OVH peeps, Im under attack, attacker IP is from OVH.

Hello,

OVH peeps there, my server is hosted within OVH and firewall seems to not work if the attack is coming frmo their IP. Any tips to block the attack?

Comments

  • ClouviderClouvider Hosting ProviderOG

    Iptabpes, report abuse, failing that change the provider.

    Thanked by (1)xreann20
  • AnthonySmithAnthonySmith AdministratorHosting Provider
    Thanked by (1)wdmg

    Inception Hosting - 256MB OpenVZ VPS back in stock for €8.00 p/year - DEDICATED IP4 + /64 IPv6 https://clients.inceptionhosting.com/cart.php?a=add&pid=177
    Please do not use the PM system here for Inception Hosting support issues.

  • It is host4fun, they also hosted in OVH SG, one of their customer maybe, just sent an abuse report both to OVH and Host4Fun as recommended by others in LET Thread - https://www.lowendtalk.com/discussion/164903/tips-im-under-attack-ovh-ip-attacker/

    Any help will be appreciated!

    @Clouvider said: Iptabpes, report abuse, failing that change the provider.

    But its Asia and I dont' know if other providers can protect me from these attacks. I have blocked the attacks but when they used OVH IP, my hands have been tied.

  • edited May 27

    @xreann20 said: But its Asia and I dont' know if other providers can protect me from these attacks. I have blocked the attacks but when they used OVH IP, my hands have been tied.

    What makes the OVH IP so special?

    Educationally teaches you with knowledge, while you learn and conglomeratively alluminate your academic intellectual profile: https://lowend.wiki
    „Homo homini rattus.“

  • MikeAMikeA Hosting ProviderOG

    @Janevski said:

    @xreann20 said: But its Asia and I dont' know if other providers can protect me from these attacks. I have blocked the attacks but when they used OVH IP, my hands have been tied.

    What makes the OVH IP so special?

    I think he just means that since it is an OVH IP, the attacks from them aren't mitigated since OVH doesn't filter traffic from their own network. And since it's OVH abuse will take a long time (generally) to handle it, especially if it's going through a VPS host that is using them.

    Thanked by (1)xreann20
  • @xreann20 said:
    I have blocked the attacks but when they used OVH IP, my hands have been tied.

    Can't see why csf -d 139.99.52.42 # do not delete - Blocked This Guy wouldn't work.
    Or use iptables (as previously mentioned) to add to the REJECT chain, to bounce those packets back to the f'ker.

    Thanked by (1)xreann20

    Where's the ignore setting?

  • @AlwaysSkint said: Can't see why csf -d 139.99.52.42 # do not delete - Blocked This Guy wouldn't work.

    Or use iptables (as previously mentioned) to add to the REJECT chain, to bounce those packets back to the f'ker.

    Already did an iptable filtering that IP, iptables -A INPUT -s 139.99.52.42 -j DROP
    but still getting through.

    also iptables -A INPUT -p udp -j DROP

  • ClouviderClouvider Hosting ProviderOG
    edited May 28

    reject is a bad idea, will take up more cpu cycles to handle, use drop instead.

    Thanked by (2)AlwaysSkint xreann20
  • edited May 28

    @Clouvider said:
    reject is a bad idea, will take up more cpu cycles to handle, use drop instead.

    Was slightly tongue-in-cheek; I normally use drop. ;) LAN traffic overhead is bad enough (port scanners/broadcasters) without adding packet bouncing. Providers don't appear to give a shit though. :(

    Thanked by (2)Clouvider xreann20

    Where's the ignore setting?

  • wdmgwdmg Services Provider
    edited May 28

    For some reason I never got that ping notice... anyway....

    I’d just report it to OVH, drop it with iptables, or open OVH IP management, add firewall rule, drop the OVH IP there with a hard reject. If you’re very concerned, pick up the phone and nudge them.

    But I’m doubtful OVH will do much about it, considering that one of their locations and specific set of routers still has IP header modification allowed and they haven’t bothered to fix it yet despite knowing for >6mo.

    OVH has became a harbour for this sort of crap.

    Edit: to all the people who may want to now the location, I’m not going to disclose it.

  • wdmgwdmg Services Provider
    edited May 28

    @xreann20 said:

    @Clouvider said: Iptabpes, report abuse, failing that change the provider.

    But its Asia and I dont' know if other providers can protect me from these attacks. I have blocked the attacks but when they used OVH IP, my hands have been tied.

    If you’re needing a layer of protection filtering, you’re welcome to try out cloud protection (https://talk.lowendspirit.com/discussion/1065/ddos-mitigation-as-a-service-http-https-select-game-servers-free-trial-available#latest). While I can’t sit here and assure you we’ll block them by default (without seeing a pcap/more info), I can assure you we will do our very best to block the attacks on our global edge. We have 24x7x365 SOC, and customers get access to view graphs where you can see inbound attacks directed at your site/application.

  • MikeAMikeA Hosting ProviderOG
    edited May 28

    @wdmg said:
    or open OVH IP management, add firewall rule, drop the OVH IP there with a hard reject.

    The OVH firewalls do not work against IPs from the OVH network. All traffic from OVH servers bypasses those, same for the VAC mitigation. It's why it has been a big issue for years.

  • @wdmg said: OVH IP management, add firewall rule, drop the OVH IP there with a hard reject

    Does not work, their firewall rule only apply to outside of their network as everybody said. Believe me I did that.

    @wdmg said: If you’re needing a layer of protection filtering, you’re welcome to try out cloud protection

    I am surely interested!

    @wdmg said: While I can’t sit here and assure you we’ll block them by default (without seeing a pcap/more info),

    https://www41.zippyshare.com/v/JV1eNbV6/file.html
    https://www41.zippyshare.com/v/IDRwX6Eo/file.html
    there some pcaps.

  • UPDATE!

    Need provider suggestion on APAC region or around ~150 ms on apac..host4fun dealt with it, now the attacker just bought another vps...lol @OVHcloud_APAC is there really anything can do if the attack is from inside the house? I currently have 6 dedis on ovh, anywhere I can transfer with as good as ddos protection? I see the attacks only about 800mbps and 1.5 gbps max.

    @wdmg services simply I cannot use because they are domain based, like a load balancer at work. my game server uses direct ipv4. I don't have its source or any knowledge on how to recode it. So I am looking for provider suggestion that is good latency on apac as metnioned above.

    Thanked by (1)tetahost
  • AnthonySmithAnthonySmith AdministratorHosting Provider

    @Brendan May be able to offer you something.

    Inception Hosting - 256MB OpenVZ VPS back in stock for €8.00 p/year - DEDICATED IP4 + /64 IPv6 https://clients.inceptionhosting.com/cart.php?a=add&pid=177
    Please do not use the PM system here for Inception Hosting support issues.

  • wdmgwdmg Services Provider

    @xreann20 said:
    UPDATE!

    Need provider suggestion on APAC region or around ~150 ms on apac..host4fun dealt with it, now the attacker just bought another vps...lol @OVHcloud_APAC is there really anything can do if the attack is from inside the house? I currently have 6 dedis on ovh, anywhere I can transfer with as good as ddos protection? I see the attacks only about 800mbps and 1.5 gbps max.

    @wdmg services simply I cannot use because they are domain based, like a load balancer at work. my game server uses direct ipv4. I don't have its source or any knowledge on how to recode it. So I am looking for provider suggestion that is good latency on apac as metnioned above.

    As we mentioned in the ticket we can provide a static IP. Unfortunately, we didn’t receive a response if you wanted to proceed.

    Feel free to reply if you’d like one!

Sign In or Register to comment.