The Redmont DetectiveServer Down Sporadically: DC Suffers DDoS Attacks
When can you expect the server to go back to normal?
DDoS Attacks Disrupt DC
In the middle of the Oakridge press conference at 1pm PST yesterday, public transit crashed and players were transported to cave systems beneath spawn or found themselves in white voids. The entire DC server had come to a screeching halt.
The crash brought over 200 online players to Statecraft, which held for a few minutes, before crashing as well.
At 1:16, server officials began to respond to the situation.
"Our server room is on fire for a moment, we're working to resolve this as quickly as possible."
At 3:31pm, the server was back online at low capacity, but the following hours up to the present moment housed less than 20 people on the server at a time, and suffered frequent crashes.
At 7:30pm, the source of the server issues, despite a high-quality protection plan, was found to be an intense series of DDoS attacks targeted at the DC and SC servers.
Why Did The Attack Happen?
The current protection plan for DC/SC is Cloudflare + Layer 7. It is considered widely one of the most effective protection services and has many additional services to protect MC servers at layer 7, but has a major drawback when identifying harmful protocols that possibly led to this particular prolonged attack and outage.
- Cloudfare Does not typically inspect packets deeply. Client crash reports have consistently mentioned problems with packet IDs.
When Will The Server Return?
Our server admins are doing their damnedest to put an end to the attacks, but this has proven to be a particularly tough situation that may require additional anti-DDos tools or additional hosting services.
However, these attacks have a typical lifespan, depending on the persistence of the attacker.
Most packet ID focused attacks last 24-72 hours, but in rare cases have lasted up to 2 weeks when attackers were particularly motivated.
The Typical Timeline of Similar DDoS Attacks
(Hours 1-6) "The Testing Phase"
- The Initial attacks were launched
- The attackers crashed the server
- The attack was temporarily stopped to analyze the crash and set up attack loops (This coincides with the admin announcing the server was back up for a short period at 3pm the day of the attack)
(Hours 12-72) "The Automated Loop"
- Using the crash data, the attacker sets up a bot to repeatedly send the server malformed packets, consuming server CPU rapidly
(Days 4-7+) "The Targeted Campaign"
- In the cases of extortion of the server owner, or owners of competing servers launching the attacks, the DDos campaign can last upwards of a week.
- In some cases, attackers will modify the targeted packet IDs to try and bypass and fixes the server administrators might try to pass
It's hard to get a clear picture on the motives of the attacker, especially in such an intense set of a attacks, and right after a large scale event like a server election that ended a single party reign over DC.
Further information on the nature and duration of the attacks is needed to find out the actual motives of the attackers.
For now, we're asking the citizens of DC.
Share your thoughts and theories below, and as always, Thanks For Reading!
Have information on the state of the server? Find me on discord under Moveslikecarter_72167.
More from The Redmont Detective
The Dawn of a New DC
How Can YOU Get Involved In the New DC SPORTS LEAGUE?
Is this Bar DC's New Hotspot? Transbar Success Battles Hate
Elsewhere on Gnomestack
Browse all posts โ
Free
Lenore's SummariesThe 6/7 Revolution - What was it, exactly?
Left wondering what the hell exactly happened during the 6/7 Revolution?
by Lenore Eksplosive ยท
Free
Juniper BlogIn Response To "Addressing the State of the Server"
This is not just about Julia's deadname. End's staff abuse goes far beyond one incident. Don't let them control the narrative.
by juniperfig ยท
