Blackhole after DDOS. Need to disable.

Posted April 2, 2020 1.6k views

Hi Team,

I have a droplet running a game server (Counter-Strike 1.6) and it is experiencing frequent DDOS attacks that lead to Digital Ocean automatically blackholing the droplet and makes it off-network for hours before it can be accessed again.

I have tried a few combinations of ip-tables, however, I haven’t been able to stop the attacks.

I understand that this is done as a proactive step to make sure other droplets in the datacenter are not compromised, however this is a huge inconvenience.

Is there a way blackholing can be stopped for this droplet?
The DDOS attack lasts about a few minutes, however, the droplet goes off-network for hours which makes the server down for hours.

1 comment
  • Hi friend,
    Im hosting cs 1.6 server on digital ocean for more than 3 years and from past week im also facing the same issue. Its been more than 4 days digital ocean keeps suspending network of the droplet and server goes down because of no network. All my servers are literally off for around 12-15 hours daily because of it. And its totally useless and waste of money if digital ocean keeps doing that. Im already annoyed and pissed by it because I have DDOS Protection by CloudFlare and its still they suspending the network. 1 week servers are down and is waste of money. i mailed them twice today and im still waiting for their reply! I hope they provide good solution and stop this.
    SeRious-GaminG Community Asia

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
2 answers

DDOS itself isn’t a single attack. It is a name that is applied to a large group of attacks, it’s like calling something “cloud”. As a result as attacks continue to change whatever is blocked without affecting your droplet or other services is immediately mitigated on our end. However, as the attacks evolve some of them may be able to get through the measures that we have instead in which case the droplet is “dropped” - which basically removes the IP, and removes the attack, the unfortunate side effect of this is that essentially the droplet is down. We are constantly improving our backend mitigation for DDOS attacks across our entire network but this is an ever evolving landscape.

Well the above answer is as vague as it can get.
Scripted responses !
I very well understand what DDOS is and since droplet goes off network, I cant even determine what sort of attack was that. It is usually a reflective dns ddos, however droplet is of no use when some attack happens. No protection and leaves you helpless.
I have migrated to other cloud providers and it works great for me !

  • Since 2015 with DigitalOcean, I think it’s time to move on.

    The same thing happened to me today, and after hours, I can’t see a way to get my droplet back online.

    Can you tell me the other cloud provider that you found interesting?