Although our attacker was not successful in actually bringing down our servers or causing an interruption of service, he did succeed in scaring off our host who shut down our VPS without warning and didn’t respond to my emails/phone calls for about 36 hours. Our host had advertised protection against that type of thing, but they neglected to mention that it’s much more cost-effective for them to just terminate a client’s contract in the event of a sustained attack. Fun times!
The crazy thing is that our attacker isn’t even particularly sophisticated: the attacks have been small and have always originated from a single IP. We’re dealing with a script kiddie who googled the term “DDoS”, and it’s baffling to me how even the most highly recommended VPS hosts aren’t equipped to deal with that sort of thing. Therefore, we’re done with Virtual Private Servers and graduating to a true Dedicated Server with a host who specializes in DDoS protection. Triple the cost, but well worth the increased reliability and peace of mind moving forward.
Anyway, I apologize for the downtime. If I had understood the flawed nature of all VPS hosts then I would have just switched over to a dedicated server a couple weeks ago during the first round of attacks. This is just one of those growing pain things that I’m thankful happened now rather than down the road when we’ve got a ton of servers to worry about. I’m sure that this won’t be our last encounter with these sorts of attacks, but we’re much better equipped to handle them now.
I really appreciate everyone in the community being so understanding and supportive in regards to this situation. Any amount of downtime for an online game like this is really frustrating, and I’m very thankful to have a community of players who dealt with it so well.