Server down?

[Wandering_Woodsman]

It makes us all go crazy.

And it's usually a real short trip....

[Shayda]

*whisper* Hey.. pssst.. I want to play...

[CleverUsername123]

How long has it been down now?

[Wyatt]

Hasn't been up for more than 10 or 15 minutes in the last several hours.

[Maecius]

Apologies, I was at work. Getting it up and running now hopefully!

(It looks like we've been getting more DDOS traffic today unfortunately.)

[Juramenta]

Are we certain they are DDoS attacks?
If so, would it be smart to only send the new port adress to those who are online and registered to the forum?
So you can start adding people one by one while keeping track untill you can catch the culprit?
I do not know a lot about this stuff, so I assume my idea is to simple to work. Better yet, think it is better to leave the thinking to actual tech savy people haha.

Anyways, is it possible to get an official forum update on what is going?
Think that would help a lot of people who like to come to the forum to check what is going on without having to actually post their questions.

[Necrotic Shadows]

The server.. it hates us. we angered the Faerun deities.

[Necrotic Shadows]

Are we certain they are DDoS attacks?
If so, would it be smart to only send the new port adress to those who are online and registered to the forum?
So you can start adding people one by one while keeping track untill you can catch the culprit?
I do not know a lot about this stuff, so I assume my idea is to simple to work. Better yet, think it is better to leave the thinking to actual tech savy people haha.

Anyways, is it possible to get an official forum update on what is going?
Think that would help a lot of people who like to come to the forum to check what is going on without having to actually post their questions.

Agree heavily with this idea. It would of course make it hard for new players to find us, but for the time being it makes it safe for those of us who've been playing here faithfully. is that a selfish thought? totally is, I'm still going with it.

[Maecius]

I'll see if Endelyon wants to take a "whitelist" route.

It would make connecting a lot more difficult for people (you'd basically need to ask permission), but it could be a temporary fix if this guy's found a new cause to be angry at the NWN2 community or BGTSCC again.

[Young Werther]

I don't see a white list covering all the bases well enough.

[Aspx]

You assume those responsible do not have access to the forums.

Are we certain they are DDoS attacks?
If so, would it be smart to only send the new port adress to those who are online and registered to the forum?
So you can start adding people one by one while keeping track untill you can catch the culprit?
I do not know a lot about this stuff, so I assume my idea is to simple to work. Better yet, think it is better to leave the thinking to actual tech savy people haha.

Anyways, is it possible to get an official forum update on what is going?
Think that would help a lot of people who like to come to the forum to check what is going on without having to actually post their questions.

Agree heavily with this idea. It would of course make it hard for new players to find us, but for the time being it makes it safe for those of us who've been playing here faithfully. is that a selfish thought? totally is, I'm still going with it.

[DM Creo]

Are we certain they are DDoS attacks?
If so, would it be smart to only send the new port adress to those who are online and registered to the forum?
So you can start adding people one by one while keeping track untill you can catch the culprit?
I do not know a lot about this stuff, so I assume my idea is to simple to work. Better yet, think it is better to leave the thinking to actual tech savy people haha.

If this idea could actually work, then I personally do not mind the added inconvenience at all! I must apologize to everyone that had a event time set with me for today. I know some players have been waiting more than a week now and I really hate to disappoint you. However due to the current possible DDoS traffic, I think it is best we reschedule.

[Arcanum]

I'm new to the server and have been playing here for some months now and would like to continue to keep playing here if you should decide to make it a permission request to enter into the game. Community and forum Name is Arcanum.

[DivinityDelayed]

I've tried to stay off the forums... but this has finally brought me into the 'light' hehe.

So, DDoS attacks are a complicated thing. Usually they utilize bot networks of dormant computers across the globe, and preferably within the country they are trying to attack. This prevents the usee of border gateways to shut down the traffic spamming. Border gateways are, you might guess, physically located at country borders usually as an interconnect POP (Point of Presence). For example, the US has several on the west coast, and East Coast for trans-atlantic fiber optic networks.

So how it works is the malicious party gains control of a number of computers, sometimes thousands, and their code lies dormant until a 0 Day timer goes off, or a command is given to the units that are checking in. This then initiates a protocol to have those hundreds or thousands of computers (home PCs, work PCs, laptops, servers, web servers, or in rare cases even mobile devices etc.. whatever they can exploit and execute code on) do a command. In some cases this is flooding a particular target with garbage data. With that many requests the targets cannot keep up and we have buffer overrun, the queuing for packets fails and we lose the legitimate information in the chaos. The failure is usually on the router end, as that is typically the network bottleneck.

So if this was a DDoS attack, it would not likely be targeting the bgtscc server itself. A goodly number of machines are needed to do this, and frankly, it's a game, nobody cares that much. Also, most 'gamers' are not actually 'hackers' or coders that generate and distribute malware that does this, as it is punishable by law in most countries as a cyber-crime. As I've seen over the last few days, it seems our admin team has tried changing ports, only to have it be kicked offline again (that's why it doesn't show up in favorites, but on the Role Play list sometimes). Now, that being said, it could be a DDoS attack against the provider, which is more likely the case. The provider network is the contracted internet connection that the server uses to communicate outside of it's local area and to the internet.

Whitelisting is a terrible idea. Here's why: When you whitelist, you cannot filter as easily. Also, many of the players are likely using their client software at home, and most ISPs hand out dynamic IP addresses. True, they may not change very often, maybe only a few times a year, but it is at the whim of the provider on how long the DHCP leases last for. It is rare to have non-business class internet with a static (non-changing) IP address for your endpoint. This has to do with IP address administration globally across IPv4 networks, because we still do not route the internet in IPv6. So, player logs in after a long day at work/school, and is unable to access the server until the whitelist is updated by an admin. No just a DM, an admin.

So usually these types of things will go on for a day or two and then peter out, the world goes about their business, FBI starts their investigation, etc. It would be on the server admins to ensure that their provider is notified, and open a trouble ticket if down-line services are to blame.

Another possibility is the server is having problems with the OS, which is causing services and programs to fail. It would be interesting to hear from the server owner's mouth (keyboard, rather) about what's going on.

[Wandering_Woodsman]

I could be mistaken here, so bear with me.

I've not said anything about only authorizing specific people. I was speaking more keeping the IP address of the server PRIVATE, and only have it spread by word of mouth from player to player.

Currently, anyone can see the IP, whether or not they're logged into the forums here or not. This is also true on the NWN list within the program itself.

I am speaking of keeping the IP within the ranks, so to speak, rather then a global "HEY, LOOK AT ME!" type scenario.