In September 2017, Americas Cardroom, a US-facing poker site, was hit with a serious Distributed Denial of Service (DDoS) attack on its server, causing tournaments and cash games to be cancelled as players were disconnected for days. On Tuesday, it happened again.
Poker Site Attacked
ACR’s social media account announced scheduled maintenance from 7-10 am ET on Tuesday, and that the site would be offline during that time period. But after the 10:00 hour hit, players reported the site was still down.
At 9:30 am on the 24th, ACR’s Twitter account said, “we had a small ISP issue, techs checked on it and we are coming back up,” and then apologized for the inconvenience.
Less than 45 minutes later, it appeared the issue wasn’t as “small” as first reported. The next post was a bit more alarming than the previous comment.
“We are currently under a DDOS attack. All running tournaments have been paused and will soon be canceled. Our techs are working on the situation to have it fixed as soon as possible. Apologies for the inconvenience,” @ACR_POKER posted.
That was the final post of the day from ACR, causing some players to express anger at the lack of transparency on social media. When one player who was upset it had been over three hours since the last update asked for an update, ACR responded with, “our techs are still mitigating” the DDoS attack.
Still Under Attack
The following morning, players reported they still couldn’t log into their accounts. At 6:13 am on Wednesday, ACR finally updated social media followers.
“We are experiencing DDOS attacks, at this moment we are cancelling all paused tournaments and will refund them according to our T&Cs. Our tech team is working to have the system back to normal. Apologies for the inconvenience,” read a Twitter post.
Fortunately, later in the day, the site was back up and running except for a few accounts that were still having trouble logging in. Less than a day later, it happened again.
“At this moment we are experiencing a DDOS attack, our techs are working in order to mitigate it. All Running tournaments have been paused. Apologies for the inconvenience,” ACR posted at 9:19 am on Thursday.
On Thursday evening, now more than two days after the first DDoS attack, ACR informed the Twitter community that the poker site was still struggling to fight off the attackers.
This isn’t the first time ACR has faced a DDoS attack, where a cyber criminal uses multiple computers to flood the target’s server, making it impossible for customers to access the site.
ACR CEO Phil Nagy claimed a “rival site” was responsible for the September 2017 DDoS attack on his poker site, but never provided evidence.
It’s difficult, if not impossible, to stop a DDoS attack. To ACR’s credit, they are at least attempting to stop the attacks.