This page seeks to answer some questions I keep seeing about the recent DDoS attacks on Mario Kart Wii.
Starting 3rd September 2021, a series of DDoS (Distributed Denial of Service) attacks were carried out on several key Mario Kart Wii community websites (wiimmfi.de, chadsoft.co.uk, mkwrs.com, mariokartboards.com, mkwii.com, wiki.tockdom.de). The attack was carried out by an unknown community member who claims to be unhappy about being banned from Wiimmfi. They used a paid DDoS service online. DDoS attacks of this kind are illegal, but the nature of such attacks makes it hard to track down the individual responsible. The owners of each of the websites have worked to introduce mitigations to their servers to get them running smoothly again.
A server is a computer on the Internet that provides a service to other people. Any website or online thing you use will be run by a server. To use that service, your computer (or Wii) contacts the server using the Internet.
For the DDoS, imagine the server (e.g. Wiimmfi) like a bank. A DDoS is like hiring a bunch of people to stand inside the bank's lobby doing nothing. If enough people do that at the same time, no one would be able to get into the bank as it would be full, so the bank wouldn't be able to do its job and serve legitimate customers. This is very similar to what happens to our servers, they get so overwhelmed with the DDoS computers that they can't talk to legitimate players trying to use the server normally. Consequently the server "stops working" for ordinary users since it's so busy dealing with all the fake ones.
It is absolutely safe. Like in the bank example above, no actual breach of the security of these servers has occurred. The vaults of the bank are still safe, the customer details are still safe. It's not actually a "hack" or security breach of those sites, it's just an annoying attack. No threat at all exists to users of the sites, but the sites may sometimes get overwhelmed and go down for those users.
All of the sites involved are working hard to mitigate the problem. We can't stop the attackers from sending the DDoS so we need to change our services in such a way that they still work despite the DDoS. There is no magic button for this, it takes time and effort (and sometimes money) on the part of the service owners to get their service working again.
We can't be sure of anything, but someone claiming to be the attacker (with enough proof to make us believe it) claims they're doing it because they are banned from Wiimmfi.
We have no idea, that's up to the attacker. Presumably at some point their patience or their wallet will run out.
We have no idea, that's up to the attacker.
We don't have any proof who the attacker is. Don't blame anyone without actual evidence, people are just guessing. If you have evidence, please feel free to let us know.
That's not actually how the Internet works, that only works in movies.
It has been reported, but realistically there is nothing they can do.
The more accurate way to think of it is that one person has hired a bunch of thugs to do this. The attacker isn't any kind of mastermind, they've paid for some criminals to attack us on their behalf. Consequently, we're being attacked by a large botnet rather than "just one person". Our services deal with problems all the time, they are designed to withstand simple DoS attacks, but this attack is special because it's being conducted by a large organised group on behalf of the attacker. In 11 years of running Mario Kart Wii servers, I've never seen an attack of this scale, so it's hard to predict what will go wrong until it happens.
The attacker did claim their attack was free, but we doubt this. Several people have tried to get the same criminal group to attack others for free as a test, and all of them found that the scale of the attacks was tiny compared to the attacks we're seeing. Their conclusion was that these attacks would cost hundreds if not thousands of dollars using the criminal service the attacker claims to be using.
Do not give money to the attacker! They could use that money to extend the attack. We would rather spend money on defences than hoping the attacker will stop if we pay them. Paying the attacker gives no guarantees, and would incentivize future extortion by other people.
Cloudflare and similar services are DDoS mitigation services. They are not magic bullets though, we can't just press a button and get protected, they may cost money, and they may not work given the complex nature of some of the services we provide. If there was a simple answer, we'd have done it already.
That advice applies to home Internet users that are being DDoSed. That advice does not work for servers. If there was a simple answer, we'd have done it already.