Moments of frustration and wounded morale are understandable when contending with an attack of this magnitude. The What.CD experience has been interrupted for an unprecedented duration, and 2014 has been dubbed “The Year of the DDoS” by onlookers in the community.

What.CD isn’t the only service that has suffered: gaming networks, fellow trackers, and even the web's largest sites have been lit up by attacks like the one we now face. Only a select handful of these attacks have been claimed by those responsible. Meanwhile, puerile opportunists have sought fame by clawing onto the coattails of the actual transgressors, and other, low-key attackers have quietly sustained their high-profile assaults.

It is difficult, if not impossible, to formulate a clear answer to the million-dollar question: why attack these services in the first place? No explanations beyond generic principles like “humans can be destructive” seem to satisfy. And so the truth’s broad outline is all we have: countless attackers of countless sites are in possession of countless motivations, and most of these motivations are inscrutable to everyone but the attackers themselves.

In the end, no degree of insight as to our attacker’s motivations will change our response to the attack, and no amount of reasoning will stave off an unreasonable and alien threat.

What we know for sure is that unpatched servers around the globe – ripe for the taking – have become weapons in the arsenals of those who wish harm upon their chosen targets. In the wrong hands, these servers produce amplification attacks many times greater than the attacker's own resources would normally allow, laying low sites both large and small.

As these attacks become more frequent, it seems as if the net we love is being transformed into a fiery constellation of interruptions, slowdowns, and shutdowns. This infrastructural vulnerability is a global problem, and one that organizations with far more resources than What.CD are working to solve. But solutions on the necessary scale are rolled out gradually at best, and What.CD must prepare to withstand an assault for the foreseeable future.

I can speak for everyone responsible for What.CD's behind-the-scenes operation when I state in no uncertain terms that this attack is not something we tolerate. It should be clear from the frequent updates made since the attacks began, but if it needs clarification, allow me to unambiguously state What.CD’s position: What.CD is not giving up, and the What.CD Staff will continue searching for a solution as long as it has the community’s support.

To add a personal dimension to this discussion, I am compelled to state that for two months I have had the pleasure of observing a motley team of volunteer workers from around the globe working together at a fever pitch, all in effort to bring the What.CD community a non-disruptive cure to our weirdly modern plague. Titans like Narcolepsy, lenrek, porkpie, and nando have spent hours upon hours researching and implementing new server configurations while simultaneously managing their busy personal lives. Their collective expertise makes them What.CD’s strongest line of defense, and they deserve all of our thanks.

But regardless of individual degrees of experience, each person on Staff.php has proven indefatigable. I have never been more certain that we promote the right people here. These individuals have been offering fruitful suggestions, logging extra hours, and helping out wherever possible. The networking gurus given individual mention in the previous paragraph are unfortunately condemned to sweat in the "engine room" by virtue of their exceptional and specific talents, but this ship is run tightly, and we’re all in it together. I’m deeply proud of everyone involved, and am thankful to be a part of the team.

It’s also important to emphasize that this team is actively continuing to work in all areas of the site, even when this isn't superficially obvious. Massive development projects are underway, and everyone who can’t contribute to the DDoS mitigation effort on a technical level is steadily involved in his or her area of specialization, keeping up with report queues that won’t stop growing just because we’re facing a new challenge. While we’re postponing non-critical updates for the time being, the What.CD you’ve come to know is still there, buzzing and growing just beneath the surface.

All of these efforts have heralded progress: the site is currently stable, and the tracker's heartbeat grows stronger as potential solutions are systematically researched and tested. Yes, there will be impediments. Yes, the inevitable back and forth nature of the experimentation process means that glimmers of hope (as new methods show promise) will be succeeded by pangs of doubt (as those same methods falter). You must keep the bigger picture in mind, and hold tight.

We urge the community to remain positive. Please, do not fight among yourselves. Do not engage in rampant speculation. Do not seek relief in conspiracy theories. Do not begin hunting moles wherever they may or may not dwell. Do not be eager to grant your attention to those claiming responsibility for the attacks now or ever, be their claims true or false. For our part, we devote little attention to the perpetrators themselves, even as a matter of abstract speculation. We’re only interested in mitigating the threat and returning service to full capacity. And so we ask that you join us in focusing on the uncolored reality at hand: security vulnerabilities across servers worldwide have democratized powerful and disruptive DDoS amplification attacks, and What.CD is facing a peculiarly persistent attack of this nature. This attack might go on for some time, but people are hard at work combating the problem. We will weather this together.

We also encourage the community to help out whenever possible. Your voices are important, and your participation is essential! Be aware that we’re actively reading the DDoS Update Thread and reviewing tips sent privately via Staff PM. The well-wishes and support offered in the thousands of posts and private messages we’ve received throughout this ordeal have become the motivational force carrying us home. The community keeps What.CD’s sails full even while a select few stand at the helm, and we thank all of you for your patience, understanding, and optimism.

When the time is right, we’ll be posting an announcement which details how the community can help What.CD financially withstand the attack. In the meantime, remember that any donations What.CD receives will allow the fight to continue for another day. Donation options are listed on Donate.php. For those of you who are able, also consider helping smaller trackers in a similar position. What.CD isn’t in this alone, and many trackers with fewer resources and smaller user populations have buckled under the enormity of the onslaught. Regardless of personal affiliation, now is the time for the whole tracker community to stand united.

What.CD is over six years old, and has aged beyond its principal creator's predictions. Born in the chaos of OiNK’s demise, our corner of the net has grown into something unexpected and special. During its lifetime, What.CD has shrugged past troubles that were insidious and challenging in ways this attack cannot match. And yet the unabated aggression we now face is something new, and requires unique solutions from us. Know this: What.CD is a tough boat to sink. It may come to pass that, one day, our ship will seek its final port, and there will be left moored in the fog of our fondest memories, but that day has not arrived. And until that day does come, we’ll ceaselessly work to cut our own path through the seas ahead. This is not the first storm we have faced, and it isn’t likely to be the last. Onward!


1.The impact on our servers can be attributed to the unprecedented scale of NTP Amplification DDoS attacks.
2.One of the best staff teams in the private tracker world is hard at work on an ideal solution (i.e., minimal hassle for users).
3.Users often delete red torrents. Please do not delete your torrents, as we hope to return the tracker's functionality.
4.We don't know who is attacking us, and we are more interested in mitigating the attack than speculating.
5.Work continues in all areas: development, reports, announcements (contest updates, stats, rules updates), and more.
6.We ask that you remain positive. Don't fight among yourselves. Don't engage in rampant speculation.
7.A financial update will follow in the weeks ahead. For now, consider the contribution options on Donate.php.
8.Also consider helping out other sites that have been damaged by these attacks.
9.We've faced problems before, and after this problem is solved, we'll face more. Stick together.
10. Discuss in the DDoS update thread, send tips via Staff PM or view more DDoS updates in the Mod-Only update thread.