It’s roughly 19 hours now since War Worlds was hit with a Denial of Service attack exploiting the game’s chat function. The community policing aspect of the chat, along with the developer’s lack of interest in dealing with alternate accounts, and reliance on google ID’s to identify players, all came together making an easy attack possible. It’s so easy, I could do it. And I’ll lay out what I think happened.
Presumably what the attacker did was acquire a variety of devices – most likely just using his phone, his tablet, PC’s running emulators, etc. Perhaps a group of people did this, increasing the device pool. Next, you get each one logged in with an alt account, and select target players in the game. And start banning them, resulting in what was shown in the previous post.
That answers the first question, how. Next question is who did it. It seems the culprit even went ahead and admitted it in his frustration; you see, it was Yggdrasil who apparently was hit with a chat ban of many thousands of hours the day before.
The chat ban allows you to type whatever you want in the chat boxes – it’s just not transmitted from your device to the rest of the game world. But he found out he could make a request for withdrawl and at least type something other people could see.
This admission, plus the nordic nature of the various sock puppets who have appeared and chatted once the vocal players got banned, pretty much makes it look like it was him.
What does the dev Dean need to do about it is the next question. I think his punchlist is as follows :
- A different chat ban system should be implemented. You can’t have a system where free accounts can be created at will, and expect the community to do even rudimentary policing successfully.
- Perhaps as an immediate stopgap, change the nature of the increases in the ban. Currently each stage gets doubled. You start with 2 hours; next level is 4 hours, and so on until ridiculous numbers are reach like 300 years. Perhaps better would be 2, 4, 8 – and then after that, an additional 2 hours for successful reports. I’m guessing this is easier for him to rush in than a new system.
- It may be possible for a single account to increase a player’s ban from 2 hours to 4000 and higher. That needs to be fixed if the current system remains in any form.
- IP ban and delete the accounts of those who perpetrated this attack. This was done once before for another griefer.
So far, it’s radio silence from the dev, who is probably trying to find time to deal with this or in the process as I type. I think he tries, but he doesn’t do a good job of communicating. I can forgive him – he’s one guy building a PvP MMO for Android, he’s picked a huge task and is doing remarkably well.
And if nothing else, game play goes on. I have passed the 4 million person mark in my empire and am #9 on the rankings list. Now I’m with the actually active players, so I doubt I’m moving a lot in rankings. I am trying to pass the guy above me, but I will certainly be passed by the guy below me, so I am probably landing at #10 in a few days, and staying for awhile.
I suspect I can expand until I hit 10 million before encountering another actual player, not one who abandoned the game. I am currently done with everything except southward expansion on a broad front, to move me closer to one of the abandoned empires.