Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

CoE under serious and extended DDOS attack...

Slapshot1188Slapshot1188 Member LegendaryPosts: 11,054
I may not be the biggest fan of the game, but whoever is doing this is just the lowest form of scum...  Simply no excuse for crap like this.


"I should point out that no other company has shipped out a beta on a disc before this." - Official Mortal Online Lead Community Moderator

Starvault's reponse to criticism related to having a handful of players as the official "test" team for a supposed MMO: "We've just have another 10ish folk kind enough to voulenteer added tot the test team" (SIC) This explains much about the state of the game :-)

Proudly wearing the Harbinger badge since Dec 23, 2017. 

Coined the phrase "Role-Playing a Development Team" January 2018

"Oddly Slap is the main reason I stay in these forums." - Mystichaze April 9th 2018

My ignore list finally has one occupant after 12 years. I am the strongest supporter of free speech on here, but free speech does not mean forced listening. Have fun my friend. Hope you find a new stalking target.

NeutralEvilMrMelGibson
«13

Comments

  • AnOldFartAnOldFart Member UncommonPosts: 475
    Get no argument from me there, I would guess it's people with a micropen*** who do things like this because they think it makes them look like a man
    MrMelGibson
  • DMKanoDMKano Member LegendaryPosts: 21,175
    edited April 2018
    There is no reasoning with people behind DDOS attacks - it takes less than 1min to pay for a scripted botnet DDOS attack - and once it's started - it's paid for and done - there are no mechanisms to "turn it off" in most cases. It's like starting an avalanche - once it's rolling, there's no stop button.  You can hope that they only paid for 1 hour of DDOS - but it's only a matter of time before you get someone who pays for 6 months - and then you are boned.

    There are game companies that have been undergoing a continuous DDOS attack for months even years - and they never say anything about it because it's pointless to even mention it, as again it's paid for and it's going to run for a period of time that was purchased. 

    Buying site specific "end point" DDOS solutions is useless - the only real shot of mitigating DDOS is global mitigation service like Prolexic/Akamai or similar - as it has to be mitigated way upstream before it gets to the destination and even then - there will be brief moments when stuff gets through and impacts the players. The other alternative is to have massive global networkconnectivity with 100Gb edge links like Google/Amazon/Facebook - but this is not a realistic option for 99.9999% of the video game companies as the cost is in 100s of millions of dollars.


    My advice to any MMO game company out there - just factor in the cost of Akamai/Prolexic (or similar solution) as a part of doing business, because being a target of an unrelenting DDOS attack is inevitable, sooner or later - every game company becomes the target.

    Sovrathbartoni33NeutralEvilkjempffsumdumguy1alkarionlogScotKyleranNycteliosMrMelGibsonand 2 others.
  • Slapshot1188Slapshot1188 Member LegendaryPosts: 11,054
    Probably paid for with a stolen credit card.

    "I should point out that no other company has shipped out a beta on a disc before this." - Official Mortal Online Lead Community Moderator

    Starvault's reponse to criticism related to having a handful of players as the official "test" team for a supposed MMO: "We've just have another 10ish folk kind enough to voulenteer added tot the test team" (SIC) This explains much about the state of the game :-)

    Proudly wearing the Harbinger badge since Dec 23, 2017. 

    Coined the phrase "Role-Playing a Development Team" January 2018

    "Oddly Slap is the main reason I stay in these forums." - Mystichaze April 9th 2018

    My ignore list finally has one occupant after 12 years. I am the strongest supporter of free speech on here, but free speech does not mean forced listening. Have fun my friend. Hope you find a new stalking target.

  • AnOldFartAnOldFart Member UncommonPosts: 475
    I believe that's what Caspian said, they had expected it but hoped it would have been further down the line.
  • WizardryWizardry Member LegendaryPosts: 16,452
    I never put much thought into how to avoid this stuff i am sure experts would know their stuff.it just seems odd that after all this time and how important security is that we still see this stuff happening.

    So my thought w/o putting in a lot of thought lol,is that you set up code so that when your site has a certain amount of hits maybe 100 in 10 minutes  or whatever your system can handle then it automatically shifts ip's away somewhere else or blocks them until less than 100 is met.

    So then i did a quick Google search and there are many businesses that are able to block DDOS attacks so if that many exist then it is possible and i would think anyone requiring secure services would be using such technology or hiring it,so yeah i remain dumbfounded that this DDOS stuff is still going on.

    So what it tells me is MANY businesses are not operating as secure as they SHOULD be.


    Never forget 3 mile Island and never trust a government official or company spokesman.

  • DMKanoDMKano Member LegendaryPosts: 21,175
    edited April 2018
    AnOldFart said:
    I believe that's what Caspian said, they had expected it but hoped it would have been further down the line.

    The issue is the price of DDOS has come WAY down in the last 5 years, huge multi 100Gb attacks can be bought for a $1 per minute now.

    Smaller attacks are cents per hour.

    https://securelist.com/the-cost-of-launching-a-ddos-attack/77784/

    (the above link is a security article discussing DDOS attacks it has screenshots of DDOS pricing, it has no actual links to sites that sell the services)


    NeutralEvilNycteliosMrMelGibson
  • Slapshot1188Slapshot1188 Member LegendaryPosts: 11,054
    Crazy...
    MrMelGibson

    "I should point out that no other company has shipped out a beta on a disc before this." - Official Mortal Online Lead Community Moderator

    Starvault's reponse to criticism related to having a handful of players as the official "test" team for a supposed MMO: "We've just have another 10ish folk kind enough to voulenteer added tot the test team" (SIC) This explains much about the state of the game :-)

    Proudly wearing the Harbinger badge since Dec 23, 2017. 

    Coined the phrase "Role-Playing a Development Team" January 2018

    "Oddly Slap is the main reason I stay in these forums." - Mystichaze April 9th 2018

    My ignore list finally has one occupant after 12 years. I am the strongest supporter of free speech on here, but free speech does not mean forced listening. Have fun my friend. Hope you find a new stalking target.

  • RenoakuRenoaku Member EpicPosts: 3,067
    edited April 2018
    DMKano said:
    There is no reasoning with people behind DDOS attacks - it takes less than 1min to pay for a scripted botnet DDOS attack - and once it's started - it's paid for and done - there are no mechanisms to "turn it off" in most cases. It's like starting an avalanche - once it's rolling, there's no stop button.  You can hope that they only paid for 1 hour of DDOS - but it's only a matter of time before you get someone who pays for 6 months - and then you are boned.

    There are game companies that have been undergoing a continuous DDOS attack for months even years - and they never say anything about it because it's pointless to even mention it, as again it's paid for and it's going to run for a period of time that was purchased. 

    Buying site specific "end point" DDOS solutions is useless - the only real shot of mitigating DDOS is global mitigation service like Prolexic/Akamai or similar - as it has to be mitigated way upstream before it gets to the destination and even then - there will be brief moments when stuff gets through and impacts the players. The other alternative is to have massive global networkconnectivity with 100Gb edge links like Google/Amazon/Facebook - but this is not a realistic option for 99.9999% of the video game companies as the cost is in 100s of millions of dollars.


    My advice to any MMO game company out there - just factor in the cost of Akamai/Prolexic (or similar solution) as a part of doing business, because being a target of an unrelenting DDOS attack is inevitable, sooner or later - every game company becomes the target.

    Wait by scripted DDOS attack are you talking about those sites which "Advertise themselves" as "Stress Testers", or rather Booters which are based off the description supposed to be used to test a network?

    I haven't really ever seen any services which sell DDOS attacks online besides the stressers/booters thingy, I am sure they exist though, but even with a stress/booter I am not sure those allow a user to target login information unless that has evolved. ( Like I know its possible) but never seen that option in a basic booter before.

    Could they not just put the servers behind Cloudflare like we have our basic servers setup?

    https://www.incapsula.com/ddos/booters-stressers-ddosers.html I've seen these things before but never were aware they actually really did anything.
  • DMKanoDMKano Member LegendaryPosts: 21,175
    edited April 2018
    Renoaku said:
    DMKano said:
    There is no reasoning with people behind DDOS attacks - it takes less than 1min to pay for a scripted botnet DDOS attack - and once it's started - it's paid for and done - there are no mechanisms to "turn it off" in most cases. It's like starting an avalanche - once it's rolling, there's no stop button.  You can hope that they only paid for 1 hour of DDOS - but it's only a matter of time before you get someone who pays for 6 months - and then you are boned.

    There are game companies that have been undergoing a continuous DDOS attack for months even years - and they never say anything about it because it's pointless to even mention it, as again it's paid for and it's going to run for a period of time that was purchased. 

    Buying site specific "end point" DDOS solutions is useless - the only real shot of mitigating DDOS is global mitigation service like Prolexic/Akamai or similar - as it has to be mitigated way upstream before it gets to the destination and even then - there will be brief moments when stuff gets through and impacts the players. The other alternative is to have massive global networkconnectivity with 100Gb edge links like Google/Amazon/Facebook - but this is not a realistic option for 99.9999% of the video game companies as the cost is in 100s of millions of dollars.


    My advice to any MMO game company out there - just factor in the cost of Akamai/Prolexic (or similar solution) as a part of doing business, because being a target of an unrelenting DDOS attack is inevitable, sooner or later - every game company becomes the target.

    Wait by scripted DDOS attack are you talking about those sites which "Advertise themselves" as "Stress Testers", or rather Booters which are based off the description supposed to be used to test a network?

    I haven't really ever seen any services which sell DDOS attacks online besides the stressers/booters thingy, I am sure they exist though, but even with a stress/booter I am not sure those allow a user to target login information unless that has evolved.

    Could they not just put the servers behind Cloudflare like we have our basic servers setup?

    https://www.incapsula.com/ddos/booters-stressers-ddosers.html I've seen these things before but never were aware they actually really did anything.


    No I am talking about actual "DDOS as a service" sites that employ botnets to slam whatever target with multi 100Gb+ bandwidth attacks (the largest DDOS attack was on GitHub - it was 1.35Tb/s - it was mitigated by Prolexic/Akamai https://www.wired.com/story/github-ddos-memcached/)

    Volumetric attacks are the hardest to mitigate as they only need to overwhelm the smallest bandwidth link in the chain to destination - which is most likely a 10Gb link. And 10Gb of DDOS traffic today is a joke - it's trivial to achieve.

    Yes putting servers behind Cloudflare would do the trick - as they have a global network with 15Tb of capacity (I don't know how much of that is dedicated to "washing" the DDOS traffic) - but I am pretty sure that they can mitigate 100Gb pretty easy.
  • DakeruDakeru Member EpicPosts: 3,713
    DMKano said:



    My advice to any MMO game company out there - just factor in the cost of Akamai/Prolexic (or similar solution) as a part of doing business, because being a target of an unrelenting DDOS attack is inevitable, sooner or later - every game company becomes the target.

    That is good advice but I think Jeromy Walsh has proven a few time that his legendary armor gives him +100 faith - leading to 100% immunity to any kind of "interference" from the outside.
    NeutralEvilMrMelGibsonYashaXJeroKane
    Harbinger of Fools
  • NeutralEvilNeutralEvil Member UncommonPosts: 108
    edited April 2018

    Man I was really enjoying the debate for the killing penalty on the battlefield

    Seemed a lot of backers were split on it

    And I thought Snipehunter's mention of making the incapacitation last just as long as a coup de grace (kill) would put a stopper on it. Because in my opinion the only reason to coup de grace (kill) an enemy would be to keep them out of the fight for as long as possible (unless they had some really good loots)

    It was getting rather contentious!

    The DDOS has been going on for nearly a day. Wonder how long it will last

  • WellspringWellspring Member EpicPosts: 1,200
    I'm not sure Caspian's public response to the DDOS attack is wise.

    I imagine the whole motivation of the attack is to cause the developers pain and illicit a response. The reply from the founder of the company is probably exactly what the person(s) wants. They do it for the attention.
    NeutralEvilKyleranNycteliosMrMelGibsonJeroKane
    --------------------------------------------
  • DakeruDakeru Member EpicPosts: 3,713
    I'm not sure Caspian's public response to the DDOS attack is wise.

    I imagine the whole motivation of the attack is to cause the developers pain and illicit a response. The reply from the founder of the company is probably exactly what the person(s) wants. They do it for the attention.
    That is surely true but Caspian likes to see himself as the martyr.

    I mean just read the very last part. So full of drama and heroism.
    Once more it feels like he is roleplaying the valiant developer.
    NycteliosLokeroDhamon99AnOldFart
    Harbinger of Fools
  • Panther2103Panther2103 Member EpicPosts: 5,262
    I'm not sure Caspian's public response to the DDOS attack is wise.

    I imagine the whole motivation of the attack is to cause the developers pain and illicit a response. The reply from the founder of the company is probably exactly what the person(s) wants. They do it for the attention.
    This.

    Every time I see things like this it seems to be because they want to inconvenience the person / company, so someone acknowledging it happening is going to basically acknowledge that they are irritated or hurting due to it and make the person doing it feel like it worked. 

    It's too easy to buy access to botnets, I've seen a few forums advertising it, and I've seen at least 10 sites the last time I was on TOR advertising the services (now I'm not sure how legit they were but I'm just saying they were there). 

    This reminds me of the whole Lizard Squad thing with PSN and Xbox Live that one Christmas, and then everyone finding out it was a bunch of 12 year olds paying for botnets with their parents cards calling themselves hackers. It's a weird situation today, but like DMKano said, you basically HAVE to get protection as a company, if not then there is always the possibility of getting screwed, even if there's no reason for someone to do it. Some people are just too bored and too rich, or too much of an asshole. 
  • MadFrenchieMadFrenchie Member LegendaryPosts: 8,483
    Dakeru said:
    I'm not sure Caspian's public response to the DDOS attack is wise.

    I imagine the whole motivation of the attack is to cause the developers pain and illicit a response. The reply from the founder of the company is probably exactly what the person(s) wants. They do it for the attention.
    That is surely true but Caspian likes to see himself as the martyr.

    I mean just read the very last part. So full of drama and heroism.
    Once more it feels like he is roleplaying the valiant developer.
    I got that vibe too from the post.  It's a video game, not a social movement.
    Nyctelios

    image
  • Slapshot1188Slapshot1188 Member LegendaryPosts: 11,054
    Dakeru said:
    I'm not sure Caspian's public response to the DDOS attack is wise.

    I imagine the whole motivation of the attack is to cause the developers pain and illicit a response. The reply from the founder of the company is probably exactly what the person(s) wants. They do it for the attention.
    That is surely true but Caspian likes to see himself as the martyr.

    I mean just read the very last part. So full of drama and heroism.
    Once more it feels like he is roleplaying the valiant developer.
    I got that vibe too from the post.  It's a video game, not a social movement.
    Yeah I agree with what you’re saying.  It takes the focus away from what the dumbass DDOSer did.
    Im kind of expecting an anti-DDOS fundraiser at some point.

    Caspien just seems so naive about most things...

    But... it still shouldn’t take away from the fact that whoever is doing this is a dumbass and I hope they track him/her/them down.
    DakeruNycteliosLokero

    "I should point out that no other company has shipped out a beta on a disc before this." - Official Mortal Online Lead Community Moderator

    Starvault's reponse to criticism related to having a handful of players as the official "test" team for a supposed MMO: "We've just have another 10ish folk kind enough to voulenteer added tot the test team" (SIC) This explains much about the state of the game :-)

    Proudly wearing the Harbinger badge since Dec 23, 2017. 

    Coined the phrase "Role-Playing a Development Team" January 2018

    "Oddly Slap is the main reason I stay in these forums." - Mystichaze April 9th 2018

    My ignore list finally has one occupant after 12 years. I am the strongest supporter of free speech on here, but free speech does not mean forced listening. Have fun my friend. Hope you find a new stalking target.

  • NycteliosNyctelios Member EpicPosts: 3,437
    The tone... it's not great.

    You address harassment posing as martyr only entices them to do more.

    And you open yourself to someone that would say this could be any kind of problem and they would be using (claiming) ddos as an excuse to promote themselves.

    So in response you would have to "prove" it, exposing yourself even more and enticing even more attacks.

    That's why most companies just shut up about it. There is no winning scenario.
    Dakeru
    Steam ID Discord ID: Night # 6102 - GoG ID - 

    "There is a fine line between consideration and hesitation. The former is wisdom, the latter is fear." Izaro Phrecius, Holy Emperor of the Eternal Empire, Last of Royal Phrecius Family.
  • KyleranKyleran Member LegendaryPosts: 33,937
    edited April 2018
    Nyctelios said:
    The tone... it's not great.

    You address harassment posing as martyr only entices them to do more.

    And you open yourself to someone that would say this could be any kind of problem and they would be using (claiming) ddos as an excuse to promote themselves.

    So in response you would have to "prove" it, exposing yourself even more and enticing even more attacks.

    That's why most companies just shut up about it. There is no winning scenario.
    Never smart to dare hackers to "do their worst", in fact not acknowledging them is the best bet.

    Also I think Caspian mistakenly thinks this is an organized attempt to "stop his vision" when really it is likely just some pissed off backer messing with him.

    He should check his records to see if anyone has been particularly hostile in asking for a refund recently.

    ;)
    NycteliosMrMelGibsonLokero

    "See normal people, I'm not one of them" | G-Easy & Big Sean

    "I need to finish" - Christian Wolff: The Accountant

    Just trying to live long enough to play a new, released MMORPG, playing POE at the moment.

    Fools find no pleasure in understanding, but delight in airing their own opinions. Pvbs 18:2, NIV

    Don't just play games, inhabit virtual worlds™

    "This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon






  • MrMelGibsonMrMelGibson Member EpicPosts: 3,019
  • DleatherusDleatherus Member UncommonPosts: 162
    CoE website back up atm

  • IselinIselin Member LegendaryPosts: 12,905
    Dickwads being themselves.

    Love the inspirational rhetoric from Caspian though /s
    MadFrenchieMrMelGibson
    “Microtransactions? In a single player role-playing game? Are you nuts?” 
    ― CD PROJEKT RED
  • LokeroLokero Member RarePosts: 1,513
    I never did understand why anyone would bother doing this to something as pointless and insignificant as a video game.   But, it seems to happen all the time to the gaming industry.

    I mean, it just makes no sense.
    Also, I don't know why a "backer" would do it, unless they got banned from the forums or something.  That would be fairly counterproductive.  Unless, like Kyleran mentioned, someone got refused a refund, perhaps.
  • Panther2103Panther2103 Member EpicPosts: 5,262
    Lokero said:
    I never did understand why anyone would bother doing this to something as pointless and insignificant as a video game.   But, it seems to happen all the time to the gaming industry.

    I mean, it just makes no sense.
    Also, I don't know why a "backer" would do it, unless they got banned from the forums or something.  That would be fairly counterproductive.  Unless, like Kyleran mentioned, someone got refused a refund, perhaps.
    But at that point DDOSing costs quite a bit, you are spending probably way more than your pledge to make a point? That would be weird and pointless too. 
  • IselinIselin Member LegendaryPosts: 12,905
    Lokero said:
    I never did understand why anyone would bother doing this to something as pointless and insignificant as a video game.   But, it seems to happen all the time to the gaming industry.

    I mean, it just makes no sense.
    Also, I don't know why a "backer" would do it, unless they got banned from the forums or something.  That would be fairly counterproductive.  Unless, like Kyleran mentioned, someone got refused a refund, perhaps.
    But at that point DDOSing costs quite a bit, you are spending probably way more than your pledge to make a point? That would be weird and pointless too. 
    Weird and pointless pretty well describes the mind of the big pledgers as far as I'm concerned :)
    MrMelGibsonAnOldFartSlapshot1188MendelKyleranSpottyGekkomystichazeDakeru
    “Microtransactions? In a single player role-playing game? Are you nuts?” 
    ― CD PROJEKT RED
  • LokeroLokero Member RarePosts: 1,513
    Lokero said:
    I never did understand why anyone would bother doing this to something as pointless and insignificant as a video game.   But, it seems to happen all the time to the gaming industry.

    I mean, it just makes no sense.
    Also, I don't know why a "backer" would do it, unless they got banned from the forums or something.  That would be fairly counterproductive.  Unless, like Kyleran mentioned, someone got refused a refund, perhaps.
    But at that point DDOSing costs quite a bit, you are spending probably way more than your pledge to make a point? That would be weird and pointless too. 
    Certainly, that's how I'd see it... But, I could definitely picture someone being refused a refund and then blowing more money just to attack them out of spite.  Obviously, people today have more anger than good sense.
    DakeruMendel
Sign In or Register to comment.