So, it's someone who is familiar with Glass hosting/knows how it works, has general knowledge of how servers work.
As the person who runs Glass Hosting...
This is not a Glass Hosting issue. It's not even a Blockland issue, really. A DDoS attack can impact literally any device on the internet by sending more traffic than it can handle, which means that legitimate traffic can't get through.
Imagine if you hated Domino's pizza, so you got 1000 of your best friends to call and place fake orders at the same exact second. They'd either try to make 1000 pizzas (which would really ruin their day and slow down the people who actually wanted pizza) or they'd just shut down because they realize something is going on. And, because you yourself never called, they wouldn't be able to tell who has this vendetta against Domino's. They couldn't block the phone numbers of the callers because there's 1000 of them, they're constantly calling from a different number.
Replace "pizza" with connections.
These series of attacks are indeed focused on Blockland servers, as they are
somewhat customized to bog down the Blockland server specifically, but at the end of the day it's still just a DDoS whether or not it's directly attacking Blockland or not.
Some more information that I found while doing my investigation yesterday. I was playing Caxos' Military RP and it got really popular. He said that it was hosted on BLG, and he got this message when it started to happen:
Now, I am not familiar with BLG hosting, so this may even be a normal message that everyone gets, I am not sure.
After this he said he was being pinged by various IP addresses, the server was lagging horribly, but it never actually crashed completely. He even said that his internet was down for a solid minute. This might be normal considering his server was BLG dedicated, and that could explain why it didn't go down completely. We were still able to talk to each other and while everyone else on the server lagged out, Caxos and I were still connected.
Maybe they are getting the IP's from Glass hosting, through an exploit?
Also, I forgot to mention that the attacks only lasted for a definite amount of time before they stopped completely, this was evident when I did my investigation yesterday and while the notes say it lasted for almost 12 minutes, they were functioning normally again after 10. Also, Caxos said that his internet went down for a solid minute. Could be the program they are using?
That message means the network is overloaded to the point that it couldn't connect to the Blockland Glass API. This is the Glass add-on (not the hosting service) delivering this message. Play on your client and unplug your ethernet, you'll see similar messages.
It's really up to how long the attack persists and how many resources are available on how the server reacts. Some high-intensity servers have less margin and will crash. Some simpler ones will just lag out until the attack subsides.
IP addresses are in no way private, and they shouldn't be. It's like your sending a letter, each has to have a destination and a return address, and all the people who see the letter between the origin and destination are free to read those, and actually need to so that they can route your mail properly. To have your server listed on the master server, and have it join-able, it must be publicized. Take a look at the
raw master server. This happening to ALL popular servers, not just those hosted by Glass Hosting. Correlation is not causation, if you have a big popular server, you're probably going to move it to a hosting service. We happen to host a lot of the top servers, so we're getting hit the most.
The attacks seem to either happen in 5/10/15 minute blocks or until the server stops being listed on the master server (which would probably happen in a similar timeframe of not being able to post). This is either a script that they're running or the DDoS service they're renting out sells time in 5 minute blocks.
I'm not sure what I've posted in which topic since we essentially have duplicates now, but it seems like the attack is focused on popular servers only. It's likely the most popular server at any time getting targeted.
I've seen a mix of attack types from Glass Hosting. Some send a bunch of invalid ping requests. My hosting provider on the DDoS resistant server noted a ICMP attack of 53Mbits in less than a second before it was quickly mitigated. Other attacks send a series of fake UDP connection requests, which
could be somewhat mitigated in-engine by making sure these attacks are as least taxing as possible, but it appears that the connection is never established, just merely requested.
I'm speeding through setting up DDoS resistant servers from Glass Hosting, but they're cost prohibitive. It's really a pissing contest of who can spend more on their tech: the attacker or the target.