DDOS/Security

[starrbuck 1]

There has been a lot of DDOS and other issues with the servers recently.  As an IT Security Manager IRL, I have a few suggestions:

-Ban all TOR exit node IP addresses.  A list of all TOR exit nodes can be found here: https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1 

-Remove known VPN services IP addresses.  Not only are these addresses sources for DDOS or botnet activity, but they are also likely used by gold sellers/account farmers/honor farmers to hide account sharing.  There are many ways to detect VPN activity, many of them too technical to go into here.

-Implement an open-source DDOS protection service (https://www.globalsign.com/en/blog/how-to-prevent-a-ddos-attack-on-a-cloud-server/)

-Ban IP's from known blacklists.  There are several services that will let you connect through their API to automatically check against dozens of IP blacklists.  I am not familiar with WoW's scripting or database model (I am not a DBA), but there is probably a way to implement this.

While all of these suggestions involve additional time, talent or treasure (or all three), I believe the business case makes itself: keeping the servers running and the players playing the game.  If the devs have any questions, feel free to PM me and Ill send you contact info.

[qbradq 0]

The team has stated on numerous occasions that they will not be blocking VPN services as this is the only way the legitimate players from China are able to access this service. If you look at the staff it's pretty easy to understand why this is important to them. The other suggestions are great! Thank you very much.

[qbradq 0]

After thinking about the blocklist / blacklist idea I don't think this would help against DDoS attacks. Most DDoS's use SYN floods or other lower-level network attacks. Implementing an IP blocklist within the game server would do very little to stop this. However a hardware firewall to reject traffic from known dubious origins might help, although I'm pretty sure that is already included in OVH's DDoS protection package.