DDoS attacks on O3/disc runs


#1

What is DECA going to do about this issue? It’s been 3 days now with DDoS attacks stopping people from actually playing their game.

Edit: Basically it’s a “Distributed Denial-of-Service” attack where they disrupt the traffic of the game, probably due to the fact the IP address is public. I’m no expert in networking but I just want to get DECA to rectify the issue. It has been a real issue this last week for many O3 discs like O3 Sanctuary and Divinity as well.

Edit #2
Update: Now Lost Halls discord runs are being DDoS attacked today 9/29 the first day of LH during MOTMG. Great. The hacker was practicing for motmg and now he will probably successfully stop hundreds maybe thousands from getting any loot this week. DECA you going to do anything? Actually getting pissed now. Don’t expect me to spend anymore money without a response.


#2

I’ve heard of ddos, and am aware of what it does, but I have never known what the acronym stands for.


#3

Distributed Denial of Service
D D o S


#4

Im sure they’ll get around to it on the 23rd, I heard they’re fixing the gravestone bug as well on that date. Like the infamous “Golden dagger” realm crash, something within the game’s code doesn’t agree with a certain event/action and so whenever someone does whatever this/these specific events/actions are, realm doesn’t know what to do with it and explodes promptly. My guess is this is an exploit rather than a DDoS/DoS -

As a server administrator on a gaming network I’ve been through my fair share of direct attacks, a good example of a DDoS is one person sending thousands of connections to join at once, essentially hanging the server, either crashing it or not having open slots for anyone to join (the specific server was Terraria). Another one was Starbound, where someone did the same thing, only this one took over 60 gigs of ram during they attack and crashed the box that hosted all the servers, very dangerous stuff.

T̶h̶e̶y̶’̶r̶e̶ ̶t̶o̶o̶ ̶b̶u̶s̶y̶ ̶m̶a̶k̶i̶n̶g̶ ̶s̶u̶r̶e̶ ̶g̶r̶o̶u̶p̶ ̶t̶a̶n̶k̶i̶n̶g̶ ̶i̶s̶ ̶f̶i̶x̶e̶d̶ ̶t̶h̶o̶u̶g̶h̶,̶ ̶i̶n̶d̶u̶b̶i̶t̶a̶b̶l̶y̶ ̶a̶ ̶h̶i̶g̶h̶e̶r̶ ̶p̶r̶i̶o̶r̶i̶t̶y̶.̶ ̶


#5

nerfing puri is higher priority for them


#6

now instead of rubber banding us (DDos) they are now loading the server up until it crashes…


#7

Just tried another O3 this morning, we god DDoS again and group was cut from 85 to 15 in o3. We got rubber banded so hard we all died or nexus… fun game guys


#9

Update: Now Lost Halls discord runs are being DDoS attacked today 9/29 the first day of LH during MOTMG. Great. The hacker was practicing for motmg and now he will probably successfully stop hundreds maybe thousands from getting any loot this week. DECA you going to do anything? Actually getting pissed now. Don’t expect me to spend anymore money without a response.


#10

God I’m so fucking pissed. Me and my guildies were trying to run LHs and it would go good for awhile but we would always eventually DC because the discord server would come to our server for a run and it takes down the entire fucking server. What a waste of money. Never again.


#11

I remember in the fame train discord there was a screenshot sent where someone PMed Valsined about putting so much work into stuff no one cares about or wants and not even taking the effort to ban idlers (let’s be honest a small contingent of the bot population). Guess what was his response? “It’s called Unity”. :joy:


#12

I just came back to the game a little while ago, but as someone with a lot of network background including botnets & DDOS mitigation. There is NO cost appropriate first strike protection when it comes to a DDOS attack, There is a reason it’s referred to as mitigation and not prevention.

Secondly, Isn’t DECA using AWS hosting? In which case if it was a DDOS and not something like a certain function combination mangling shit due to spaghetti-code, AWS has DDOS mitigation via AWS SHIELD and I guarantee you they would be taking it much more seriously as the blowback from it would affect more than just DECA, Everyone hosted at whatever datacenter would be quite unhappy.

TLDR ; Until I can see some clear evidence it’s a DDOS(In which case, DECA isn’t at fault) and not just some back-end spaghetti code (Which is horrendous to work on), I don’t see any easily faulted party here. Some communication from DECA addressing these concerns would be nice however.


#13

I don’t know if this is “clear evidence” to you, but I can at least describe in detail what was happening last night with the PubHalls runs.

Leader starts a void AFK check (the command for which includes the server location, though the raiders can’t see that). People join, AFK finishes, leader calls server in VC, everyone comes to server and enters the Halls just fine. Less than 2 minutes later, every single person is disconnected. This happened for about a dozen consecutive attempts.

Suspecting that the DDOSer is somehow pulling the location from the AFK check not, a leader starts a “Cult” AFK check, but clearly states both on the discord server and on the VC that it is actually a void run. Everyone arrives, enters, and the run completes successfully about 15 minutes later without any disconnects.

The quantity of people trying to participate in the run didn’t change. The server used didn’t even change. All that changed was that they said they would be doing a cult instead of a void, and that was enough to “dodge the attack,” so to speak.

I don’t understand how these things work (and I was SHOCKED to see the workaround work), but that is what happened. What are your thoughts, with that in mind?


#14

re: the above two posts, I think there is some confusion regarding what each person defines as a DDOS attack.

a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet.

I would consider abusing an exploit or security hole found within the server code (which is most likely) that allows someone to make the server drop connections for whatever reason as a denial-of-service attack.

For example’s sake, if sending a packet malformed in a specific way caused the server to stop responding to every user connecting to it, the issue lies in server code. DDoS mitigation from your server’s host does nothing against this, it is a single packet from a single machine that topples your own code.

While I can sympathize with the fact that debugging and dealing with legacy server code you’re stuck with is godawful, ultimately Deca is running a service for profit. The end user is not expected to understand the difficulty of being stuck with game-jam spaghetti netcode, and should not be expected to do so. They are paying for a service and they expect the service to be provided, otherwise they will go elsewhere.
(as much as we would prefer to not consider a video game to be a service, the line blurs a lot with free-to-play games with such a business model)


#16

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.