shut down your FiveM server
  3. CMD: netstat -paunt

Now if you see an IP go out a lot of times with TIMED OUT or whatever you do:

  1. CMD: iptables -A INPUT -s 0.0.0.0 -j DROP (Replace 0.0.0.0 with the IP you have spotted
  2. Restart your server

Normally this will correct this problem once, in any case for me it is set ^^, excuse me if you see mistakes, it’s Google Translation, I do not master enough English to write all that x)

NB: At each restart of the machine please do this otherwise no one can connect to your server! :

CMD: cd /etc
CMD: ./script.sh

Discord : iradium#0009 [I’m not a FiveM element]

9 Likes

Can you recommend any solution for windows server??

5 Likes

Waf, Cloudfront, Akamai etc.

Any CDN or Firewall

1 Like

Great guide!

However, the text I quoted, you can easily set this up as a cronjob: (Use crontab -e)

@reboot /bin/bash /etc/script.sh

It will launch it on every reboot, so you don’t have to do it manually
EDIT: I wish I saw this was 7 months old. However, I hope readers find it useful.

Hi fox, how can i use cloudflare with FiveM? Can someone connect to my server using only my gameserver.mydomain.com?

This is so nice bro, great job.

You cannot use standard Cloudflare with FiveM, you’d need Cloudflare Spectrum.

What if Windows?

1 Like

How does It acttualy Works. Is that This refers to insert us Specific Ips To Connect our server?

Is there any way to add multiple countries on whitelist

Windows?

This will not work on windows. The only thing you windows users are able to do is getting a router that supports dns/proxys or a router that can run on linux. Most if not all routers can run on linux with a custom firmware called OpenWrt

This is how you would do for adding subdomain to directly connect to fivem.

@goodnightnoodle No you can do it in free version.

@ZaZaSong Here is how to do it. @chandan_singh

People can still see your server’s port, doesn’t help much.

:ok_hand: real great exactly wath you need great post thanks…

No they cant? How can they find port when you are connecting via subdomain without any ports?

Check your screenshot posted here. On the very top left you can see a yellow triangle with an exclamation mark (!). Hover your mouse on top of it and you would see something like that:

So your origin ip is exposed.

I think that is true for free version of CloudFlare. I have the advanced plan and it does not show my IP, port or anything when pining fivem.domain.com.

Proof :

image

The plan is $20.00/mo.

Bro, you have the same warning on the picture.

Pinging the domain won’t expose the origin ip, but if someone wants to find it then he can.

nslookup
set type=srv
_cfx._udp.fivem.fun

hey look that’s an IP

2 Likes