Post: #9

question already answered on github, but anyway here's an copy/paste of the text (maybe it could be useful to someone):

Quote:you're under an DDoS attack on layer 7, unfortunately there's nothing we/you can do on sphere-side. To block an DDoS attack you will need an advanced knowledge in network security, and depending on the attack scale you will also need an big $$ to pay anti-DDoS protections

basically, an global network have many layers (1 to 7)
-layer 1: is the infected/attacker PC
-layer 3: is your datacenter
-layer 7: is your application (Sphere)

if connections are reaching your application (layer 7) this means that they passed through all the others layers without being been blocked. So you must block these connections on these others layers to prevent they reach your application. You can't simply block them on Sphere or on the PC firewall, because the PC will keep receiving hundreds of connections per second and will keep wasting CPU/RAM/network to block all these connections. So you will need an external anti-DDoS protection to prevent all these connections to reach your server

if you're lucky, maybe your datacenter can offer an basic anti-DDoS protection for cheap price and this will be enough to block the attack. Or you can move to another datacenter that offer this cheap protection (like OVH). But if the attack is really huge and keep coming 24h/day, you will have to pay an advanced DDoS protection from an anti-DDoS leader company (F5, Incapsula, Arbor, Akamai, etc) for about U$500 ~ U$2000 (per month)

EDIT: on Sphere you can also disable LOGM_CLIENTS_LOG setting on sphere.ini, this will make Sphere not show clients connecting/disconnecting anymore and it will save some CPU because Sphere won't keep freezing writing huge logs at each second. But should not be used as "protection", it will only reduce the attack drawbacks. The best way to mitigate DDoS attacks is using anti-DDoS protections to block the connections before it reach your server