Using DDOS on servers you're jealous of

[rbb138]

PWFrance/pweurope/xtremejade etc going around DDOS-ing people because they are too lazy/dumb/stupid to simply make a good server themselves or actually learn any game development at all.

My news post on it:
The ddos attack started at Feb 11 16:13:37 on various ports from various source addresses.
Whilst looking through to find these source addresses I stumbled on a number of syn floods 30 mins before the DDOS started (these are common of an nmap port-scan test that is performed to find the open ports in a network to DDOS it), the log was as follows:

Feb 11 15:44:03 NewServer kernel: IN=eth0 OUT= MAC=00:25:90:54:e1:3c:10:8c:cf:28:39:80:08:00 SRC=94.23.244.73 DST=10.0.0.2 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=39448 PROTO=TCP SPT=59101 DPT=29000 WINDOW=14600 RES=0x00 SYN URGP=0
Feb 11 15:44:03 NewServer kernel: IN=eth0 OUT= MAC=00:25:90:54:e1:3c:10:8c:cf:28:39:80:08:00 SRC=94.23.244.73 DST=10.0.0.2 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=39455 PROTO=TCP SPT=59102 DPT=29000 WINDOW=14600 RES=0x00 SYN URGP=0
Feb 11 15:44:03 NewServer kernel: IN=eth0 OUT= MAC=00:25:90:54:e1:3c:10:8c:cf:28:39:80:08:00 SRC=94.23.244.73 DST=10.0.0.2 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=39460 PROTO=TCP SPT=59103 DPT=29000 WINDOW=14600 RES=0x00 SYN URGP=0
Feb 11 15:44:03 NewServer kernel: IN=eth0 OUT= MAC=00:25:90:54:e1:3c:10:8c:cf:28:39:80:08:00 SRC=94.23.244.73 DST=10.0.0.2 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=39466 PROTO=TCP SPT=59104 DPT=29000 WINDOW=14600 RES=0x00 SYN URGP=0
Feb 11 15:44:03 NewServer kernel: IN=eth0 OUT= MAC=00:25:90:54:e1:3c:10:8c:cf:28:39:80:08:00 SRC=94.23.244.73 DST=10.0.0.2 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=39472 PROTO=TCP SPT=59105 DPT=29000 WINDOW=14600 RES=0x00 SYN URGP=0
Feb 11 15:44:03 NewServer kernel: IN=eth0 OUT= MAC=00:25:90:54:e1:3c:10:8c:cf:28:39:80:08:00 SRC=94.23.244.73 DST=10.0.0.2 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=39478 PROTO=TCP SPT=59106 DPT=29000 WINDOW=14600 RES=0x00 SYN URGP=0
Feb 11 15:44:03 NewServer kernel: IN=eth0 OUT= MAC=00:25:90:54:e1:3c:10:8c:cf:28:39:80:08:00 SRC=94.23.244.73 DST=10.0.0.2 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=39484 PROTO=TCP SPT=59107 DPT=29000 WINDOW=14600 RES=0x00 SYN URGP=0
Feb 11 15:44:03 NewServer kernel: IN=eth0 OUT= MAC=00:25:90:54:e1:3c:10:8c:cf:28:39:80:08:00 SRC=94.23.244.73 DST=10.0.0.2 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=39490 PROTO=TCP SPT=59108 DPT=29000 WINDOW=14600 RES=0x00 SYN URGP=0

The IP 94.23.244.73 resolves to the domain test.pwfrance.com (you can verify it yourself by typing "ping test.pwfrance.com" into the command prompt), and as such we are 100% sure they are the source of this attack.

Edit:
In response to a claim by pweurope that they are nothing to do with pwfrance or the DDOS attacks I would like to clarify: PwFrance owns and operates the gameservers for PwEurope, Xtremejade and many others but does not manage the website, staff or community. They provide pweurope with up to date serverfiles in return for 40% of their donations in an attempt to gain a monopoly on PW, this is why we refer to them all as one entity.
We know this because in the past they offered some of us the same deal.

Compare this and this, also this.

[MentaL]

[nofxpunkerbrian]

I announced the release of 1.4.6 coming soon then boom less than 6 hours later my hyperfilter was insanely attacked to then them finding the actual IP of my server and have now had us down for over 24 hours now. Fun times, I believe Epic is under attack too =/

[hrace009]

Code:

C:\Users\xxx>ping test.pwfrance.com

Pinging test.pwfrance.com [94.23.244.73] with 32 bytes of data:
Reply from 94.23.244.73: bytes=32 time=425ms TTL=49
Reply from 94.23.244.73: bytes=32 time=389ms TTL=49
Reply from 94.23.244.73: bytes=32 time=393ms TTL=49

Ping statistics for 94.23.244.73:
    Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
    Minimum = 389ms, Maximum = 425ms, Average = 402ms

[GiantAxe]

I announced the release of 1.4.6 coming soon then boom less than 6 hours later my hyperfilter was insanely attacked to then them finding the actual IP of my server and have now had us down for over 24 hours now. Fun times, I believe Epic is under attack too =/

ouch, seems you are doing worse then we did. Well good luck with blocking him out of your firewall

Funny thing is, even with the massive lag we had for nearly 18 hours, players kept playing. So it wasnt even working either.

[rbb138]

It seems they are using 1 network of machines to ddos many servers at once and grading the size of the attack on the size of the server.
The attacks rotate between groups of servers, disconnecting everybody with a flood every 2 mins. This means they can attack lots of servers with only ~50 hosts.

Because if you can't be as good as all the other servers then you should attack them, right?
I wonder if they players know what they are doing...

[343]

All I can do is sit in my chair and nod ... ... ...

(at the immaturity of PWFrance/pweurope/xtremejade)

They should most certainly be turned over to the authorities ... ... ...

[nofxpunkerbrian]

ouch, seems you are doing worse then we did. Well good luck with blocking him out of your firewall

Funny thing is, even with the massive lag we had for nearly 18 hours, players kept playing. So it wasnt even working either.

It's more than just them attacking me, it's perfect timing for all the children.

It appears people have been asking around to try and eliminate Vendetta as competition, I've been added by around 5-10 different people who have been saying they are planning to attack my games unless I pay them money.... Quite harsh tbh considering I keep myself to myself these days, it's quite sad that competition (some being you guys) still have some ego feeding problem against servers like mine. I understand jealousy and envy but what I don't understand is lazyness. I think people need to grow up and start working for their money if they earn any and quit trying to be something they're not if they can't keep up.

Word of warning to whoever is paying these people, I will find you and I will retaliate if my work goes down the drain.

[rbb138]

In response to a claim by pweurope that they are nothing to do with pwfrance or the DDOS attacks I would like to clarify: PwFrance owns and operates the gameservers for PwEurope, Xtremejade, Elite kingdoms and many others but does not manage the website, staff or community. They provide pweurope with up to date serverfiles in return for 40% of their donations in an attempt to gain a monopoly on PW, this is why we refer to them all as one entity.
We know this because in the past they offered some of us the same deal.

Compare this and this, also this.

[Knowledge]

See you in court tony...

Please tell me this is a joke.

I think people need to grow up and start working for their money if they earn any and quit trying to be something they're not if they can't keep up.

Says someone cashing out on someone else's product.

I'm just surprised that Dragon Network, now Cyberius Network, wasn't immediately labeled as a suspect. Whoever it is, good luck. I'd hate to see someone get in the way of you guys making a profit on stolen property.

[343]

Aside from turning them into the authorities (which I am hoping any/all of their victims have already done), karma is a motherfucker. One day karma will turn around and bite these motherfuckers right in the ass!

[rbb138]

Most of the information I gathered (50 hosts) has been submitted to interpol already. Them trying to do different attacks to get around my traffic filtering made them accidently send 60 seconds of packets with the correct source IPs, along with an ICMP ping from the master node to see if our machine is down or not.
Their OVH server was also reported directly (we use them also).

So no, im not joking. Working to verify and report more of their hosts also as its likely some are hacked machines that the owners are unaware of.

Its pretty pathetic that they do something like this, as it only affects the players gaming at the end of the day (we're not all in it for the money). All so they can have their little monopoly and get rid of rival servers..
I wonder if they have ever considered that if they got rid of us all then there would be nobody to steal custom updates from?

[nofxpunkerbrian]

Please tell me this is a joke.



Says someone cashing out on someone else's product.

I'm just surprised that Dragon Network, now Cyberius Network, wasn't immediately labeled as a suspect. Whoever it is, good luck. I'd hate to see someone get in the way of you guys making a profit on stolen property.

Your only stating this opinion because you weren't quick enough, smart enough or even have the balls to do such activity so go hide behind your fake name and your PC mr Ballzy we don't need your opinion around here mc'hater.

Most of the information I gathered (50 hosts) has been submitted to interpol already. Them trying to do different attacks to get around my traffic filtering made them accidently send 60 seconds of packets with the correct source IPs, along with an ICMP ping from the master node to see if our machine is down or not.
Their OVH server was also reported directly (we use them also).

So no, im not joking. Working to verify and report more of their hosts also as its likely some are hacked machines that the owners are unaware of.

Its pretty pathetic that they do something like this, as it only affects the players gaming at the end of the day (we're not all in it for the money). All so they can have their little monopoly and get rid of rival servers..
I wonder if they have ever considered that if they got rid of us all then there would be nobody to steal custom updates from?

My 1.3.6 server was attacked by some guy named Don demanding money, his attack size is in the 16m Packets and it's actually caused my machine to fuck up, OVH have refused to service this machine as it has done some hardware faults (HDD) and they've removed it and are going to remove the 1.4.6 machine soon, luckily they put it in rescue mode first so I have been able to get the 1.4.6 files from the server I am moving to a new host so anyone out there using OVH I'd think twice continuing to do so.

[Knowledge]

Your only stating this opinion because you weren't quick enough, smart enough or even have the balls to do such activity so go hide behind your fake name and your PC mr Ballzy we don't need your opinion around here mc'hater.

I lol'd.

[athame]

i lol'd on everything is here private servers are illegal any whey if you own a private server and you suede a dude that tried to hack your servers is like you dig your own hole stop playing with this stuffs kids.

[nofxpunkerbrian]

Double standard thats all I am saying :)

You guys just sit and snoop around these forums hoping for someone to leak something then call yourselves tall <3