Sign in to follow this  
Followers 0
DevBlog

Expect Wurm to be offline at least until noon 19 Feb CET

By DevBlog, in Game News

Recommended Posts

Posted (edited)

wow NTP DDoS o0 ? Thats super new ! Amusing ! We are talking about a new State of the Art here. You made my day sir :P Isn't this circus of hacking and security inspiring to watch ? The bad guys never cease to amaze with the new type of attacks they find and the good guys amaze even more by the way they mitigate them.


 


Boy sure it's awesome living in the 21st century ... 


Dear god, it's a priviledge being born this century, thank you.


Edited by Issle

Share this post

Link to post
Share on other sites
Posted (edited)

be funny if we found out someone poured a can of coke on our server set and thats all it was.coca cola be the debbil-sir! weve traced this can of coke back to your moms refridgerator,any last words?


Edited by waarokku

Share this post

Link to post
Share on other sites
Posted

 

"Driftstatus nu: 2014-02-18 1545-1615 Överbelastningsattack, mål identifierat samt attack avstyrd"

 

 

The hosting company claims it is fixed. Kinda weird to call something fixed if all you did was shut down one of your costumers to "fix" it. But hopefully they actually have fixed it and this means Rolf will get the servers back up soon?

 

I'm just so darn frustrated atm i had nothing better to do then post it here aswell. :P

 

 

What most data centre's tend to do when a DDOS occurs is remove the machine's IP that is being targeted from the network, this removes the end point of the traffic and effectively 'fixes' the problem for the rest of the customers using that centre. This is often referred to as 'null routing' and normally lasts approx. 24 hours.

Where I work (not at Wurm's data centre) we can deal with up to 400 GB/s DDOS attacks (enough to take an entire centre offline), maybe 3 times a month, certainly annoying.

 

I hope they find this attacker and lop off his fingers.

Wish I knew something about the attack, 10000 euros would buy me a shiny new mine. ;-;

Share this post

Link to post
Share on other sites
Posted

change servers ... even if they cost more... game like this need to be 24/7/365 or u loose more then u think...     we all pay more for that already... but thats need to change... we need faster servers with more online time....


Share this post

Link to post
Share on other sites
Posted (edited)

There should be a better solution then shutting down a server that is being DDoS. This ISP data center failed hard because the data center is using an ISP that shutting them down beside you as a customer.


 


I believe Talios is on the right track. If server is setup on some kind of cloud network that mimic DDoS, they would have to. But, I don't think that limiting network packet would work because the game design have to accept and send regardless of network packet. When limiting the server network packet on the port, Wurm Online server may stop working. The dev would need to improve network side in Wurm Online to think smart about network packet, developing things, suches as, invalid authentication and your MAC and IP address is temporary suspended or block for X amount of minutes. Every connection have to required an authentication, with or without Wurm Online.


 


The sky is the limit if you develope something to counter-act with the DDoS. But, who am I to say, it is not Wurm Online that being DDoS, it is the data center! Darn it! Every suggestions are just, another one of those saying, you are preaching to a choir. Grrrr!


Edited by Tobeornottobe

Share this post

Link to post
Share on other sites
Posted

I don't want to be ... but this is not German... i guess it is Swedish :ph34r:

 

But anyways, these DDOS attacks are a real downer... please someone, anyone, do something about this... come on we got IP tracking and satellites and the like, please someone find the responsible(s) !

I will back-trace them now and then call the internet police.

Share this post

Link to post
Share on other sites
Posted

 

"Driftstatus nu: 2014-02-18 1545-1615 Överbelastningsattack, mål identifierat samt attack avstyrd"

 

 

The hosting company claims it is fixed. Kinda weird to call something fixed if all you did was shut down one of your costumers to "fix" it. But hopefully they actually have fixed it and this means Rolf will get the servers back up soon?

 

I'm just so darn frustrated atm i had nothing better to do then post it here aswell. :P

 

 

Hey Permo,

 

Roughly translated, "2014-02-18 1545-1615 Denial, goals identified, and attack averted."  While my Spanish is a lot better than my German, I think it only means that the attack has stopped.  While that's good news, perhaps the servers can return to normal tomorrow.  Meanwhile, I really hope a fellow Wurmian collects on the 10K and they bag the dirtbag that did this.  See ya' tomorrow, Permo!

 

Nightswatch

 

Share this post

Link to post
Share on other sites
Posted

There should be a better solution then shutting down a server that is being DDoS. This ISP data center failed hard because the data center is using an ISP that shutting them down beside you as a customer.

 

I believe Talios is on the right track. If server is setup on some kind of cloud network that mimic DDoS, they would have to. But, I don't think that limiting network packet would work because the game design have to accept and send regardless of network packet. When limiting the server network packet on the port, Wurm Online server may stop working. The dev would need to improve network side in Wurm Online to think smart about network packet, developing things, suches as, invalid authentication and your MAC and IP address is temporary suspended or block for X amount of minutes. Every connection have to required an authentication, with or without Wurm Online.

 

The sky is the limit if you develope something to counter-act with the DDoS. But, who am I to say, it is not Wurm Online that being DDoS, it is the data center! Darn it! Every suggestions are just, another one of those saying, you are preaching to a choir. Grrrr!

If SharkTech can manage to keep their network online using a single firewall. I'm sure it can't be that hard.

They never null any servers and the length of attacks there last around 2-3 hours before they manage to block it. and I'm talking huge attacks running in to 100s of Gbps.

Share this post

Link to post
Share on other sites
Posted

Hey Permo,

 

Roughly translated, "2014-02-18 1545-1615 Denial, goals identified, and attack averted."  While my Spanish is a lot better than my German, I think it only means that the attack has stopped.  While that's good news, perhaps the servers can return to normal tomorrow.  Meanwhile, I really hope a fellow Wurmian collects on the 10K and they bag the dirtbag that did this.  See ya' tomorrow, Permo!

 

Nightswatch

 

I found the person reasonable, Nightswatch3.,..

Can I have my 10,000E now?

Share this post

Link to post
Share on other sites
Posted (edited)

Is it ready yet???   :(  This Sucks.....


Edited by Protunia
  • Like 2

Share this post

Link to post
Share on other sites
Posted

Is it ready yet???   :(  This Sucks.....

The deed planner is getting old :/

Share this post

Link to post
Share on other sites
Posted

The deed planner is getting old :/

LOL I've spent the last 4 hours designing my next house that is remotely within my skills.

Share this post

Link to post
Share on other sites
Posted

sigh,staring at the neighbors house.no fence around it.dying to go inspect his walls for damage.wurm better come back up before i get arrested...........


Share this post

Link to post
Share on other sites
  View hidden Post
Posted (edited) · Hidden by Jberg, February 19, 2014 - Undesired content. FUD
Hidden by Jberg, February 19, 2014 - Undesired content. FUD

could this attack come from an banned wurmian? yes. could this attack be an inside job? yes. could this attack be comepletely random? yes. the facts are, ddos attacks are a daily event. sometimes into the hundreds. dont rule out governmental practice attempts. ie training soft targets. i am NOT a conspiracy guy... but who knows? N. Korea?  Irann? N.S.A.? lol


Edited by onryearnie221

Share this post

Link to post
Posted

could this attack come from an banned wurmian? yes. could this attack be an inside job? yes. could this attack be comepletely random? yes. the facts are, ddos attacks are a daily event. sometimes into the hundreds. dont rule out governmental practice attempts. ie training soft targets. i am NOT a conspiracy guy... but who knows? N. Korea?  Irann? N.S.A.? lol

Dude, your imagination is unbelievable but who knows, you might be right LOL :P or maybe some random mouse just went inside the server room and nipped on some cables, right?

Share this post

Link to post
Share on other sites
Posted

or maybe ur neighbor is kim jung illll. or , ur neighbor is that ugly basketball dude. think about it... ur next door could be vladimir putin in wurm and u would never know. i could  be chuck norris? what if that guy u stole land from is vallerie bertenell!!!


Share this post

Link to post
Share on other sites
Posted

the possibilties are mind numbing. some poor sap got pissed. rolf should have learned this lesson long ago.


Share this post

Link to post
Share on other sites
Posted (edited)

So yeah....this same group that started this DDOS attack on multiple servers all over. It doesn't seem to be just Wurm's server area either. Been ongoing all week in several areas.


 


This group is targetting basically all of the major cities all over trying to take all those servers offline to cripple many things (mainly banks from what I've been seeing online, but it's effecting many many different things that use these servers). A lot of the minor "browser" games are effected by it too. But yep thought I'd share the info I'd gathered on this so far! It's definitely tied to this worldwide DDOS thing that's been happening all week and bouncing around all of those major servers.


Edited by Ryamu

Share this post

Link to post
Share on other sites
Posted (edited)

Dude, your imagination is unbelievable but who knows, you might be right LOL :P or maybe some random mouse just went inside the server room and nipped on some cables, right?

 

Nah it's linked to this group that's been hitting several large city server hosts all over. It's no coincidense lol and sadly I doubt it's even related to someone offended by wurm but more the group offended by the banks using same host servers as the games being effected....Hopefully they get found and get the just punishment for it too.

 

Our vent's owner said Chicago was hit a few days back by a severe DDOS but yeah, it's much escalated since chicago's.

Edited by Ryamu

Share this post

Link to post
Share on other sites
Posted

It can be a reflection based DDos attack too (a DNS attack with forged IP address). If wurm servers were one of the servers which they reflected the forged IP calls for the attack, the ISP can block them for a short time, until they find the original source.
The only way is to limit the traffic as Tailos said earlier, but its not acceptable for gaming which needs to be realtime. If the servers using DNS in any way, it is recommended to shut down the DNS service on the servers and use fix ip adresses as inter-communication between the servers, which may reduce the risk.
Of course there can be other ways where the servers can be involved in DDos attacks.

 

NTP can be secured too, read this: http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html

Share this post

Link to post
Share on other sites
Posted

It's linked, that much I know cause several followers of this same group stated "they were targeting any gaming host servers they can hit just to show they can do it." Not sure if they're the ones who cause Wurm's but they've definitely hit several lesser secured ones so it is possible they hit ours too.


Share this post

Link to post
Share on other sites
Sign in to follow this  
Followers 0
Go To Topic Listing