Wurm Online Offline: Puts Out Bounty To Catch DDoSsers

By John Walker on February 20th, 2014 at 2:00 pm.

Wurm Online, the long running MMO famously co-created by Notch, is currently Wurm Offline. Some scumbag DDoSpots took the site offline this week, and it’s not yet back up. In response the developers, Code Club AB, have offered a €10,000 reward for “tips leading to a conviction.”

This is all the more galling for the studio, as the game’s 1.2 update (they only reached 1.0 in 2012, six years after it launched – 1.2 was a big deal) was launched on Tuesday. That was the day the DDoS was launched. At the time they stated on their site,

“We can offer 10 000 Euro for any tips or evidence leading to a conviction of the person responsible for this attack.”

Yesterday the attack was still ongoing, so their Swedish hosts were forced to keep the game offline. The company updated to say the game is still not back up, but they’re hoping for soon. And they’re going for a hosting change.

“Since we do not know how, when or under which circumstances our current hosting company want to bring our servers back online we are working on retrieving the data from those servers and put on the new planned hosting. We have the new hosting prepared but it will take a while to set it up.”

So new servers should mean improved performance for the game overall. They’re making lemonade. And as RPS knows, a good host can mean DDoS attempts can be headed off at the pass. And they have the game data from moments before the attack, so if they need to roll back, it shouldn’t affect players too seriously.

At the time of writing the registration servers weren’t yet up and running, but the chances are – teething issues aside – it could be back to normal by this evening.

__________________

« | »

, , .

28 Comments »

  1. BTAxis says:

    Do DDoSers ever get convicted?

  2. SuddenSight says:

    Are they certain it isn’t just an unusually high player load? Especially considering they just added a major patch?

    • John Walker says:

      DDoS is very easy for a host to identify.

      • Wisq says:

        Yeah, John’s right. Usually, the amount of legitimate traffic your servers could expect to see (let alone handle) is at least one order of magnitude below your max traffic, if not several more. Seeing your main pipe fill up is pretty much enough indication on its own — but for easy proof, you just need to take a brief sample of traffic and look at it, and you’ll know immediately.

        Source: We host tens of thousands of online stores, and we identify and safely handle DDoSes pretty much weekly these days (although some are such bad attempts that they pass under our radar completely).

  3. Rovac says:

    This one of those things that people do because they can, right?

    For the lulz and such..
    (something just ate my comment)

    • BTAxis says:

      Actually, it’s a business. There are people who actually advertise their DDoS “services” to anyone with an interest in bringing down something on the internet.
      Example: http://www.youtube.com/watch?v=c9MuuW0HfSA

      • Wisq says:

        Yeah. Also, some of them are foreign ISPs with shady owners that operate DDoS business on the side. Of course, those are easier to block, mostly coming from the same country.

        From what I’ve heard, the best DDoSes are massive attacks from ordinary computers that have been compromised with viruses/worms/malware that turn them into zombie DDoS clients, taking orders from a central source. (Usually these are attacked by taking out their central source so the clients can’t get orders any more.) Whether the virus creators (and hence, DDoS controllers) are doing it for kicks or doing it for business varies, but either way, these DDoSes tend to be brief “displays of power” because running them too long risks damanging their own zombie network (as people run malware scans and/or ditch their “slow” computers for new ones).

        It’s true that so-called “Anonymous” is able to pull quite a bit of DDoS clout when they feel like it, but that could also just include people paying for these services, and/or some service owners who are in (or know someone in) Anonymous, themselves.

        • Hahaha says:

          Lol and a lot of them are protected by cloudflare an american company also you don’t make money by renting a service you make money by renting out the service so the question is still why hit wurm.

      • JamesTheNumberless says:

        These attacks can also be part of a protection racket. Pay up or they take your servers offline when it will hurt you most. Crime never changes.

  4. Maxheadroom says:

    On the plus side it’s a bit of free (or maybe no so free) advertising for them. I honestly didn’t think this was still running.

    Every cloud n’all

  5. Bodge says:

    As a heads up, the RPS village Willow Cove on release is still around. At the moment there is only a couple of us but if you fancy joining us give Bodgemonkey a ping ingame. We currently have some very active neighbours and a very friendly alliance.

  6. Mortomes says:

    The servers have gone back up in the past hour or so. Hurray.

  7. NathanMates says:

    I’m still patching — in my spare time, on my own dime — a PC game (Battlezone II), originally released in 1999. Game servers aren’t centralized, but hosted by whomever pushes the “create game” button. Sessions have been occasionally suffering from DDOS attacks from a vocal minority of players who disagree with other game’s choices of mode (PvE is attacked, not PvP) or even map/mod — anything not running their favorite mod is sometimes attacked. Most of the remaining players for that PvP mode *WILLINGLY* play with those griefing players, and defend doing that to others. When pressed, they defend playing with griefers because they fear their games will be similarly destroyed if they tell the griefers to go away — they’re more concerned about their games in the short term than long-term community survival.

    Somewhat tellingly, players playing PvE have pretty much never deliberately griefed other games, other than occasionally joining a PvP and being a n00b and hurting whatever team they’re on by the additional deaths. The PvPers call that griefing, as if it’s remotely comparable to DDOS attacks.

Comment on this story

XHTML: Allowed code: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>