Tag: DDOS

RuneScape's Services Disrupted By Denial of Service Attacks


scapefix

 

Distributed Denial of Service Attacks are an ever-increasing problem over all sectors of the internet. What was once a rare occurrence has become nearly commonplace with many medium to large services. Most recently, the Extra Life charity event was brought down temporarily due to a denial of service attack. Google has launched Project Shield, a service to offer their own DDoS mitigation software to other websites.

In a news post released today, Jagex has revealed that RuneScape has come under heavy DDoS attacks over the past year, causing disruptions in service as well as heavy latency and disconnections for players. Jagex CEO Mark Gerhard posted an apology to players for the inconvenience caused by the attacks, laying the blame at the feet of gold farmers and bot makers. Gerhard stated that Jagex is boosting their infrastructure and is working with authorities to track down the source of the attacks.

I wanted to take this opportunity to assure you that we have, are and will continue to work tirelessly, preventing as many of these attacks from affecting your gameplay as we can. We have recently made a multi-million pound investment in our global IT infrastructure to deal with the continued attacks and are working with a number of service and security providers to eradicate the issue completely. We are also working closely with worldwide law enforcement agencies to bring the people responsible for these attacks to justice.

You can read the entire announcement at the link below.

(Source: RuneScape)

50,000 Skill Points Gifted By CCP Due To Downtime


eve_online_odyssey.0_cinema_640.0

So the issue of Eve Online’s servers being hit by a DDoS attack and brought offline for extended maintenance has been fixed, and players are once again flying through space and shooting each other to death. With the attacks behind them and security teams working on new methods to protect the servers, CCP has turned its attention to compensating players for the loss of June 2nd and 3rd. In an announcement on the official website, in lieu of granting accounts with extra days of access, CCP will be handing out fifty thousand unallocated skill points.

You can read more about the incident in this statement by our Chief Operating Officer, CCP Spielmann. A friendly reminder if you hear of someone doing or planning something bad, even if it’s your friend, we do have the PLEX for snitches program.

All active accounts are eligible, barring trial accounts, and the points have already been handed out. Check out the link below for the full announcement and guide on how to allocate said points. No word on whether DUST514 players will be compensated as they share the same server with Eve Online players.

(Source: Eve Online)

Eve Online and DUST514 Hit By DDoS Attack


DUST514_TitanCrashed_1

CCP has taken down the Tranquility server cluster after a sustained denial of service attack early this morning GMT time. CCP’s task force was mobilized and suggested keeping the servers offline for further investigation. As of this writing, the Tranquility servers are still offline.

While we initially reopened EVE Online and DUST 514, we have since re-evaluated. With the highest sense of precaution we have taken Tranquility and associated websites back down for further investigation and an exhaustive scan of our entire infrastructure. We will update you more frequently via our Twitter feed (www.twitter.com/eveonline), however, an extended service interruption of several hours is expected as this process should not be rushed.

For up to the minute updates on Eve Online and DUST514’s server status, follow Eve Online on Facebook or Twitter.

Darkfall North American Server Hit By DDoS


Darkfall01

Indie MMOs, as we know all too well here at MMO Fallout, are dangerously prone to distributed denial of service attacks, often from either disgruntled (and banned) cheaters/griefers or revenge from recently banned gold farmers. Now Darkfall Unholy Wars has a boatload of people from both categories, so the root cause could be any one of the two.

Aventurine has posted a notice on the official blog that there has been a DDoS attack aimed at bringing down the North American server.

In regard to the ping issues on the NA server the past couple of days, this was due to a DDoS attack during NA prime time. We have taken measures in cooperation with our hosting providers to filter this attack, and we’re monitoring the situation. We’ll keep you updated and we apologize for any inconvenience.

The likelihood of the culprit being caught (or even identified at that) is unlikely, given the nature of a denial of service attack.

(Source: Darkfall Epic Blog)

Dino Storm Hit With DDoS Attacks


dino.storm_.combat.redefined.part_.1

Here at MMO Fallout, we have no patience for hackers or script kiddies, especially considering their motivations are more often than not for either craps and giggles or for malicious reasons (identity theft). The folks behind Dino Storm have spent the better part of the last twenty four hours fighting off a distributed denial of service attack coming from an unknown source and aimed at bringing the game servers to their knees. While the attack has been ongoing, defenses have been beefed up and players are slowly getting back into the game.

Update on the game’s status: First, thank you again for your patience. The motives for the denial-of-service attackers remain unclear, but we’ve made great progress (Yeah!) in our defense against them and the vast majority of you WILL BE ABLE TO PLAY NOW. We would like to point out again that no user data was compromised during the attacks.

We hope the best for the Dino Storm team on pushing back against these attacks.

(Source: Dino Storm Facebook)

DOFUS Gets Hit By DDOS Attacks


dofus

Why would anyone want to hurt DOFUS? Over the past few years, the internet has seen the use of distributed denial of service attacks come into use more often and under increasingly casual motivations (Applebee’s didn’t microwave my food long enough, better DDOS them). Luckily most big companies are protected well enough that a player could never successfully DDOS, say, World of Warcraft offline. Smaller games, on the other hand, don’t have those same protections. Around this time last year, in fact, Perpetuum Online became the victim of a DDOS attack.

DOFUS website, forums, and game were taken offline yesterday as a result of multiple DDOS attacks on the servers. The company has beefed up security and put protections in place to hopefully prevent another attack in the future.

Yep, we had another DDoS attack early this morning. The server team is working on new protections for this.

The problem with DDOS attacks is that they were engineered so you never know who is behind them, since the attack comes from hundreds to thousands of computers. It could be a bitter ex-customer, a gold farming company exacting its revenge for disrupting its business, or a malicious hacker group attempting to find security holes. DOFUS’ sequel, Wakfu, is set to change hands from Square Enix at the end of the month.

(Source: DOFUS Twitter)

Perpetuum Online Extends Active Accounts, DDOS Attacks


Back in January I talked about the issue surrounding a certain someone launching a distributed denial of service attack on indie MMO Perpetuum Online. The attacks began in January and caused the server to become unstable for many players. For now, however, the developer believes that the attacks are over. Players are being compensated with three extra days added to their subscription.

Probably most of you are aware of the recent DDOS-attacks against the Perpetuum servers. They seem to have stopped now, but we have and still are taking steps to strengthen our defenses against these kinds of attacks in the future.

To compensate for lost game time, we have decided to extend all active accounts (including trial accounts) by 3 days, effective after today’s patch.

We’d like to say a big thank you to all our players for their continued support through these times, even when they couldn’t even log in and play.

Hopefully this is the end of the story, and the developers can move on to more important issues.

(Source: Perpetuum Forums)

Perpetuum: When One Person Can Ruin Everyone’s Fun


I’ve talked about disgruntled customers in the past, and once or twice about how occasionally those people happen to have access to say intimate knowledge of SQL database exploits or how to launch denial of service attacks, not that the latter requires much technical prowess. To make matters worse, while large businesses require denial of service attacks on an equally large scale, for smaller developers it often doesn’t take much to knock the website/game offline or to at least put a dent in the service’s stability.

Here at MMO Fallout, we love Perpetuum Online and most indie MMOs for that matter. So when an alleged disgruntled ex-player allegedly starts a denial of service attack against the game servers, we take notice. Dev Gargaj posted the following on Perpetuum’s forums:

Now, I’ll say this first that I’m not a network expert so my conclusions might be wrong but here’s how I saw the situation: Every now and then the login-server would get a huge (sometimes up to 80MB/s, though I suppose this includes TCP/IP overhead) burst of external traffic for about 15 minutes or so, and then it would go back to normal. I did some testing with a variety of network tools, and found out that the traffic is mostly aimed at port 139 (NetBIOS) which we have firewalled out, but still it would cause such a network congestion that it’d cause some connections to time out. This traffic came from thousands of endpoints all over the world, including countries where we have no (awareness of) players from (Peru, Egypt, etc.).

In short, from what I can deduce with my fairly modest knowledge about networks, we just got DDOS’d. Because our cluster works with a login server (which is a single point of failure), we were sitting ducks. Our firewall, on inspection (and contrary what I may have been saying earlier) was configured just fine, but the network itself became a bottleneck for the incoming traffic, something we couldn’t do anything about.

The announcement was posted on the 19th of January, but reportedly the attacks have been ongoing since then. Again, it’s worth noting that there isn’t any hard evidence that this is the work of a disgruntled player, but that the theory is merely speculation considering how targeted the attacks are (attacking specifically the login server rather than the cluster as a whole). Players are reporting instances of not being able to log in, and several Perpetuum traffic tracking services have been disabled without explanation (that I have found).

Still, one of the benefits of a game like Perpetuum is the community’s ability to stand together and draw swords against a common threat, against the attacker rather than the victim. Take for instance from another thread on the Perpetuum forums, Lupus Aurelius.

Also, if indeed this is due to a disgruntled player/explayer, we also need to send a clear message that no matter what they do, we will not waiver in support of Perpetuum and the DEVs, and that NO EXTERNAL ACTION BY ANYONE WILL CAUSE US TO EITHER CEASE PLAYING OR CAUSE US NOT TO RESUB! 

NO ONE, WHATEVER THEIR GRIEVANCE, HAS THE RIGHT TO DENY US OUR RIGHT TO CONTINUE TO ENJOY PERPETUUM!

They may take our bandwidth, but they’ll never take our freedom! As Lupus points out in the thread, any information regarding who might be behind these attacks should be reported directly to the development team at Perpetuum Online.

Perpetuum: When One Person Can Ruin Everyone's Fun


I’ve talked about disgruntled customers in the past, and once or twice about how occasionally those people happen to have access to say intimate knowledge of SQL database exploits or how to launch denial of service attacks, not that the latter requires much technical prowess. To make matters worse, while large businesses require denial of service attacks on an equally large scale, for smaller developers it often doesn’t take much to knock the website/game offline or to at least put a dent in the service’s stability.

Here at MMO Fallout, we love Perpetuum Online and most indie MMOs for that matter. So when an alleged disgruntled ex-player allegedly starts a denial of service attack against the game servers, we take notice. Dev Gargaj posted the following on Perpetuum’s forums:

Now, I’ll say this first that I’m not a network expert so my conclusions might be wrong but here’s how I saw the situation: Every now and then the login-server would get a huge (sometimes up to 80MB/s, though I suppose this includes TCP/IP overhead) burst of external traffic for about 15 minutes or so, and then it would go back to normal. I did some testing with a variety of network tools, and found out that the traffic is mostly aimed at port 139 (NetBIOS) which we have firewalled out, but still it would cause such a network congestion that it’d cause some connections to time out. This traffic came from thousands of endpoints all over the world, including countries where we have no (awareness of) players from (Peru, Egypt, etc.).

In short, from what I can deduce with my fairly modest knowledge about networks, we just got DDOS’d. Because our cluster works with a login server (which is a single point of failure), we were sitting ducks. Our firewall, on inspection (and contrary what I may have been saying earlier) was configured just fine, but the network itself became a bottleneck for the incoming traffic, something we couldn’t do anything about.

The announcement was posted on the 19th of January, but reportedly the attacks have been ongoing since then. Again, it’s worth noting that there isn’t any hard evidence that this is the work of a disgruntled player, but that the theory is merely speculation considering how targeted the attacks are (attacking specifically the login server rather than the cluster as a whole). Players are reporting instances of not being able to log in, and several Perpetuum traffic tracking services have been disabled without explanation (that I have found).

Still, one of the benefits of a game like Perpetuum is the community’s ability to stand together and draw swords against a common threat, against the attacker rather than the victim. Take for instance from another thread on the Perpetuum forums, Lupus Aurelius.

Also, if indeed this is due to a disgruntled player/explayer, we also need to send a clear message that no matter what they do, we will not waiver in support of Perpetuum and the DEVs, and that NO EXTERNAL ACTION BY ANYONE WILL CAUSE US TO EITHER CEASE PLAYING OR CAUSE US NOT TO RESUB! 

NO ONE, WHATEVER THEIR GRIEVANCE, HAS THE RIGHT TO DENY US OUR RIGHT TO CONTINUE TO ENJOY PERPETUUM!

They may take our bandwidth, but they’ll never take our freedom! As Lupus points out in the thread, any information regarding who might be behind these attacks should be reported directly to the development team at Perpetuum Online.