Sign in to follow this  
Seara

Servers offline from a DDOS attack.

Recommended Posts

I cant really imagine many known names who would try to harm Wurm like this, except for one or two known ones.


I wonder am i the only one who thought of Doughboy first of all, hearing about another ddos attack heh :)


 


Well, time to find some movie or derp around BF3-4 =/


  • Like 1

Share this post


Link to post
Share on other sites

And we are hitting the gaming news already i am sure there will be more. 

 

http://www.mmorpg.com/gamelist.cfm/loadNews/30102

http://runicportal.com/wurm-online-ddos-attack-stalls-update-launch/

 

With all this awesome publicity, maybe Wurm will get a ton of new players.  One might almost thank the idiot who DDoS'd the servers, they're causing us to get a ton of press because of it.

 

If the plan was to shut the game down to piss off a lot of players or to make people get mad at Wurm, that was a complete failure.  Not only are we getting some nice press from the situation but everyone here are adults and we understand how things work on the internet.  Only the impatient kids will get mad at Rolf and team for the downtime, the rest of us will wait patiently because that's the attribute that Wurm promotes.

 

To be honest I'm not even really mad at the DDoSer, you have to imagine what kind of sad individual he/she is.  Obviously he/she was banned from the game and their response to that is to throw a hissy fit like a small child.  My four year old niece acts more mature then that.

 

Oh well, I can only wait and hope the server comes up soonish, but in the meantime I'm going to get an extra nap in from all the sleepless nights of playing Wurm.

Share this post


Link to post
Share on other sites

>http://www.youtube.com/watch?v=nGeKSiCQkPw

 

It seems to me that the hosting company is pretty much annoyed about the attacks to WO and wants to get rid of it.

 

Pretty good for us, cause the most waiting time is caused by this company, and not by the attack.

  • Like 3

Share this post


Link to post
Share on other sites

I left a cart and horses in my house while building a bit,


I wonder if they'll starve now?!  :huh:


Share this post


Link to post
Share on other sites

"We can offer 10 000 Euro for any tips or evidence leading to a conviction of the person responsible for this attack"

 

 

worth a shot...

 

TIP: my tip is to ask your hosting provider for the person's isp and then track them down or something? i dont know but its worth a daft suggestion in the possibility of getting 10k!

You don't know how a ddos works, do you?

 

DDOS doesn't require a back door. It just floods the target server with more connections than it can handle.

They are generally carried out by BotNets and/or by exploiting weaknesses in standard server protocols like NTP and ICMP. You basically send a small request to an NTP server, giving it Wurms' host IP address instead of your own. The Server then sends its response (which is bigger than your request was) to the IP provided. The result is that you send small amounts of data in requests, and your target receives much larger amounts of data in unsolicited responses. 

 

This also means that tracing it to the original IP is difficult...it's not as if Wurms' hosts can just look at their connection log and say "Oh hey, there are millions of connection attempts per second all coming from this same IP address...that's our guy!". The clue is in the name DISTRIBUTED Denial of Service attack.

There, that guy pretty much schooled you.

Share this post


Link to post
Share on other sites

Please, are you sure that it is DDoS or DoS attack? Many requests for update files, bugs in the program code of thousands of client can be evaluated by routers as attack...

Share this post


Link to post
Share on other sites

Please, are you sure that it is DDoS or DoS attack? Many requests for update files, bugs in the program code of thousands of client can be evaluated by routers as attack...

 

When I tried logging in (before reading the news on the HP) (yep I read them in the client) but since I got the update files, it seems they don't lie on the same Server as like the game...

What's actual good... for stability reasons...

Share this post


Link to post
Share on other sites

If there is one thing I've learned in life, it's that you will eventually come to call for the bad things you've done.  People who do wrong to harm others should know that you will always be caught, at one point or another.  With that being said, cheers to the person(s) who have used DDOS to attack the Wurm developers and community; I hope your grudge was worth it, because it just cost you big time.


Share this post


Link to post
Share on other sites

Please, are you sure that it is DDoS or DoS attack? Many requests for update files, bugs in the program code of thousands of client can be evaluated by routers as attack...

 

Not really a possibility at all that a network such as the one Wurm would require would even blink twice at those numbers, everything you mentioned would be inconsequential to a datacenter backbone. A DDoS is basically the only thing that could cause the hosting company to disconnect the Wurm servers from the network. Anything else would just be seen as an increase in traffic. Also as someone previously stated, The downloads and bug checks and data packets sent would be of varying sizes. Whereas a DDoS attack typically consists of a multitude of identically sized files originating from the same ip addresses. If the devs were told it was a DDoS attack then that is what is was.

 

EDIT: Also seeing as the packages are on the webserver and are still available for DL, that tells us that had nothing to do with traffic to the servers.

Edited by Telvanni

Share this post


Link to post
Share on other sites

Please, are you sure that it is DDoS or DoS attack? Many requests for update files, bugs in the program code of thousands of client can be evaluated by routers as attack...

Considering the servers got taken down by the hosting company themselves, they've definitely identified it as a DDOS attack.

Share this post


Link to post
Share on other sites

Driftstatus nu: 2014-02-18 1545-1615 Överbelastningsattack, mål identifierat samt attack avstyrd


 


 


The hosting company claims it is fixed. Kinda weird to call something fixed if all you did was shut down one of your costumers to "fix" it. But hopefully they actually have fixed it and this means Rolf will get the servers back up soon?


  • Like 1

Share this post


Link to post
Share on other sites

Made my day. Plugging off Wurm seems to made their day.


Share this post


Link to post
Share on other sites

I guess i will go in the big room with the bright yellow thing for a while :(

 

and what? freeze my snow white nether regions with that freezing snowy white stuff in the big room with the bright yellow thing? Forget that lol. Spent two hours shoveling that freezing snowy white stuff so my Wife could get to work... then I thought to myself.... time to Wurm... Nope.

 

Will see ya all after the "storm" blows over.

Edited by Kyrmius

Share this post


Link to post
Share on other sites

Perhaps in some way we as Wurm community we try to help ours devs / our game in the way we can.

+Dev team from what i saw of wurm 1.2
+Mods/Devs fast infomation flow!

one more thing more information about ddos attack and ppl like me and other ppl can help,  i cant act on things ill read happend on a forum and with so limited information.

 

  • Like 3

Share this post


Link to post
Share on other sites

I doubt it Permo, if the Dev's posted that the server will be down until noon tomorrow then that means the hosting company more than likely told them that they are going to keep the servers offline until around that point in time so as to assure the DDoS attack as ended.


 


Basically they will probably just change the assigned outside IP's to the wurm servers so that the attack can't point to their backbone any longer and will retire those ip addresses until a time that they can be used again. Some DDoS attacks won't ever stop until the servers being used to initiate the attack are made aware of their outbound network traffic and can stop it, workstations can also be used for this with lesser impact but even if a few hundred thousand PC's don't know that they are infected they won't ever stop until told by the infections host server to change their target.


  • Like 1

Share this post


Link to post
Share on other sites

This is sad and very disappointing to hear, Only takes one loser to ruin everybody's fun..   


Share this post


Link to post
Share on other sites

Last weeks I saw some articles on one of such NTP DDOS attacks with 5.4gb/s if something like that hit Wurm then a very dark time is coming.

 

I just can say DDOS will never stop, invest in this http://www.link11.de/en/index.html great solution for at least the next 20 years. A new hosting company will not stop them, same things will happen as long as there is no DDOS protection in front of our servers.

5.4gb/s is nothing anymore these days, they can go 200+.

http://krebsonsecurity.com/2014/02/the-new-normal-200-400-gbps-ddos-attacks/

 

Driftstatus nu: 2014-02-18 1545-1615 Överbelastningsattack, mål identifierat samt attack avstyrd

 

 

The hosting company claims it is fixed. Kinda weird to call something fixed if all you did was shut down one of your costumers to "fix" it. But hopefully they actually have fixed it and this means Rolf will get the servers back up soon?

 

Well it is fixed for their other customers who were also affected by it.

Share this post


Link to post
Share on other sites

 

February 18, 2014 by Rolf

 

Shortly after todays update we were the target of a DDOS attack and our hosting provider had to pull us off the grid for now. We will be back as soon as possible but things are out of our hands since their other customers are affected. As we wrote in a previous news post we are planning on changing hosting anyways which should improve things for the future. We can offer 10 000 Euro for any tips or evidence leading to a conviction of the person responsible for this attack.

How on the whole earth is ppl be able to help here, ill help out if i can , but cant do much, need a log file from event it self or a part of it atleast.

( a time long ago i had my apartment as terminal hall for counterstrike server's so i had my fair deals with theese kinda things, ) but i know this server / servers at host and theirs information is minimal when it comes to the security and they get attacked. Hope the host is able to stop theese things and that they find something in logs that they can use, to bad this isnt shared to us public.

So few to make a good community suffer from what should been a fun day.

Hope u get information to get the ppl or person behind this get caught or atleast stopped.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this