To keep the ip secret and not on a DNS, maybe even proxied.
All current non banned users get an email with the ip. when there's a ban, followed by an attack, the IP's on the proxy get changed and all non blacklisted players are emailed with the new ip?
new members have to sign up with a valid email to get on said email list.
My knowledge on networking is limited, but could something like this work?
and also, another idea to prevent a user creating a silent account to keep track of ips.
perhaps have several different proxy ips to give out, the real one for the mods and super trusted, another for long time players and generally trusted people and another for people with less than 24 hours of playtime.
so really it'd only inconvenience the newest of players.
Nice thought... but that's not gonna solve anything. Its just not how the internet works.
Think of it this way....
The server is a playground in the middle of a zombie infested forest. In order to protect the playground for the children, there is a wall built around it. At the base of the wall, there is a gate, and its constantly manned by a gatekeeper... well call him "Crusty Gonad". Crusty's one job in life is to only let in children to the playground, not zombies. Simple enough job, but poor ol' Crusty.... the zombies keep coming to the door and ringing the doorbell, NON-stop. Crusty doesn't let them in, of course, but while he is busy denying access to a constant stream of zombies, a lot of children can't get into the playground either. They give up and go home.
What you basically suggested was to build a second door in front of the first door and hire a second gatekeeper to take some of the pressure off Crusty Gonad and instruct the new gatekeeper to keep the original gate a secret to all except those allowed through the new gate. But all that does is put all the pressure of the zombies on the new gatekeeper, "Sir BlocksAlot". Now, its Sir BlocksAlot who is under constant siege turning away zombie after zombie, and the kids still cant get through the new door and new gatekeeper.
No matter what you do on the internet, all traffic heading to a specific server, whether or not its proxied or firewalled, or whatever, it always meets a single gatekeeper on the other end, and that gatekeeper is always vulnerable to being swamped with bogus requests. Hiding the IP would work, obviously, unfortunately, it will only work as long as everyone keeps their mouth shut and no new sign-ups to the forum happen, and google suddenly disappeared from the face of the Earth and basic networking tools just stopped working.
If the solution were as simple as you think, it would have already been implemented as a standard across the internet by now. The only real solution for a DDOS attack is to wait it out, and have a host provider that can defend the gates for you.
Of course, if everyone on the internet had proper malware protection, then there wouldn't be a bot-net, and this wouldn't be an issue at all. So maybe the solution likes in each ISP forcing their subscribers to take a monthly "online malware scan" or get thier service cut off?
wow detailed response and a great metaphor!
continuing with the metaphor though, what i was thinking is having two guards to external sources not one as you suggested.
one for more reliable players, ie peeps that put in the playtime, and one for the sub-24 hours. it's the sub 24 hour one that is given out to the public, but the first one is kept for just the trusted peeps. that way only one guard is getting seriously bashed, while the other, not so much, enabling trusted users the ability to play with less connection issues. then the last guard, is the guard that only the mods know about and is never given out.
so, if you've just signed up, or have played for less than 24 hours total, you get to the gate of gate A, and you have no idea about gate B.
gate B is given out to only the more active and trusted players.
should there be problems with gate A, only gate A's address needs to be changed, therefore only affecting those that know gate A's location. while gate B sits pretty. and vice versa if a trusted person turns turncoat, but that'd surely be more rare than for gate A.
main gate address is only for mods to know, gates A and B simply redirect to the main gate. but can a traceroute track this?
When you get down to the nitty gritty the perfect fix would be to install missile silos atop the pretty battlements of this imaginary playground and nuke each and every zombie as it starts appearing as a primary defense, then for good measure hand out RPG's to the good little children so that when they see the pretty playground getting overwhelmed by undead twats they can join the fray and should one of the good kiddies turn out to be a nihilistic arse nuke that sucker as well and continue on our daily minecraft fix. Buuuut.. it'd require a fuckton of man hours to teach the children how to blow the zombies up but not the pretty playground we all adore.
Hrmm. Why do I get the feeling that this Metaphor, has not only grown legs, but sprouted wings and has made an alliance with the Kremlin and the White House.