Part 3: DDoS
DDoS viruses are botnet slaves. Install .vddos files on hacked servers to build the network, then attack a target. They don't show up in collections and earn no money. Two uses: DDoS missions for clan points, and PvP to wreck other players' hardware (VPC damage stays until they buy replacements). Firewalls absorb DDoS damage; serious attackers usually drop the target's firewall right before the hit.
3+ DDoS Slaves
You need at least 3 active DDoS viruses installed on different servers (not counting the target itself). More slaves = more power.
DDoS Breaker
You must have DDoS Breaker software installed on your own server. Breaker version is a yes/no prerequisite — it does not affect attack power.
Target in Hacked DB
The target server must be in your Hacked Database. You can't DDoS a server you haven't already compromised.
Tip: stack a DDoS virus and an income virus on the same server. Both can function simultaneously, and the updated Hacked Database now shows the status of both types.
Fork added the dual-virus UI 2026-04-30; a brief collection-skip bug was patched 2026-05-02 — earners on dual-virus servers now collect cleanly.
Attacker Contribution (your servers)
Your pooled CPU across all localhost servers and your global NET contribute to attack power. CPU is the dominant factor, typically 85-90% of your attacker power.
| Your Hardware | Power |
|---|
| 6 GHz CPU, 100 Mbit NET | 70 Gbps |
| 36 GHz CPU (6 servers), 1 Gbit | 460 Gbps |
| 78 GHz CPU (13 servers), 1 Gbit | 880 Gbps |
Slave Contribution (per server)
Each slave contributes based on its own CPU and your virus version. The server's NET bandwidth does not affect slave power at all.
| Virus | Ver | 4 GHz | 8 GHz |
|---|
| Generic DDoS | 1.5 | 40.8 | 80.8 |
| littlekiss | 5.1 | 42.6 | 82.6 |
| Big DDoS | 7.5 | 43.8 | 83.8 |
| freehugs | 10.1 | 45.1 | 85.1 |
CPU matters, virus version barely does. On a 4 GHz slave, going from Generic DDoS (1.5) to freehugs (10.1) adds only 4.3 Gbps (+11%). One more 4 GHz slave adds 40+ Gbps. Add slaves, not versions.
A full chain runs ~15 minutes (~5 min per attack) and NPCs reset on a ~15-min timer. Straddle the reset and you lose the seizure. The win condition is to hit the NPC the moment its timer ticks back to ~15 min, then run the whole chain through without dead time between attacks.
Pre-queue these before starting: none of them fire until you release them.
• DDoS attack process (the first hit, parked ready)
• Log edit on the NPC's server (wipes your IP from their logs)
• Log edit on localhost (wipes the trail on your own server)
Execution flow:
1. Watch the NPC's reset timer.
2. The moment it ticks back to ~15 min, release the queued DDoS.
3. As soon as the attack lands, fire both log edits.
4. Queue the next DDoS and start it immediately.
5. Repeat for attacks 2 and 3.
Faster chain = smaller exposure window for Safenet/FBI rolls.
Recurrence rule ✓ R70 (4 chains): the first two attacks on a fresh chain both pay full power. The 1/5 cut only kicks in when you re-attack a server that's already seized. Plan for 3 attacks on most L3 NPCs; a smaller target whose hardware floors on attack 1 (e.g. R70 NOTHING-TO-DO) wraps in 2.
Each attack escalates law enforcement. Safenet posts your partial IP. FBI posts full unredacted IPs of all suspects. Game runners relay FBI data to Discord in real time. Spam DDoS attacks and you'll get hunted and counter-hit.
Empirical pattern across R70 chains: Safenet rolls on attack 1; FBI rolls on attacks 2 and 3. Tracking is per-attack and rolls are independent. A "busted" attack 1 is common; clean log edits between attacks break the trail before FBI rolls land.
Damage cap on Level-3 NPCs — power-independent across 1,405 → 5,210 Gbps ✓ R70 (5 runs)
Recovery
NPC Servers
Hardware resets automatically on a timer, but the viruses are NOT restored. They got destroyed when HDD was damaged. You have to reinstall.
VPC Servers (Player-owned)
Hardware stays destroyed until the owner buys replacement hardware. Much more impactful than NPC attacks.
VPC Damage Profile ⚠ observation, n=1
R70 P2P attack on 224.58.154.160 reported 91.4 / 85.3 / 98.8 / 98% (CPU/RAM/HDD/NET) vs the NPC canonical 87.5 / 96.9 / 99 / 99%. Unresolved whether VPCs cap differently or the target was sub-cap (not pre-damaged).
Once at floor, only HDD takes damage. CPU/RAM/NET cap at 87.5/96.9/99% — effectively their floor. HDD caps at 99% (1% headroom). Attack 2 in a 3-attack chain typically reports "CPU not damaged, RAM not affected, NET stable, HDD 60–80% loss" — the attack didn't misfire, the other stats simply have no slack left to absorb a damage roll.
Clan points per attack ≈ your DDoS power in Gbps. Fresh chain: both attacks pay full. Re-attack on an already-seized server: exactly 1/5 power. ✓ verified across 4 R70 chains, exact divisor
2-attack run — small target, attack 1 floors hardware
R70 NOTHING TO DO (L3), 2026-04-25
| Attack | Power | Points | Status |
|---|
| 1: Seize |
1,405 Gbps |
1,405 |
Floored, seizedAfter=1 |
| 2: Recurrence |
|
273 |
Complete |
| Total |
|
1,678 |
|
3-attack run — typical L3 NPC, hardware just-above floor after attack 1
R70 BANTA (L3), 2026-04-30, 87 slaves
| Attack | Power | Points | Status |
|---|
| 1: Cap damage |
5,210 Gbps |
5,210 |
Capped, not seized |
| 2: Seize |
5,210 Gbps |
5,210 |
HDD-only, seizedAfter=1 |
| 3: Recurrence |
|
1,042 |
Complete |
| Total |
|
11,462 |
|
PvP targets pay 3–10× instead of 1× — see Attacking VPCs (PvP) below for the multiplier table and tactics.
No reset, no mission
Damage persists until the victim buys replacement hardware — no auto-reset timer. There's no mission to complete; clan points are the only payout.
Noob Penalty active ✓ dev-confirmed 2026-05-02
If your cracker + FTP/SSH exploit stack is much weaker than the victim's defenses, your DDoS power is divided by 3–5×. Analyze first — a v20+ firewall fully blocks attacks ≤28k power.
Wipes their viruses too
HDD damage destroys whatever earner viruses the victim was running on that VPC. High collateral value if you're competing for spam slots on shared NPCs.
Clan Points Multiplier by Target § Clan.class.php:4051
| Target | × | Status |
|---|
| NPC | 1× | baseline, verified |
| Player without clan | 3× | legacy |
| Player with clan, no war | 5× | ✓ R70 2026-05-02 |
| Player with clan AT war, or clan server | 10× | legacy |
Pre-fight Checklist
1. Analyze the target. Check their hasher, firewall, SSH/FTP versions. Estimate your noob penalty before committing slaves.
2. Pre-queue firewall-disable + DDoS together. Hold both ready. Release the firewall-off the moment the DDoS is queued, then immediately release the DDoS so damage lands unmitigated before the victim can react.
3. Pre-queue log edits on localhost and the victim's server, like the NPC chain checklist.
4. Expect to be seen. Victim's process tab shows the DDoS in flight; server log gets an entry post-impact. Counter-attack is real risk.
Hasher (Password Gate) § legacy
Attackers must crack your password to add you to their Hacked Database before they can DDoS. A strong hasher blocks anyone without a matching cracker version.
Firewall (Exploit Gate + Damage Mitigation) § legacy, threshold not verified live
SSH/FTP exploits can bypass the hasher entirely, so a strong firewall blocks these. It also mitigates DDoS damage: v20+ fully blocks attacks up to ~28k power.
Noob Penalty (Auto) ✓ dev-confirmed 2026-05-02
If your security stack is much weaker than the attacker's, their DDoS power is divided by 3–5x. Above 100k after penalty, an additional 90% cut. PvP only — no longer applies to NPCs (mission or non-mission). Calculation now factors in cracker AND FTP/SSH exploit versions (previously cracker only).
Run both. Hasher alone? SSH/FTP exploits get through. Firewall alone? Password cracking still works. Both, or you're not actually defended.
When other players DDoS NPC servers, the HDD damage wipes every virus file. The NPC resets its hardware on the timer, but the viruses don't come back. That's why your income drops randomly.
1
Check viruses regularly
Popular mission-target NPCs lose viruses frequently. Check your Hacked Database and reinstall missing viruses.
2
Avoid mission NPCs
Level 1-3 Mission NPCs are DDoS'd most often. Riddle Trail and Regular NPCs tend to keep viruses longer.
3
Check hardware first
Use Analyzer before placing viruses. If hardware is degraded (CPU/NET way below normal), it was recently DDoS'd. Earnings stay reduced until it resets.
4
Spread wide
Don't concentrate viruses on a few servers. Spread across many NPCs so a single DDoS wipe only takes out a fraction of your income.