How Do I Protect My TeamSpeak Server From DDoS Attacks?
Notice: If you have our Fully Managed Support all of this will be done for you by one of our administrators. Simply open a ticket and they will start work right away.
All of our servers are protected by Full Enterprise level DDoS Protection by default. If you purchased one of our TeamSpeak 3 Servers from us everything is taken care of and perfectly tuned so that server attacks can't affect you. If that's the case you don't need to keep reading. What if you have our TeamSpeak 3 VPS?
Well, all of our TeamSpeak 3 VPS servers that we sell also have DDoS protection specifically designed for TeamSpeak 3, but DDoS attacks aren't the only Issue you face when hosting a server. There are thousands of other types of attacks and with a default VPS you'll still be vulnerable to some of them. We can change that though so read on.
We have to be very careful while writing this guide. Hackers can see this guide just like you can and we prefer to play our cards close to our chest. That being said we will spell out what YOU can do with our service. This can even help some users that don't have a service with us.
The following is a list of things you can do to prevent network level attacks and hackers on the server layer.
- Read and follow every suggestion in our Greatly reduce the chances of your server getting hacked. This will keep you safe and if properly configured prevent your server from being compromised.
- Master the ins and outs of your Firewall Manager. We suggest using CSF Firewall If you can master the use of that firewall you can stop the majority of attacks that are directed at your server that we have not already taken care of.
- If Your Budget allows it have a different IP for every TeamSpeak 3 service (voice, filetransfer, and query). While this isn't a major security improvement, it can greatly help if one IP is bogged down in traffic but the others remain working. It can also help you know what parts of your service attackers are targeting when looking at the logs.
- Try to use Ports other than the defaults for your servers. For example changing the query port from the default 10011 to something like 22222 will cause a lot of people looking to exploit you to suddenly lose interest because they have to do a lot more work to find the right place to point their tools and scripts.
- Make sure you don't add unnecessary IP addresses to your Query Whitelist. If someone gets a hold of one of those IP's they will have no problem taking down your server no matter how much protection you have in place.
- Consider putting a hardware firewall in front of the server. Customers of ours can do this by activating the DDoS customization addon we can then block most malicious traffic before it ever reaches your server. This has lots of benefits because even if you have a software firewall like CSF once the attack gets to the server the server still has to use resources to "Block" that connection. With enough connections the server will still crash. A hardware firewall prevents that scenario since most of the traffic is stopped before reaching your server.
- Don't be toxic or angry. We know this seems kind of self explanatory but you usually only get DDoS'd when someone knows you or you users have a temper or if you've made someone upset. We know that making someone upset can be as simple as winning against them in a video game, but they are like bullies. If the attacks don't "bother" you then they will quickly lose interest and stop.
- Don't give access to anyone unless you trust them. Even if you trust them don't let them have the same power that you have give them their own logins, give them their own powers and permissions and you'll never lose control of the servers.
- Always use the most up-to-date software for your server, TeamSpeak 3, and your clients. They release fixes all the time and when an exploit is found they patch it usually within a day. In all honesty we make it a point to security test each release and only update when there are major improvement or bug fixes. This is due to the fact that sometimes bugs can be introduced in a new update. If you don't have the skill or time to thoroughly vet the security of the installation then we would suggest updating the moment new updates are available.
- Keep a backup of your server handy just in case. Snapshots are fine IF you are installing them back into the same TeamSpeak installation. Moving a Snapshot from one installation to another can cause issues. If you are hosting yourself or using one of our VPS the better option is to backup the ts3server.sqlitedb file. This is the file that has all of your server data in it. You can also take the file and move it literally anywhere on any machine (that has the same architecture) and it will work just like before. If you are a customer of ours you can also just backup your VPS using the control panel and if you ever have an issue you can restore it from the backup.
Sadly, for people that are not customers of ours doing all of the above actions will make it so that your server can't be hacked, but without DDoS protection that is specific to TeamSpeak 3 you can't really eliminate all of your issues. Even servers with generic DDoS protection will still have issues with stopping all attacks. If money is an obstacle we would suggest contacting our sales they will be able to price match any other legal provider, and arrange a payment plan that is within your budget.