Baldur's Gate : The Sword Coast Chronicles : NWN2 Persistent World

Yup, very much down.

Thanks ddos'er, now i wont die of hunger.

Sigh. Are there traffic logs? Patterns?

Has anyone run the server through shieldsup?

Had anyone, perhaps, looked into something VPN-based?

Or, perhaps, adding extra auth step, and blocking any unauthorised IP?

It seems that there are two possibilities:

1. The guy attacking BGTSCC is a black belt, champion hacker; or
2. There's a way to handle him (after all there are much higher targets than BGTSCC on the generic hacker's list and most of those work almost all the time; there has been the occasional big attack that makes the news, but none of these last more than a few days).

I'm betting on 2; it's got about a 99.99% probability.

Perhaps if everyone spoke to their most tech savvy friends and got them to cast their nets we will get a way to deal with this.

We're pretty sure our attacker is just using brute force DDOS attacks. You don't actually have to have any technical skill to pay a DDOS website to launch an attack for you. We also suspect this is why the attacks are intermittent, as opposed to constant or continual, because they are not free.

Our host provides some anti-DDOS services, which helps mitigate some of the attacks (though you will probably notice server-side lag spikes). We may try to invest in some additional protection if it is viable and not too expensive, but that's ultimately up to Luna.

Maecius wrote:We're pretty sure our attacker is just using brute force DDOS attacks. You don't actually have to have any technical skill to pay a DDOS website to launch an attack for you. We also suspect this is why the attacks are intermittent, as opposed to constant or continual, because they are not free.

Our host provides some anti-DDOS services, which helps mitigate some of the attacks (though you will probably notice server-side lag spikes). We may try to invest in some additional protection if it is viable and not too expensive, but that's ultimately up to Luna.

Have you guys looking investigated incoming traffic? Which port, from which addressses, etc?

I'd bet this kind of thing can be blocked on ISP level or router lever of whoever hosts the server right now.

Basically, the very first thing I'd try to do in this kind of situation is to attempt to analyze incoming traffic, see if there's some pattern, then also try to block anything that is not absolutely necessary for functioning of nwn2 server, so it shows on "shieldsup" as "all clear".

Have you tried that?

It should be also possible to get assistance on other online communities (well, serverfault could work, even though most people on SE network are lawful evil IRL).

Maecius wrote:We may try to invest in some additional protection if it is viable and not too expensive, but that's ultimately up to Luna.

If you need to invest in some kind of protection, we could do some kind of fundraiser. I would be willing to put up a few dollars to get the server back online.

Maecius wrote:We're pretty sure our attacker is just using brute force DDOS attacks. You don't actually have to have any technical skill to pay a DDOS website to launch an attack for you. We also suspect this is why the attacks are intermittent, as opposed to constant or continual, because they are not free.

Our host provides some anti-DDOS services, which helps mitigate some of the attacks (though you will probably notice server-side lag spikes). We may try to invest in some additional protection if it is viable and not too expensive, but that's ultimately up to Luna.

As am I, willing to put down $300 if it'll help.


Edit: ddosdeflect.com might be a good idea - it basically acts as a 'redirect' while also filtering out all bad traffic automatically - it works by connecting to their special IP address which then acts as a filter, once the filter detects you as not spam - you are then redirected to the real 'IP' this simple trick could be really effective at putting these attacks to rest. The only issue we have here is it would require the admin to change the server IP address and keep it secret, instead the IP address given to us by ddosdeflect would have to be used and would act as our 'firewall'

The only real issue I have with this plan is once the client joins the server, it exposes the real IP - which can be found by tracing; though I suspect the guy(s) behind this are too stupid to figure out how to do that as DDOS attacks are the real life equivalent of throwing eggs at windows, even 13 year old kids can do it.

Neg, we are monitoring traffic. I don't want to discuss mitigation details in a public forum, however, on the chance that it's being monitored by the attacker.

Damien, trogers, your generosity is appreciated, but I'd hold off on donating for the explicit purpose of DDOS mitigation until Luna's made some sort of decision on the matter. Luna's the only one with purchasing power for the server.

Most entertaining solution! Gather funding, and hire a crack team to track him down. Hire a photo crew to capture the look on his face when 30 angry nerds in full costume armed with longswords and such show up on his front lawn.

I picture it something like this:

https://youtu.be/n75PgMSxAOw

Hmm bad days lately, here in Sweden there was a major attack on online news paper sites yesterday, all bigger papers whent down all evening

AstralisAdept wrote:I picture it something like this:

https://youtu.be/n75PgMSxAOw

More like this

https://www.youtube.com/watch?v=0t71cexWzvM

I picture the audio sounding more like this - "I am so 1337's lel top kek pwned rekt @ BG #Iam haxxorz!" . . . *notices the army of pissed off RPers* . . . "OH SHAZBOT!"

I'm sure this is something already being discussed or currently in play right now but.... Would it be worth while to assemble a security team? It sounds like we have a decent set of folks who have enough knowledge behind them when working together to lock this loser out.

I know at my job alone we have 3 people who's primary job is security, then 3 more who are part of the monitoring group as second level assessment and when an attack or threat happens that group becomes 12 spread across the varying tiers. This is all for supporting a network of about the same amount of users BG supports on a regular basis.

If it is already in effect, how can those of us in the dark be used/accepted to assist?

Or after the staff gets truly pissed it might end up looking like this.

https://youtu.be/IGkYUjy8NnM

I don't have any technical savvy to contribute. But if I can help by throwing money at a solution, just point me in the right direction.