Americas Cardroom Hit with Another DDoS Attack, Forced to Cancel Tournaments

In September 2017, Americas Cardroom, a US-facing poker site, was hit with a serious Distributed Denial of Service (DDoS) attack on its server, causing tournaments and cash games to be cancelled as players were disconnected for days. On Tuesday, it happened again.

Americas Cardroom DDoS attack

Americas Cardroom was hit with yet another DDoS attack. (Image: YouTube)

Poker Site Attacked

ACR’s social media account announced scheduled maintenance from 7-10 am ET on Tuesday, and that the site would be offline during that time period. But after the 10:00 hour hit, players reported the site was still down.

At 9:30 am on the 24th, ACR’s Twitter account said, “we had a small ISP issue, techs checked on it and we are coming back up,” and then apologized for the inconvenience.

Less than 45 minutes later, it appeared the issue wasn’t as “small” as first reported. The next post was a bit more alarming than the previous comment.

“We are currently under a DDOS attack. All running tournaments have been paused and will soon be canceled. Our techs are working on the situation to have it fixed as soon as possible. Apologies for the inconvenience,” @ACR_POKER posted.

That was the final post of the day from ACR, causing some players to express anger at the lack of transparency on social media. When one player who was upset it had been over three hours since the last update asked for an update, ACR responded with, “our techs are still mitigating” the DDoS attack.

Still Under Attack

The following morning, players reported they still couldn’t log into their accounts. At 6:13 am on Wednesday, ACR finally updated social media followers.

“We are experiencing DDOS attacks, at this moment we are cancelling all paused tournaments and will refund them according to our T&Cs. Our tech team is working to have the system back to normal. Apologies for the inconvenience,” read a Twitter post.

Fortunately, later in the day, the site was back up and running except for a few accounts that were still having trouble logging in. Less than a day later, it happened again.

“At this moment we are experiencing a DDOS attack, our techs are working in order to mitigate it. All Running tournaments have been paused. Apologies for the inconvenience,” ACR posted at 9:19 am on Thursday.

On Thursday evening, now more than two days after the first DDoS attack, ACR informed the Twitter community that the poker site was still struggling to fight off the attackers.

This isn’t the first time ACR has faced a DDoS attack, where a cyber criminal uses multiple computers to flood the target’s server, making it impossible for customers to access the site.

ACR CEO Phil Nagy claimed a “rival site” was responsible for the September 2017 DDoS attack on his poker site, but never provided evidence.

It’s difficult, if not impossible, to stop a DDoS attack. To ACR’s credit, they are at least attempting to stop the attacks.

Jon Sofen
Written by
Jon Sofen
Semi-pro poker player with 17 years experience on the felt and more than five years working as professional poker media.

Comments

wilywiles wrote...

And maybe that explains why the cardschat freerolls dont even show up in the lobby either? It seems like ACR is definitely struggling to fight off these attacks because every tounrament I have played with them so far in the last week has been interrupted. Hopefully they can figure out there stuff because its a good cardroom and I like playing there but its been a real drag to deal with.

es530 wrote...

I have been playing this site, and this problem is very annoying, because we are building our stack and the table hangs, and we waste our time. right after this message on twitter saying that they are suffering attacks. sometimes if the attacks are constant and successful is because the system is vulnerable. This happened several times in 2016 to 2017, sometimes they did not even say what was really going on. I think these problems should have been remedied, after all there is cash flow, so there are resources, I do not know why they do not solve it.

mrosata wrote...

Unfortunately, DDoS attacks are difficult to defend against and many of the solutions end up adding noticeable overhead to the servers. It’s not simply something that can be solved quickly or that should or should not have happened, it just is. The company seems to be acting mature about the situation. I’m sure it’s a shit show in-house because every minute down is a dollar lost.

Fighting DDoS is very resource intensive, not just money either. It is a huge frustration to people who sign-up for services because they expect to be able to use that service (right, that’s why we’re paying for stuff), but the truth is that it’s not that simple.

I’ve seen small teams fight things like this for weeks on end, hopefully, that’s not the case with ACR

Poker Orifice wrote...

don’t you think they want to solve it? Guess what… they don’t want to lose business due to disgruntled customers. So my guess would be (call it a hunch) they ARE doing what they can to remedy this situation.

mrosata wrote...

exactly, it just takes time

Time to upgrade wrote...

Tbey could fix it by building out a better infrastructure. You do not see the top sites going down from DDoS attacks because they have built out a more resiliant network instead of hosting everything in a country that can be taken out with a single DDoS attack.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Did you know about our poker forum?

Discuss all the latest poker news in the CardsChat forum