Wurm Online Offline: Puts Out Bounty To Catch DDoSsers

Wurm Online, the long running MMO famously co-created by Notch, is currently Wurm Offline. Some scumbag DDoSpots took the site offline this week, and it’s not yet back up. In response the developers, Code Club AB, have offered a €10,000 reward for “tips leading to a conviction.”

This is all the more galling for the studio, as the game’s 1.2 update (they only reached 1.0 in 2012, six years after it launched – 1.2 was a big deal) was launched on Tuesday. That was the day the DDoS was launched. At the time they stated on their site,

“We can offer 10 000 Euro for any tips or evidence leading to a conviction of the person responsible for this attack.”

Yesterday the attack was still ongoing, so their Swedish hosts were forced to keep the game offline. The company updated to say the game is still not back up, but they’re hoping for soon. And they’re going for a hosting change.

“Since we do not know how, when or under which circumstances our current hosting company want to bring our servers back online we are working on retrieving the data from those servers and put on the new planned hosting. We have the new hosting prepared but it will take a while to set it up.”

So new servers should mean improved performance for the game overall. They’re making lemonade. And as RPS knows, a good host can mean DDoS attempts can be headed off at the pass. And they have the game data from moments before the attack, so if they need to roll back, it shouldn’t affect players too seriously.

At the time of writing the registration servers weren’t yet up and running, but the chances are – teething issues aside – it could be back to normal by this evening.


  1. BTAxis says:

    Do DDoSers ever get convicted?

    • SominiTheCommenter says:

      Of what? Sending too many letters in the mail?
      Aggravated HTTP Request Escalation?

      • Low Life says:

        Of DoS attacks. I know they’re illegal in Finland, apparently in the UK, too: link to news.cnet.com

        • iheartpie says:

          And are arguably considered a federal crime in US law under the Computer Fraud and Abuse Act.

          Seems obvious to me, not sure why SominiTheCommenter thinks otherwise. Maybe just one of those people that thinks the internet is only for comments and cat memes, and therefore there are no consequences for anything that happens on it?

      • iheartpie says:

        Google is your friend: link to en.wikipedia.org

      • Eukatheude says:

        There actually are laws against it in several countries.

      • kalirion says:

        Please don’t tell me you actually support those DDOS fuckers.

    • frightlever says:

      I was wracking my brain for the tool used by Anonymous last year. Low Orbit Ion Cannon.

      link to pcworld.com

      So, people get arrested for DDOS, for sure. Whether they get convicted remains to be seen.

    • SomeDuder says:

      The problem isn’t the law, it’s that they are just hard to catch (The botnet users, at least)

  2. SuddenSight says:

    Are they certain it isn’t just an unusually high player load? Especially considering they just added a major patch?

    • John Walker says:

      DDoS is very easy for a host to identify.

      • Wisq says:

        Yeah, John’s right. Usually, the amount of legitimate traffic your servers could expect to see (let alone handle) is at least one order of magnitude below your max traffic, if not several more. Seeing your main pipe fill up is pretty much enough indication on its own — but for easy proof, you just need to take a brief sample of traffic and look at it, and you’ll know immediately.

        Source: We host tens of thousands of online stores, and we identify and safely handle DDoSes pretty much weekly these days (although some are such bad attempts that they pass under our radar completely).

  3. Rovac says:

    This one of those things that people do because they can, right?

    For the lulz and such..
    (something just ate my comment)

    • BTAxis says:

      Actually, it’s a business. There are people who actually advertise their DDoS “services” to anyone with an interest in bringing down something on the internet.
      Example: link to youtube.com

      • Wisq says:

        Yeah. Also, some of them are foreign ISPs with shady owners that operate DDoS business on the side. Of course, those are easier to block, mostly coming from the same country.

        From what I’ve heard, the best DDoSes are massive attacks from ordinary computers that have been compromised with viruses/worms/malware that turn them into zombie DDoS clients, taking orders from a central source. (Usually these are attacked by taking out their central source so the clients can’t get orders any more.) Whether the virus creators (and hence, DDoS controllers) are doing it for kicks or doing it for business varies, but either way, these DDoSes tend to be brief “displays of power” because running them too long risks damanging their own zombie network (as people run malware scans and/or ditch their “slow” computers for new ones).

        It’s true that so-called “Anonymous” is able to pull quite a bit of DDoS clout when they feel like it, but that could also just include people paying for these services, and/or some service owners who are in (or know someone in) Anonymous, themselves.

        • Hahaha says:

          Lol and a lot of them are protected by cloudflare an american company also you don’t make money by renting a service you make money by renting out the service so the question is still why hit wurm.

      • JamesTheNumberless says:

        These attacks can also be part of a protection racket. Pay up or they take your servers offline when it will hurt you most. Crime never changes.

        • Rovac says:

          so basically the online version of gangster

        • Hahaha says:

          Which would mean no reason to offer a “bounty” at least with so little info if they have communications with the ddoser with which more info could be gleamed.

  4. Maxheadroom says:

    On the plus side it’s a bit of free (or maybe no so free) advertising for them. I honestly didn’t think this was still running.

    Every cloud n’all

    • Rovac says:

      maybe, but it’s no good if you can’t play it

    • The Random One says:

      Is this the one that had a lot of player freedom and they could build settlements and stuff? Or was that Forge?

    • Syphus says:

      For what its worth, it really kinda is. I saw this news on the BBC, I doubt they’ve ever even said “Wurm Online” before.

  5. Bodge says:

    As a heads up, the RPS village Willow Cove on release is still around. At the moment there is only a couple of us but if you fancy joining us give Bodgemonkey a ping ingame. We currently have some very active neighbours and a very friendly alliance.

  6. Mortomes says:

    The servers have gone back up in the past hour or so. Hurray.

  7. NathanMates says:

    I’m still patching — in my spare time, on my own dime — a PC game (Battlezone II), originally released in 1999. Game servers aren’t centralized, but hosted by whomever pushes the “create game” button. Sessions have been occasionally suffering from DDOS attacks from a vocal minority of players who disagree with other game’s choices of mode (PvE is attacked, not PvP) or even map/mod — anything not running their favorite mod is sometimes attacked. Most of the remaining players for that PvP mode *WILLINGLY* play with those griefing players, and defend doing that to others. When pressed, they defend playing with griefers because they fear their games will be similarly destroyed if they tell the griefers to go away — they’re more concerned about their games in the short term than long-term community survival.

    Somewhat tellingly, players playing PvE have pretty much never deliberately griefed other games, other than occasionally joining a PvP and being a n00b and hurting whatever team they’re on by the additional deaths. The PvPers call that griefing, as if it’s remotely comparable to DDOS attacks.