Artix here with an update on our network situation. You may have had some trouble logging into the game, or being kicked off it recently. These were due to distributed denial of service attacks (DDoS). I would like to thank you for your patience as we have been dealing with this. In this post, is to transparently let you know what has been going on, so you are well informed.
Great question! A DDos (Denial of Service Attack) is when one or more computers are used to flood another server with the intent of making it unreachable by anyone else. It is like trying to pour an entire beach into a sandbox. These attacks are, of course, illegal. Simply being involved can lead to legal consequences (including fines or jail time).
Here are some links which can explain more about this:
Good question. To stop you from playing? To interfere with your fun? For sport? Every video-game studio that runs an online game deals with this exact same problem. From Sony’s Playstation network to <insert any online video-game RPG or MMO you’ve heard of here.>
You know, 10 years or so ago, when we got our first denial of service attacks on our 1st MMORPG, AdventureQuest Worlds, we were (unsurprisingly) frustrated and angry. You might be feeling this way now. We do not. Not any more at least. It is just... sort-of a way of life now. Just like a bully calling you a name on the playground, it kind of loses its effect after 10 years. When a problem or attack happens, our team hops to action and finds the best way to adapt to the threat, protect the servers, and then implement the solution.
Great question. How do you stop DDoS attacks? Well, you can't. It is going to happen. It is how you deal with it that matters. Sure, we use defensive services like Cloudflare, IBM’s cloud protection, in combination with server-level firewalls, rate limiters, and increasingly advanced things that, frankly, are above my understanding. And sure seem to be working. We have had over 1,500+ DDOS attacks since January 1st. These attacks have ranged in size from flea bites to 100+Gbps (The sort of attacks they used to use against banks). In fact, we take a bit of pride in that particular one because our actual game server was only down for about 1 second. I am really proud of the team, that we have had as much up-time as we have had. I remember a comment someone made that we must be joking or making up the DDoS attacks after they read that design notes post from a while ago. We handle a lot of things behind the scenes so you can just focus on enjoying the games. Like the MiB, most of the time no one would ever notice.
The last two weeks have been particularly bad because the legal action we took against one of the people involved in one of the previous attacks has come to a head. After they rolled over and gave us evidence on a lot of other people involved (likely including ones involved in recent events), it seems like the attacks just magically came out of the woodwork. I am not sure if they thought this would somehow derail our slow moving legal Tonberry which is lurching their way... but in an un-obvious way, they helped solidify it. (And they should know that paying someone else to do their dirty work will not help them either.)
As a gamer, I have read countless other studios tip-toe around their experiencing network connectivity errors and login “slowness.” And I figured you would prefer if I was just blunt - that you would want to know the actual truth.
The other day in chat, a player asked why we do not retaliate, and "DDoS them back!". Um... NO. For starters, it would not do anything. More importantly, just in case you missed that opening paragraph, it is illegal. Don't ever consider doing it or anything else illegal. This is why they have services like the Cybercrimes division of the FBI (which ironically and completely unrelated to this, I am speaking at a FBI CREST event held by the Pasco Economic Development Council next month). Rest assured that everything we do to to protect you and our games is legally above board. Secondly, the attacks we deal with are not the simple mosquito-size attacks that knock Twitch streamers offline. The ones regularly used against us are comprised of a horde of infected zombie machines. And most of the time, the machines attacking do not even realize they are being used to attack.
Glad you asked! Just like we have bounties for serious exploits in our game, we are now offering a reward for anybody who can provide additional evidence to help us. Introducing the DDOS & Attack Tip Bounty. Depending on the value of the information in identifying attackers, we will (and have) rewarded cash, in-game currency, or other compensation. If you have information on the people actively doing attacks on us, please submit a tip. This could be screenshots, links to Discord servers, WhatsApp channels, or useful tips. If you did not know, Discord and WhatsApp are required to keep deleted messages, deleted channels, and connection info so that the authorities can subpoena the information if needed. So submitting old or no longer working links are fine. Woah, isn't this getting a little serious? Well, yeah. What the attackers are doing to you and the servers is illegal, and this is what they escalated it to. If you have information, you can send the tip anonymously or preferably with your contact information.
If you would like to help us, you can submit any information to the DDOS & Attack Tip Bounty form.
Thank you again for your understanding on the temporary outages. I wish I could say that they are over, but they will probably get worse in the immediate short term. I will keep you updated. Our team has, and will, continue to work hard and do everything in our power to keep the games online and free for you to play. And before we get back to our regularly scheduled new release update posts, I would like to leave you with this quote, “What does not kill us only makes... our lawyers richer.” O_o (For the record, that is not actually a good thing for anyone.)
Official Twitter of AQ3D
Pun-slinging Paladin
Undead Legion Ruler
Scribble Scribe
Dawnforger
