Curse protects and enhances its gaming communities with Cloudflare.
Curse builds communities around games to make gaming more enjoyable. Gamers come to Curse’s sites to meet people playing games and exchange information on wikis for different games on different platforms. One of Curse’s sites, Gamepedia, is the largest gaming wiki platform in existence. Through officially sanctioned wiki’s with gaming companies and community made sites, Curse’s sites see over 1 billion page views and reach over 50 million users every month.
Given Curse’s industry and service, their platform is a common target for online attack. Craig Bradberry, Production Systems Manager at Curse, explained “We definitely see a higher number of attacks because we’re involved with gaming. We have a younger user base on average than most sites, meaning that we see teenagers (who don’t face any real risk of punishment) using a botnet or other form of malicious attack on our sites. It’s made worse by the fact that that nobody outside of the space really cares that much about gaming sites, because we’re not dealing with the sensitive information like a bank or an ecommerce store might process. We see these attacks for any reason; if people get upset in game, our sites are often targeted in retaliation.”
"...we couldn’t use on premise products because these DDoS attacks were getting so big..."
The types of attacks Curse sees knock community sites offline completely or make them slow and unusable. Most of these attacks are DDoS, or Distributed Denial of Service, attacks, which send more traffic to a site than it can handle, preventing information from coming or going from the sites origin server. “Initially, at least weekly, if not daily, we were getting reflection attacks and people doing malicious attacks flooding our origin servers preventing the sites from being accessible by anyone,” Bradberry explained. “The DDoS mitigation appliance we had in place took care of these until the attackers started doing bandwidth based attacks. After that, we couldn’t use on premise products because these DDoS attacks were getting so big that they were taking down the entire data center. They would use botnets so it was impossible to block manually. The only solution we had was to black hole a domain, but that’s a pain because we had to redirect people to new IPs, and then the botnets just move to attacking the new IP.”
Curse found Cloudflare’s security suite to be the perfect protection from these attacks. Cloudflare’s Rate Limiting allows Curse to set limits on the number of times a given page can be hit by an IP address over a set amount of time. Bradberry posited, ”If we’re having an issue where our software is being impacted by someone malicious, like a Layer 7 attack on our login page, Rate Limiting prevents that. Plus, the setup is easy and intuitive. It’s really easy to go in and add another Rate Limiting rule and our jobs easier because you can make different rules along ATC response codes.”
Cloudflare’s DDoS mitigation also helps blocking Layer 3 and 4 attacks aimed at Curse. Cloudflare’s DDoS mitigation has blocked some of the largest attacks seen on the Internet. It works by intelligently routing attack traffic away from origin servers, absorbing the traffic at Cloudflare’s edge, instead of allowing it to overwhelm origin servers. “Attacks that would otherwise make our site slow or entirely inaccessible get blocked by Cloudflare,” commented Bradberry. “Because of this protection the 1,600 sites we have on Cloudflare are kept online and our community keeps coming back to enjoy them.”