Combatting recent lag and instability on .COM
Habbo dev Macklebee goes into detail about the recent instability and lag on .COM, why it's happening and what we're doing about...
Habbo dev Macklebee goes into detail about the recent instability and lag on .COM, why it's happening and what we're doing about...
Combatting recent lag and instability on .COMHabbos,
I want to talk a little bit about the disruption you’ve been experiencing within Habbo over the last few weeks, share with you some of the information we’ve gathered so far, and talk about what we’re doing to mitigate, and restore service to the game. I wanted to do this in more technical detail than we’ve done in the past, you deserve it.
Phrases like DDoS are thrown around fairly lightly within the gaming world, but I want to talk a little about what it actually means to be DDoS’d. Every day, Habbo, like all sites across the internet receives traffic from you, our users. This traffic generates data transfer, and tends to be measured in either Mb/s (megabits per second) or Gb/s (gigabits per second) depending on how many users you provide a service for.
A DDoS occurs when a bad actor (or actors) purposefully generates a sustained, and massively increased amount of traffic towards a destination from multiple (sometimes thousands) of sources, in our case, the Habbo game servers. In many cases, the bad actor(s) will pay someone to perform the attack on their behalf, anywhere from a couple of hundred dollars to tens of thousands of dollars. This is not unusual for Habbo, we’ve dealt with these types of attacks since the day we opened the doors, but the last few weeks have been challenging for us.
We work with a number of partners to mitigate and protect the Habbo service from these attacks, but we wanted to share scale with you, over the last year we’ve detected and mitigated hundreds of attacks against Habbo.
In addition to the sheer number of attacks, the traffic generated by these attacks has been huge, in 2021 Netflix released a paper, detailing how they serve video at a transfer rate of over 400 Gb/s. In 2023 they updated their paper, and talk about how they’re serving 800Gb/s, it’s an awesome read.
We are not Netflix - but we share these numbers with you to try to illustrate scale, over the last 2 weeks we’ve seen traffic that has generated transfer rates of almost 600Gb/s, and these have caused severe impact to the Habbo service you all enjoy every day. According to a report by Cloudflare, a leading DDoS mitigation service, 90% of all attacks are below 10Gb/s, less than 3% of DDoS attacks reach rates of over 100Gb/s - the attacks we’re facing fall squarely in that 3% bucket.
We are actively working with our infrastructure partners and DDoS mitigation teams, and reviewing what we can do with the services we have built and operate to ensure we’re more resilient to these types of attacks. Performing a DDoS is a cybercrime, and falls under the Computer Misuse act, being a Finnish company, attacks of this nature are reported to both the Finnish police, and CERT-FI. When we have meaningful evidence that attacks are being carried out by, or on behalf of malicious Habbo users, we report that behaviour to the user's local police department too.
We’ll give another update soon, but wanted to share with you what we could right now, so that you know we are indeed working to mitigate these attacks and restore service.