Authentication Implementation

[Roboyed]

Agreed, if nothing is done, then the attacks will continue. People will lose interest and leave, unless some form of protection is used. Wish I could help in some way, but I'm pretty much useless in this regard.

[Bacta]

Greetings ROR Crew,

First off, you guys are amazing for what you are doing. Thank you from the bottom of my bleeding heart!

Obviously, the attacks and server downtime are killing our community and players that log in. When people get attached to a game, like this one, it is all they can think about. It is all they want to do. The attacks are severely damaging the player base and its activity. Eventually, people will stop trying. NA is nearly non existent for RVR in prime evening hours for the past few weeks for ALL tiers.

How can you combat this? There must be a solution?

How hard is it for you to implement a second layer of authentication to the server? I assume difficult as it has not been done yet..

If your player base funds the cost of this, how would that be conflicting with Mythic and taking money for this game? It would be taking money for the servers which run it. Myself and I am sure 90% of this community would back it fully and within one day regardless of the cost, you would have the funds needed.

Is there anything that can be done? Or do we face issues like this with no end in sight? It will ruin what you have going and no one wants that.

We will support whatever needs to be done and I find it hard to believe there would be an issue with us funding the defense of this server.

I hope we can rise above this and make ROR what you aim for it to be.

Mad Respect,

Darkmoon

As stated before Dev's can not receive any money for this project even if it is for the hardware. Also an Authenticator would not stop a DDoS attack. Easiest way to stop a DDoS is add more bandwidth. Aslong as the Devs are working with Cloudflare thats all they can really do.

[roadkillrobin]

If they attack login server or the identifaction server you wouldn't be able to login either. They just need to attack either part in the chain to deny people to login The only way around it would be to use servers with the capacity of handeling 10x the numbers as this seem to be the attack ratio.

[Foofighter]

just out of curiosity, the ddos, it can basically be someone paying for the server to be ddosed or someone who has their own way of ddosing servers, but simply this is a individual or several who have a problem in particular with the server or the dev team right? Or is an unending tide of douchebags who like dont even play or care about the game and just want to ddos because it's just another target and it was alll a matter of time till peoople started doing this?

Not trying to find a culprit just wondering if its acctually something that happened because someone tried to get, for a lack of a better word, "revenge" or just the random casualties of being an online community.

[mynie]

There is no such thing as a generic solution against ddos, as there is many different kind of DDoS.

There is ways to mitigate most of them, but the first step is to get more informations about the attack vector / nature of the DDoS, like the kind of requests/packets received, their volume, the way they target the server, etc.

You wont mitigate the same way an applicative layer DDoS or a network layer3/4 DDoS.
Also, they said there was some impact on the database, it would be interesting to know more about the kind of requests, the way they are stacking, the resources they are accessing, especially if those requests are linked to the ddos.

If the dev team is having trouble to diagnose/mitigate it, i think they should try sharing more informations about it, so that the community can try to help and provide some more precise help.

Cheers
Keep up the good work

[Xahl]

The only thing I find quite concerning is the assumtion that these attacks are supposed to stop. They won’t stop. With server growing there will be more and more of them. Unless there’s some ddos protection in place, server will keep being down more often then not. People will eventually start leaving and that’s something I would not want to see :/

Also my concern, but there is also zilch I can do about it.

[cemen]

theyre gonna respond with "Duhh, we already knew all this ***, we know alls"

meanwhile server still down.. huehue

[Sejanus]

There are cyber professionals that can trace the attack and deal with them accordingly. It's very expensive, I inquired a quote, but they wouldn't touch the server, it'd be between them and the attacker. Dunno how feasible it'd be, but there it is.

[mynie]

A dump/extract of a portion of trafic known as illegitimate would already give a lot of informations for the community to analyze

[Azarael]

theyre gonna respond with "Duhh, we already knew all this ***, we know alls"

meanwhile server still down.. huehue

Spoiler alert: We're not stupid. We have people in the team with all kinds of experience, so yes, unsurprisingly, we have considered things like this.

The recent respite from the DDoS was because we blocked the method they were using. Predictably, they changed the method.