Andy Janata · @ajanata
11th Feb 2015 from TwitLonger
Pretend You're Xyzzy
So, there have been a lot of DDoS attacks on PYX recently. The short version is that I'm tired of dealing with it, and for the foreseeable future, my PYX servers will be down. The long version is explained below.
I started this project about three years ago as a time-filler while I was between jobs. When it was usable, I put it up on excess server capacity for which I was already paying, to be able to play with friends. I never did any advertising for it; I still have no idea who in my circle of friends I shared the link with posted it originally. I was okay with this at the time, because it wasn't taxing server resources.
In November of 2013, something happened and traffic skyrocketed (http://i.imgur.com/XBYubY4.png). The single server that I was running it on was no longer sufficient for keeping up with load. I set up second server, and a few weeks later, a third. These three servers handled traffic fairly well for a year (http://i.imgur.com/Wh7KAwP.png).
Recently, there has been a significant increase in the number of DDoS attacks on the servers, even after the switchover to pretendyoure.xyz, which put the servers behind Cloudflare. Unfortunately, for reasons I won't go into here, there were still ways around it to be able to get at the servers directly. There might still be something else we can do to mitigate it, but I'm not going to promise anything.
When these attacks happen, they saturate our connection in the datacenter (100 mbps, http://i.imgur.com/W7f21S4.png), and completely kill any other connections to other servers in our rack. This is simply unacceptable for the things that are running there. I'm really sorry, but I'm going to have to stop running these servers for the foreseeable future until we can figure out some other mitigation strategy, if that's even possible.
The only sure-fire way I can see of making this work is to shell out several hundred dollars per month for AWS and Cloudflare. I'm not willing to do this for a side project. The license that Cards Against Humanity is under (CC-BY-NC-SA) *might* allow running ads and/or accepting donations to cover server costs, but I am not a lawyer nor can I afford one to make this interpretation. I could email the CAH team and see what they say, but from previous private contact and public discussions, they are not terribly interested in ways of playing the game online instead of in person.
You are free to run your own server from my code (https://github.com/ajanata/PretendYoureXyzzy), but that is not the easiest thing to get up and running. I have a 3-day weekend coming up this weekend; I will see if I can dedicate a few hours to cleaning up the build and configuration process. You will need at least some technical skills to make this work, though, and I apologize for this. I would keep these servers running if it wouldn't kill 20-odd other servers when DDoSes happen, but it does, so I can't. If you do end up running your own server, let me know at @_PYX_ and I'll see about setting up a server list that is safe and includes your server, but beware that you may end up subject to these same attacks.
To whomever is behind this: I realize this is the Internet and we can't have nice things, and even acknowledge that these attacks somewhat fit the subject matter of this game. Still, you're a horrible person, but I mean that in the best way possible. After all, this is a game for horrible people.
Again, I sincerely apologize for taking the servers down, but this has been taking up far too much of my time and resources. I will investigate other ways of running servers for general usage, but they may end up not having as much capacity, especially if it ends up costing me more money out of pocket.