Situation Update (from Pandora)

[GM-Ayu]

A message from the God GM-Pandora:


Despite our constant endless harassment friendly helpful reminder, iweb (the provider) failed to connect the ddos protection today and now the technical support tech say they cannot do anything until monday why do we pay them again?.

So unfortunately, the server is still half unprotected during the weekend and may be victim to other attacks. We are doing our best to protect it on the inside, but we wont know if its efficient. All that we can do for now though is to hope for the best until iweb gets to work on Monday.

Again, the DDoS attack will not affect your account information or any other database related issue, and we have secure backups as well (though that's very doubtful if it's necessary for the DDoS.)


For information about the attack itself, click here if you missed the old posts from GM-Pandora about it.

A reminder that the Great Fairy Auction for February has been postponed to Feb 28th, 7 pm. For now, there is no delay on Trials of Heroes next Friday.

Downtime riddle prizes will *not* be distributed until problem is finally resolved (in case if we need to pull it up again, and hopefully not.) I'll forget who got their prizes and who didn't if I do that ._.;

[Galt]

Oh boy. I hope this turns out alright.

Best of luck to the server.

And curse the fellow who would dare hack heRO.

[Salvosa]

I'm kinda confused. Doesnt DDoS mean the guy has multiple computers attacking hero simultaneously? How big a grudge does it take to hack dozens, hundreds or thousands of computers, zombie them and direct them to a private RO server? That sounds like overkill to me.

We know this isn't a DoS?

[Général_Argos]

Salvosa Wrote:We know this isn't a DoS?

changes nothing dos or ddos

plus owning 3-4 computer + leaching parts of neibourgh's wifi internet acces is rly not overkill...

[annuit]

Its not that difficult. Any clever hacker can do this. Technically, they could use self replicating programs to invade any system they find, add thier call to the registry, send the signal to the creator containing the IP. That individual then would only have to sit back and wait. Collecting the zombie IP addresses. And when ready, send a signal to all of them, ordering the attack to begin.
But, i doubt this guy is that clever to be doing that, knowing full well that his server is a nice juicy unused playground for some people to destroy. But lucky for him we all wont sink to his pathetic level.

[TPC]

annuit, You don't need to be particularly clever to do it. Any idiot with access to a few computers can do it.

Anyway, as a computer technician I know that protecting against a ddos attack is nearly impossible, so keep up the good work GMs.

Some explanations of what these kinds attacks are, how they work:

DoS attack: Denial of Service, basically means that a service is taken down by unauthorized malicious means, doesn't have to be a flooding attack, can be anything that makes it so normal users can't access it. Can usually be blocked with a firewall rule once you find out about it.

DDoS attack: Distributed Denial of Service, means that there are multiple computers attacking, basically trying to use up all available resources (can be one or more of several resources, for instance using up all bandwidth, or using up the connections up until a connection limit) so legitimate users can't use them, thus blocking legitimate users to get on. Can be anything from a few home computers to a botnet of thousands of computers doing the attacking, depending on how large the attack is.

Filtering DDoS attacks is very hard. If you're lucky they are doing an attack that is based on something else than using up all bandwidth, and in that case you may be able to at least partially stop them with a firewall rule. But most of the time it is a bandwidth attack,a nd and thats hard to stop, because even if you block all IPs on the server they can still flood your connection (which is limited at a point before it gets to the actual server) so no one else can get trought.

The only thing you can do against this is to do the filtering at an earlier level that has more bandwidth available than the attackers can come up with. That is, if its a relatively small attack, maybe at the hosting company (looks like that is what they are trying here, I hope it works), but most of the time if its a large attack you have to go to the ISP and do it at the ISP level. And unless you're a large company the ISP is likely to just tell you to wait it out. Waiting it out until the attacker gets bored is the most common way to handle a DDoS, since its so hard to defend against.

[Rhombus]

Think it went down.

[GM-Ayu]

Another update from GM-Pandora:


We did everything we could to stop him on the inside but it's just not enough we will need the external ddos protection.

What happens is he sends a LOT of packet to the server, our firewall drops the packet immediately because of the rules we set (equivalent to banning his ip if you want), but just the fact that the packet has to be analysed, detected to be from him and then it is dropped. He sends so much that just this clogs up the network entirely, that's why its called a brute force attack.

For now there is not much we can do other than wait until he gets tired of it, if he does the server will still be up since we did not close it. Otherwise we're looking at monday during the day for stability to be back.

The WoE on Sunday will unfortunately have to be canceled. Chests might be lost for guilds but they get a few extra days of their castle until the next woe so it makes up for it.

Again, Fairy Auction is already delayed to Saturday Feb 28th 7 PM. For now, Trials of Heroes remain to be on Friday.

[TPC]

Thats not 100% correct, that kind of attack is not called a brute force attack, its a denial of service attack. A brute force attack is when you try to crack something (for example an encrypted file, or a password) by trying every possible combination of characters there is as the key. until you find the right one.

Nice to get an update on the situation, I hope you can have this resolved soon.

[SyaoranShadow]

thanks ayu for the update on woe