Warlords, garrison and DDoS

The new WoW expansion is out and…. it’s been messy…

But before going into the server stability and DDoS attack I want to hit on the positives. First of all, Garrisons which have been my main focus so far. To be honest, this was a feature I thought I wouldn’t care about but I’m finding I’m spending a crazy amount of time there, directing my minions and managing my base. This feature is tapping deep into my Starcraft player instincts and I love it.

Even better is the ressource gathering features like the mine which allow someone like me who often has to play short sessions to gather a good amount of materials without having to farm for a long period. I can still farm on top of it of course but for those short sessions, it’s perfect. Just this morning I was able to get about 60 minerals and place in work orders for 60 more under 10 minutes or so. Love it.

Another thing, the music is pretty awesome. I want the soundtrack now.

The DDoS…

So let’s talk about the bad now and why I was trapped in my garrison for the better part of the evening yesterday. To make a long story short, Blizzard was hit by a Distributed Denial of Service attack, a DDoS for us IT nerds. Summed up, a DoS is an effort to crash a service, usualy by flooding the servers with requests. A DDoS is the same but from multiple sources working together, usualy through a mixtures of bots and multiple users. There’s a ton of ways this can be achieved from a technical standpoint but the general idea is to flood so things crash.

These things are evil. I have been on the receiving end of a massive one on one of the projects I was working on and they are a pure nightmare. Having bots try to break down your door every so often is nothing, but a concerted attack from malicious users is a whole other game and it makes me angry to read some of the comments today of people claiming Blizz should have been prepared for this.

You cannot be prepared, it’s impossible. To do a real world analogy, a regular hacking attack is like a thief trying the front door to see if you left it unlocked. If you locked the door chances are he’ll just go try next door. Worst case he really wants to get in and then your alarm system takes over.  Police is called and most of the time the damage is very limited. If you forgot to install a security system or lock the door then yeah… it can do damage.

A DDoS more akin to North Korea driving up to your house with tanks, artillery and a few millions soldiers. No amount of door locking will save you and unless you have your own army to back you up it’s going to hurt. Even if you have an army, there’s still a good chance you’re going to come out bloodied. You do the best you can until the cavalry show up and then you can start rebuilding.

And when I say rebuilding I mean it. When it happened to us, we had to spend weeks afterwards restoring databases, cleaning up servers from malicious software left behind, then restore data again, shore up critical issues made evident by the attacks. Later on you have to invest into rethinking your security, deploy new solutions, etc… It sucks and it costs lost of money. When it happened to us, I spent two weeks pratically living in the office.

So, as much as I’m critical of game bugs and poor design, this is one case where I’ll defend Blizzard. There is no way to have a system a 100% immune to DDoS. It’s just impossible. You can make it more resilient but immune… not possible. So, please, do send cookies and cofee to Blizzard cause they need it right now.