Case Study of CDN Traffic Theft and DDoS Attack Mitigation in Game Publishing

The author describes a situation where a game project experienced a sudden surge in CDN traffic, leading to unexpectedly high costs and degraded player experience. Investigation revealed that attackers were repeatedly downloading the client installation package, effectively stealing CDN bandwidth and inflating expenses.

Key concepts introduced include Content Delivery Network (CDN) basics, distributed denial‑of‑service (DDoS) attacks, and the role of User‑Agent (UA) strings. The article explains how malicious actors can mimic legitimate users to generate massive requests, causing bandwidth exhaustion, 4xx errors, and even service outages.

Through a series of real‑world observations—such as abnormal IP concentration in specific regions, unusually high download counts for old packages, and suspicious UA patterns—the team identified the attack vectors and took immediate actions: deleting outdated packages, blocking malicious UA strings (e.g., okhttp), and applying rate‑limit rules to curb excessive requests.

Subsequent monitoring showed an 80% reduction in abnormal bandwidth usage. The author also discusses broader defensive strategies, including professional DDoS firewalls, IP white‑/black‑listing, rate limiting, authentication mechanisms, CDN load‑balancing, and scaling server resources.

To sustain protection, the team leverages internal tools (referred to as the GDL platform) for real‑time monitoring, daily inspections, usage analysis, and operational dashboards. These tools provide metrics such as bandwidth peaks, total traffic, request counts, UV/RC ratios, and download source analysis, enabling early detection of abnormal patterns.

Finally, the article emphasizes the importance of cross‑team awareness, proactive QA involvement, and continuous improvement of security practices to prevent future CDN traffic theft and DDoS incidents.