What's all this about a DDoS?
First off an explanation... Playerscripts hasn't been on vacation or partying in the office. We've been under attack, a DDoS attack. DDoS stands for Distributed Denial of Service. Denial of Service attacks are just what they sound like. They are attacks on the web server to deny access to the service. In our case the Playerscripts.com web services we provide: forum, chat, wiki, downloads, etc. We've been under attack for a while now, and that's why Playerscripts.com is offline and Playerscripts.co.uk has taken it's place.
One of the types of attacks we are experiencing is called a SYN flood attack. Hold onto your hats, I'm going to get a bit techy here...
Three-way-handshake
First, let me define a couple abbreviations.
SYN = synchronize
ACK = acknowledgement
When your web browser wants to connect to a web server, it'll send what's called a SYN packet. Once received, the web server allocates resources to get ready for this connection. Next, the server sends back what's called a SYN/ACK packet. Then a final ACK packet is returned to the server from the client. What that does is verify the communication path between these two endpoints, the user's browser and the web server, and sort of establishes the communication. It's referred to as the "three-way-handshake" (SYN - SYN/ACK - ACK). And after the handshake is complete the two hosts can pass data.
The Attack
Okay, now with that understanding here's where the attack comes in. An attacker sends a SYN packet, the server allocates resources, sends the SYN/ACK... and then nothing. So the server is still waiting for the ACK. The attacker sends another SYN, and another, and another, you get the picture. The server keeps allocating resources in anticipation of the ACKs that never come until it runs out of resources and is unable to respond at all. That's a basic Denial of Service attack.
Distributed
Now the "Distributed" comes in when the attacker has an army of computers that it uses to simultaneously flood the server with SYNs. Distributing the attack over multiple IP addresses and various networks makes it really difficult to stop. Very difficult. There are measures that you can put in place to mitigate and lessen the effect, but those cost time and money.
How does one create an army of bots to launch such a distributed attack? That's really out of the scope of what I wanted to write about, but mainly these "bots" are computers infected with viruses. The kind of viruses you might get from filling out surveys from shady or disreputable sources which install malware on your computer. So be safe out there on the internet.
So what now?
The good news is that this wasn't a security breach, no personal data on the server was compromised. It was, and continues to be, a huge disruption in service. Usually the course of action is to wait it out until the attacker makes a demand in exchange for calling off the attack, or gets bored with you and moves onto someone else. But at this time no one has claimed responsibility for the attacks or to have "pwned" us. So we really are in the dark as to why we're getting DDoS'd.
When the attacks didn't stop right away and then began to vary in type and frequency and duration we decided to move everything over to Playerscripts.co.uk so we'd be back online. It took a lot of time and effort to get this far, and continues to take our time. Time that we'd rather spend elsewhere... because frankly... we've got better things to do.
Money $
It has also cost us a lot of money to bring a new server online and add additional security in order to help mitigate and log the attacks should they follow us here to our .co.uk domain. That's nearly wiped out all the donations we had.
One thing is for sure, we can't continue to keep doing what we've always done. Something's got to change.
Cheers,
Cam
