Wiki Home › Combat › DDoS & Botnets

DDoS & Botnets

What DDoS is

A DDoS virus (.vddos) turns a hacked server into a slave in your botnet. Slaves earn nothing and never appear in a collection. Their only job is to pile onto one target at once and hammer its hardware. You aim the botnet at a server for one of two reasons:

Missions — knock an NPC offline for clan points.
PvP — wreck another player's hardware, which costs them real money to replace.

To launch an attack you need three things:

At least three slaves — three or more active DDoS viruses on servers other than the target. More slaves means more power.
A DDoS Breaker — installed on your own machine. It's a yes-or-no requirement; its version doesn't change your attack power.
The target in your Hacked Database — you can't attack a server you haven't already broken into.

Where the power comes from

Your attack power, measured in Gbps, adds up from two places:

Your slaves — almost entirely each slave's CPU, plus a small bump from its DDoS virus version. A slave's bandwidth doesn't matter at all.
Your own machine — its CPU and its internet connection add on top.

CPU and slave count are what move the number. Virus version barely matters and the breaker not at all, so the way to hit harder is to add more slaves and more CPU, not to research bigger DDoS viruses.

Running a mission chain

A DDoS mission asks you to seize an NPC, which means beating its hardware all the way down to the floor. You do that by attacking the same target several times in a row. Damage caps out quickly, so once you're past a fairly low power level, hitting harder doesn't seize the server any faster. It just earns more clan points.

A typical Level-3 NPC takes three attacks: the first caps its stats but leaves them a hair above the floor, the second pushes it to the floor and seizes it, and the third completes the mission. Smaller targets that floor on the very first hit can wrap in two.

Two things will cost you the seizure. If the NPC's reset timer runs out mid-chain it rebuilds and you start over, so only begin when there's plenty of time left, more than about ten minutes. And re-attacking a server you've already seized in the same chain pays only a fifth of your power, so don't expect the finishing hit to score full points.

Damage, and what it wipes

Each attack degrades all four of the target's stats (CPU, RAM, HDD, and NET), dragging them toward a floor. The side effect that matters most is that hard-drive damage destroys every virus installed on the server, yours and everyone else's.

What happens next depends on who owns it. An NPC rebuilds its hardware automatically on a timer, but the wiped viruses don't come back, so anyone earning there has to reinstall. A player's machine stays broken until the owner pays to replace the hardware, which is what makes PvP attacks sting. Once a server's other stats are already at the floor, only its hard drive has room left to take damage, so a later attack in a chain often reports hard-drive loss and nothing else.

Clan points

Every attack pays clan points roughly equal to its power in Gbps, which is why more power is still worth it even after a target is seized. Who you hit sets the multiplier:

Target	Clan points
NPC	baseline (1×)
Player with no clan	3×
Player in a clan, not at war with you	5×
Player in a clan you're at war with, or a clan server	10×

Attacking players pays far more than grinding NPC missions, and declaring war on a target's clan doubles your points per hit.

Attacking other players

Hitting a player's machine works differently from an NPC mission. There's no mission to complete and no reset timer, so the damage simply persists until they rebuild, and clan points are the whole payout. The same hard-drive damage also wipes whatever earners the victim was running, which can be worth it on its own when you're fighting over shared servers.

The catch is the noob penalty. If your cracker and FTP/SSH exploits are much weaker than the victim's defenses, the game divides your attack power several-fold, and cuts it further still at very high power. It only applies in PvP, never to NPCs, so analyze a player's security before you commit a botnet to them. And expect to be seen: the victim gets a mail alert when the attack lands and can watch it in their process list, so a counter-attack is a real risk.

Defending against DDoS

A hasher and a firewall raise the bar. The hasher forces an attacker to crack your password before they can add you to their Hacked Database and attack at all, and the firewall blocks the SSH/FTP exploit shortcut around it. A firewall also soaks up the damage from small attacks, but it does very little against a large botnet, so it won't save you from a serious one. The noob penalty helps as well, automatically gutting the power of anyone whose stack is much weaker than your defenses.

None of that stops a player who simply out-guns you. Against both DDoS and ordinary hacking, the only sure-fire defense is a queued IP reset. Resetting your IP boots anyone currently logged into your localhost and hides you from attacks until your new address turns up in a log somewhere. A reset takes ten minutes while a DDoS lands in five, so it won't outrun an attack already in flight. Keep one queued so you can fire it the instant you're targeted. Without that, a determined stronger player leaves you dead in the water. There's more on staying hidden in Defense & Opsec, coming soon.

⚠️

Every attack can get your IP posted. Safenet flags a partial IP on the first hit of a chain and the FBI posts full ones on later hits, and other players watch those lists for targets. Clear your logs between attacks to break the trail, and don't spam attacks unless you're ready to be hunted back. Log clearing is covered in Hacking 101.

🐧

Mushi's tipA DDoS virus and an earner run on the same server at the same time, so drop a slave on every box you already collect from. Your botnet grows for free while your income carries on untouched. See Viruses for the earning side.