Does my Teamspeak got under attack?

Hello guys, i’m using Teamspeak Server for now more than 5 Years and i never got problems like these in the last few weeks. About 2 Months ago my Debian(Linux) Server got hacked. I did everything to close the one security breach and reinstalled the complete Server. But now since 2 Weeks i got another Problem, now with my Teamspeak Server. The Server is shutting down everyday. One User named “admin” or “Server Admin” joins the Teamspeak with VPN(IP from Poland, Portgual, Germany, France, Austria and more) and everytime he joins he has an new UID and then the log says this everytime:
2020-04-17 22:20:08.154555|INFO |VirtualServerBase|1 |client connected ‘admin’(id:6139) from 92.114.2.29:56735
2020-04-17 22:20:09.130529|INFO |VirtualServerBase|1 |file download from (id:0), ‘/icon_1855026915’ by client ‘admin’(id:6139)
2020-04-17 22:20:37.379975|INFO |PktHandler |1 |Dropping client 16 because of ping timeout 19 0 0
2020-04-17 22:20:37.380181|INFO |VirtualServerBase|1 |client disconnected ‘admin’(id:6139) reason ‘reasonmsg=connection lost’
2020-04-17 22:23:09.001054|INFO |VirtualServerBase|1 |client connected ‘admin’(id:6139) from 92.114.2.29:51891
2020-04-17 22:23:10.778696|INFO |VirtualServerBase|1 |file download from (id:0), ‘/icon_680090831’ by client ‘admin’(id:6139)
2020-04-17 22:23:10.780414|INFO |VirtualServerBase|1 |file download from (id:0), ‘/icon_1855026915’ by client ‘admin’(id:6139)
2020-04-17 22:23:10.786136|INFO |VirtualServerBase|1 |file download from (id:0), ‘/icon_1363126527’ by client ‘admin’(id:6139)
2020-04-17 22:23:10.786256|INFO |VirtualServerBase|1 |file download from (id:0), ‘/icon_3608032333’ by client ‘admin’(id:6139)
2020-04-17 22:23:10.915144|INFO |VirtualServerBase|1 |file download from (id:0), ‘/icon_1237766804’ by client ‘admin’(id:6139)
2020-04-17 22:23:10.915489|INFO |VirtualServerBase|1 |file download from (id:0), ‘/icon_237793359’ by client ‘admin’(id:6139)
2020-04-17 22:23:10.915824|INFO |VirtualServerBase|1 |file download from (id:0), ‘/icon_1998579328’ by client ‘admin’(id:6139)
2020-04-17 22:23:12.978467|INFO |VirtualServerBase|1 |file download from (id:0), ‘/icon_3600394144’ by client ‘admin’(id:6139)
2020-04-17 22:23:13.026855|INFO |VirtualServerBase|1 |file download from (id:0), ‘/icon_2135077007’ by client ‘admin’(id:6139)
2020-04-17 22:23:13.106374|INFO |VirtualServerBase|1 |file download from (id:0), ‘/icon_3645881298’ by client ‘admin’(id:6139)
2020-04-17 22:23:13.114420|INFO |VirtualServerBase|1 |file download from (id:0), ‘/icon_2945757667’ by client ‘admin’(id:6139)

After this the logs end everytime and the server seems to be dead. Does anyone got an idea what the issue can be? Or what i can do to stop that?

Best Thanks
DreamGamer

Well I am facing one of the worst attacks from this guy as well. He is using some botnet to launch massive attacks on my server. The user mostly logs in from turkey, germany and romania.

He also advertises his server and sends a PM to every user that this server is shutting down in 5 mins and please join my server.

This guy is mostly using a botnet with chinese ips and I am sick of this kid. I’ve been to that server they are massively advertising and taking down all medium-large servers.

Is there a teamspeak policy where they take action against such dumbfucks or not?

wow thats really sad. But that explain why a lot of user leaves the server a few minutes before. And i dont think so. If i would had a policy to take aktion what i should do then? i dont know how to stop those persons. Is there a way that he cannot “shutdown” / “detroy” the Teamspeak?

2 Ways:
1)Find a hosting company that has a working and efficient anti-ddos server and migrate onto that.
2) If you are on a linux VPS/Dedicated try to ban the incoming IP traffic from the attacking IP’s using some firewall and netfilter tools. (although this way is not gonna work against large botnets with huge no. of IPs because you cannot simply ban them all.)
Sometime or the other the botnet will go thru your firewall and the attack will happen again.

Thank you for your help. I will try to block the traffic with a firewall, but what tool for firewall managemend would you recommend for Linux? And i never heared from netfilter tools first i need to read about that. And to the first way: Is there a way to use a external anti-ddos service to secure my vps?

You need a server with OVH Anti-DDoS Game
Other methods don’t help much

@fyfywka I’m using a VPS from OVH. They also should have the anti-ddos game technik, am i right?

refine firewall settings

Then the guy is mostly using port flood to attack. Refining firewall will work.

OVH does not provide Anti-DDOS Game on VPS, you need to take Dedicated servers which costs from €84.99
ex. VAT / month or get a VPS from a reseller with an Anti-DDOS Game

https://extravm.com/billing/aff.php?aff=408

several other hosting that offer OVH Anti-DDos Game
I don’t suggest using them, you may know some other hostings
https://www.gaming-serv.com/en/

Some hosting above I used and they are good but everywhere there are disadvantages…

Vps on ovh doesn’t have any anty-ddos and firewall I guess. U have to buy dedicated server and then u will have firewall and anty-ddos.

omgserv is the worst host you could recommend bro

bro

dont even mention them someone might just go there and buy a server they fake what they offer like say you get X specs but you get some shitty ones

Do you talk about an D(D)oS attack? Then talk with your provider about it, I guess they see more about that. I don’t see any difficult things on your TS server log.

These silly problems continue. Unfortunately, teamspeak officials should develop an application-oriented software firewall about this issue, otherwise the application that I cannot talk about is always bad. Even just because of this ddos problem, I’m thinking of switching to alternative applications…