I am not talking about the management itself, but how Bopimo's servers are being ran.
I have a reasonable amount of experience regarding system administration and I'd like to share it with you guys.

1. The webserver
Sites like https://search.censys.io are leaking your origin. This means it is totally inefficient to use Cloudflare for DDoS protection if you aren't going to properly hide your origin.
What you could do to mitigate this is only allow Cloudflare's IPs to access your website. You can find their ranges here: https://www.cloudflare.com/ips (or https://www.cloudflare.com/ips-v6 && https://www.cloudflare.com/ips-v4)
Another thing you could do is use Cloudflare Tunnels. Cloudflare Tunnels basically
communicates directly with Cloudflare, and after you set it up, you can block port 443. This also lets you have the possibility of cheaping out on IPv4s by buying IPv6-only VPSes.

2. The gameserver
I'm not here to bash you for using Hetzner, although their dedicated offer is awful now in the USA.
As far as I am aware, Hetzner has no DDoS protection. You also make the Game server's IP trivially easy to find by any skid with some inspect element experience.
My fix for this would be using a provider like OVH or Path (you aren't that big of a customer to be able to get a contract directly with them so you'll have to go through a reseller like BuyVM (i can vouch for them)) to "reverse proxy" your dedicated server. Hetzner has servers in Ashburn, OVH has some servers 22 miles away, in Vint Hill.
Now you may be wondering, how you can do it? Well, all you'll have to do is some iptables magic and host a VPN on the OVH box, something like Wireguard (remember to set a PersistentKeepalive!). There's a pretty neat guide I keep linking made by a maniac (nothing personal, he just has a little too many servers): https://infrablog.lain.la/hosting-from-home .

Thanks for tuning in into my schizopost.

The guide tells you to use OpenVPN but personally I use Wireguard instead.

Actually very fair points I agree, they need to really get on that Wireguard stuff.

i mean they can use GRE tunnels too, if they want to live like it's 2003

im bumping this so the website developers can see this :3

same here, bumping this

bump all the way to the heavens

there's also crunchbits for reverse proxying the game server but latency would be a bit of an issue...

Pretty much agree with allat, I think a few days and weeks after launch things should start smoothing out.

Also, if it wasn't setup already, setup fail2ban

Here's another bump for your troubles.