[OUT OF SCOPE] Ddos attacks on multiple servers!

[Deleted member 3500]

Devs, you guys need to fix this. We've had countless hackers, and trolls attacking multiple servers including CA using Ddos. This needs to stop ASAP! Whoever is behind the attacks needs to be banned, as well as anyone associating with the attacker. Ddosing is an illegal cyber-terrorist act here in the US, and it can not be allowed to happen, at all, on ANY server. Fix it please, for the sake of the Community and your mod's survival.

 

[Duckshark]

Yes, continue telling developers of an indie mod to solve ddosing. Not like the US government hasn't been ddosed before, right? I guess the devs are just so lazy they won't develop ddoser banning software. OH WAIT! You don't need to be on a server to ddos it so banning does nothing!

If you want an actual solution: use better anti-ddos server providers for your servers or delist your server so they can't find your IP to ddos it with.

 

[MaceMadunusus]

We cannot do anything about DDOS attacks on servers we do not own. That is up to the server owners and their providers.

 

[Deleted member 3500]

Yes, continue telling developers of an indie mod to solve ddosing. Not like the US government hasn't been ddosed before, right? I guess the devs are just so lazy they won't develop ddoser banning software. OH WAIT! You don't need to be on a server to ddos it so banning does nothing!

If you want an actual solution: use better anti-ddos server providers for your servers or delist your server so they can't find your IP to ddos it with.

De-listing the Server wouldn't be productive, and wouldn't allow players to find the Server, thus not allowing us to recruit more members for CA.

 

[Fluffy |>]

Imagine caring enough about mb2 to ddos it

 

[Deleted member 3500]

Imagine caring enough about mb2 to ddos it

This isn't a joke. This is a serious matter that needs to be addressed.

 

[The Unguided]

I agree it's a serious problem that must to be fixed but I'm not sure why you think it's a dev's responsibility when we have no rights over a server we really do not own. Even if somebody wanted to help, they cannot for this very reason.
At the same time I’d appreciate if someone could at least try to work out something. This cannot be left in the air hanging. :/

 

[Deleted member 9255]

I found player who doing that in EU region

 

[UDrew]

We cannot do anything about DDOS attacks on servers we do not own. That is up to the server owners and their providers.

I keep seeing this type of response each time I see this topic brought up, so I just want to ask, are the official servers successfully mitigating this issue? If so, would you be willing to share specifics on what you were able to do to accomplish that? I'm not much of a network guy myself, but I've been trying different solutions and the DDOS still lags my server enough to impact gameplay. Here's a bit about what I've tried:

• I'm using a recent version of openjk (Dec 2020). When I compiled and used the latest openjk I got some occasional crashes that I didn't before, so I still have to look into that. I didn't see any openjk changes between now and then that would help with DDOS though.
  
  
• I did get my provider's (Vultr) DDOS protection (supposedly traffic is routed through their "mitigation farm" prior to reaching my server to filter out the junk traffic), but it seems to only moderately help the issue. They detect the attacks just fine but CPU usage during the attack isn't much less than without it, so I suspect much of the traffic is still getting through. I'm still talking with Vultr to see if there is more that can be done, because I believe handling the traffic before it hits my server is the ideal way to go.
  
  
• When that didn't work, I setup some of the IP Tables that I found here and here (Change the port(s), of course), but they don't seem to have helped much either. It's possible though that this isn't the same type of attack as the Amplification Attack mentioned in those links, I'm still learning more on how to identify all that, but it does appear to match the type of behavior I'm seeing.
  

So while I do understand that it is ultimately up to us as third party server owners to implement changes to help mitigate issues, I don't think I'm alone in saying that it would be nice if we could be pointed in a specific direction if there are known solutions we can implement. If this information is out there somewhere and I'm just missing it, I apologize, but I've been searching around and haven't found much else aside from what I already listed above except for the occasional "PM me for something to try," "Buy my service instead," or "There really isn't anything we can do."

 

[MaceMadunusus]

I keep seeing this type of response each time I see this topic brought up, so I just want to ask, are the official servers successfully mitigating this issue?

The official servers including even our infrastructure (gamestats, website, etc) have been hit several times during this and from personal experience the official servers seemed much more playable and almost never fully went down during the attacks. There were some issues but that was also before Spaghetti added additional protections to the servers and I haven't been on after that.

I don't have much actual details to help myself, as I didn't set up anything, so you will have to wait for a response from someone like Spaghetti but he is also on a small vacation right now.

Working on stopping it is still mostly going to be on the provider side for anyone using a service.

 

[Deleted member 3500]

The official servers including even our infrastructure (gamestats, website, etc) have been hit several times during this and from personal experience the official servers seemed much more playable and almost never fully went down during the attacks. There were some issues but that was also before Spaghetti added additional protections to the servers and I haven't been on after that.

I don't have much actual details to help myself, as I didn't set up anything, so you will have to wait for a response from someone like Spaghetti but he is also on a small vacation right now.

Working on stopping it is still mostly going to be on the provider side for anyone using a service.

I hope the attacks get resolved very soon, the Ddos has made MBII as a whole completely unplayable for the last few days for me, and several others in CA. This issue can directly effect the status and life of MBII itself, and if this continues then I don't see how the mod will survive that long, as it has the potential to drive players away from various servers and in essence will eventually kill the mod.

 

[Fang]

perhaps license the additional security to other owners for now. its pretty bad.

 

[Valkyrie]

A start would be to gather all community host, and work together for our common protection against DDoS. Over the years there has been many people building up good shields for network attacks, most of the time these fall into oblivion after such person become inactive...

I believe it is the developpers responsability to share their legacy of work regarding firewall on the matter. We the host would benefit from being more unified in not just our defense, but also as a whole for players experience.

There is something of that we've been trying in EU. A discord server where only server host are invited, and serve as a channel to discuss any relevant technical topic.
Next step would be to bring that to every regions.

 

[MaceMadunusus]

and if this continues then I don't see how the mod will survive that long, as it has the potential to drive players away from various servers and in essence will eventually kill the mod.

This isn't new to us. We have been under sustained DDOS attacks that have gone on for long periods before. We can recover.

perhaps license the additional security to other owners for now. its pretty bad.

I believe it is the developpers responsability to share their legacy of work regarding firewall on the matter. We the host would benefit from being more unified in not just our defense, but also as a whole for players experience.

Well part of the issue is that this is an active attack and things can change on the fly and need semi-active monitoring in case something changes and conditions may be different for each server. It is also possible it is a server owner doing this (and there have been allegations of this being the case), so it would only have to be server owners we trust because its an active battle kind of thing because if they know some of the things were doing, they can easily switch up to get around it.

 

[Defiant]

I believe it is the developpers responsability to share their legacy of work regarding firewall on the matter. We the host would benefit from being more unified in not just our defense, but also as a whole for players experience.

You believe very incorrectly. Security of hosts is the responsibility of the hosts. It's enough trouble being responsible for one set of infrastructure taking on responsibility for everyone else's is plain ridiculous. Every server host operates in a unique environment, what works well for one host might not work at all for another host, and what works well today might not work at all tomorrow for any given host.

It is best for the community to have as many different unique solutions as possible. Not only will these be better tailored to protect each bit of infrastructure it gives the community as a whole defense in depth by preventing a one size fits all DDOS.

I keep seeing this type of response each time I see this topic brought up, so I just want to ask, are the official servers successfully mitigating this issue? If so, would you be willing to share specifics on what you were able to do to accomplish that? I'm not much of a network guy myself, but I've been trying different solutions and the DDOS still lags my server enough to impact gameplay. Here's a bit about what I've tried:

• I'm using a recent version of openjk (Dec 2020). When I compiled and used the latest openjk I got some occasional crashes that I didn't before, so I still have to look into that. I didn't see any openjk changes between now and then that would help with DDOS though.
  
  
• I did get my provider's (Vultr) DDOS protection (supposedly traffic is routed through their "mitigation farm" prior to reaching my server to filter out the junk traffic), but it seems to only moderately help the issue. They detect the attacks just fine but CPU usage during the attack isn't much less than without it, so I suspect much of the traffic is still getting through. I'm still talking with Vultr to see if there is more that can be done, because I believe handling the traffic before it hits my server is the ideal way to go.
  
  
• When that didn't work, I setup some of the IP Tables that I found here and here (Change the port(s), of course), but they don't seem to have helped much either. It's possible though that this isn't the same type of attack as the Amplification Attack mentioned in those links, I'm still learning more on how to identify all that, but it does appear to match the type of behavior I'm seeing.
  

So while I do understand that it is ultimately up to us as third party server owners to implement changes to help mitigate issues, I don't think I'm alone in saying that it would be nice if we could be pointed in a specific direction if there are known solutions we can implement. If this information is out there somewhere and I'm just missing it, I apologize, but I've been searching around and haven't found much else aside from what I already listed above except for the occasional "PM me for something to try," "Buy my service instead," or "There really isn't anything we can do."

There are no firm answers that I can give you. So far as I am aware the attacks are targeted at the physical hardware and not JKA. A beefy enough server may be able to cope with a software firewall that has been correctly configured. "Correctly configured" could change multiple times per second. The DDOS attacks will be able to scale up much faster than hardware can be scaled up to cope. A properly configured hardware firewall is orders of magnitude better than any software firewall, but also more expensive. A load balancer in front of more than one hardware firewall is even better but even more expensive.

If money were no object, personally I would set myself up in Azure or AWS and use all the tools at my disposal there - but that is probably prohibitively expensive for running a game server from 2003.

This is a fundamental flaw in the architecture of the Internet.

 

[Valkyrie]

so it would only have to be server owners we trust

Surely after all that time I am hosting you've made alot of step forward in that direction...

It's enough trouble being responsible for one set of infrastructure

Apologise, next time we make your game alive by paying from our pocket, I'll remember it's causing you troubles...


Yet another gigantic leap forward between host-dev communication. This will continue like this for ever with that attitude. I have proposed you many times to improve the bounds and the direct talk. You treat me (us?) like we are incompetant and troublesome.

Again it was my big mistake to even dare to think you would take this chance to finally unite your hosts together.

 

[Defiant]

Apologise, next time we make your game alive by paying from our pocket, I'll remember it's causing you troubles...


Yet another gigantic leap forward between host-dev communication. This will continue like this for ever with that attitude. I have proposed you many times to improve the bounds and the direct talk. You treat me (us?) like we are incompetant and troublesome.

Again it was my big mistake to even dare to think you would take this chance to finally unite your hosts together.

I'm not sure what you want here. There are 60 servers give or take - some will be in a common host environment so lets say that is conservatively 40 different setups with differences ranging from different bandwidths, different network hardware, different operating systems, different levels of access to anything. It is not feasible for us to look after 40 completely different setups beyond ensuring MBII works on any reasonable setup under normal circumstances. We cannot even give meaningful advice because every DDOS could be different - there is not just one type and the best option for mitigation will always depend on what type of DDoS is happening, the environment the attack is happening in, the tools to hand, and what tools can be made available (I.e. how much extra money someone is willing to throw at the problem)

We don't tell clients what security environment they have to operate in - even though if you get a virus it might interfere with your ability to play MBII - I don't know why you think we are suddenly responsible for a computer's security environment because someone loads up jampded.exe rather than jamp.exe.

I think you are just being difficult to be difficult. You seem to think you are special because you are a server host and somehow that should make you more privileged in the community. I hear nothing but complaints about your servers - but because we are nothing if not fair to everyone, and you've actually managed to stick to the master server rules recently - but you are not entitled to more support or information than anyone else.

 

[Arthas]

NA MB2 is dead lol

 

[cannonfodder]

NA MB2 is dead lol

May we all find better games to play

 

[Leo]

May we all find better games to play

nah NA scene is dead in every single game I swear