Load testing Redstoner for free
There's a (somewhat) popular YouTube streamer who (ab)uses his large number of stream viewers to raid servers, hoping to crash the servers due to the sudden bulk of players joining.
User @Ghost_Rock_ (now banned) suggested to crash redstoner.com:
The streamer accepted it and on 01:45 (CEST) went to our server, shortly after followed by hundreds of his viewers.
Here's a graph that shows the amount of players joining and leaving (mostly kicks) per 10 seconds:
The streamer claimed there were more than 1000 players online which was not quite true. During that time span we had 454 new users and 1528 logins by 472 distinct users, meaning a maximum of 472 (+ previously logged in users) were online at any given time.
When all the players joined, we didn't immediately know what's happening. We had previously seen this many players joining from someone botting us with large amounts of alt accounts, but all from the same IP address. We saw some 600 concurrent connections, all coming from different IP addresses but no unusual amount of traffic coming from any IP, indicating they were probably 'real' players rather than bots trying to DDoS the server.
Chat was completely filled with dozens of welcome messages per second, combined with all sorts of repeated cursing. We noticed they were saying things like "FitMC invasion" shortly after and figured where they're coming from. After few minutes Doomblah kicked all players, which didn't help all that much as they all just rejoined shortly after (this is the second, smaller spike in the graph)
Redempt came in to help and after a couple minutes disabled chat in the Spawn world (they were all just jumping around and spamming there) just before Doomblah turned on the whitelist (01:56:17, when player joins drop to zero). Eventually the streamer got disconnected, thinking the server crashed but it didn't. You can actually see the server online in the streamer's server list after he disconnected. He then moved on to another server.
- The whole thing barely lasted 15 minutes
- The server did not crash
- Obviously network, CPU, and RAM usage were higher than usual but it was nowhere near the limits on our quite powerful machine.
This pretty much matches the definition of a DDoS attack:
It is analogous to a group of people crowding the entry door or gate to a
shop or businessMC server, and not letting legitimate parties enter into the shop or businessMC server, disrupting normal operations
This kind of 'attack' is similar to 4chan's Habbo raids, except they weren't able to close the pool ;)
Below is the recorded live stream of the event in case you want to see what happened. I don't recommend watching the whole video as it's just the same thing all the time and the streamer repeating "fock yea its gunne cresh".
I'd like to thank @Doomblah and @Redempt for handling the situation very well.
PS: "It would make my weeg" is now a