Hacking and StarCraft

Thank you sir!
FYI, I have started a separate thread specifically for the problem of sniffing IP addresses and DDOS attacks, here:

Hey folks,

Regarding the DOS/DDOS attacks, we have taken action on the perpetrator based on the evidence provided, so thank you for that.

It sounds like the attacks are happening outside of Blizzard’s domain. Ultimately, there is nothing we can do to prevent a DOS (or DDOS) attack which occurs outside of the Blizzard infrastructure.

However, here are some suggestions to try as preventative action:

  • Alert your ISP to the attack, providing as much data as you can. The penalties for DOS attacks are severe these days (even for threatening an attack) and your ISP will likely take this seriously, especially if you have IP addresses and timestamps of the attack. On top of following up with law enforcement, they may be able to provide additional protections on their side.
  • If it’s a DOS attack rather than a DDOS attack, you should be able to configure your router to block all traffic from the IP address. It’s unlikely to be a true DDOS, as these are expensive and non-trivial to coordinate. It’s unlikely to be more than a handful of offending IP addresses that you/your ISP could block.
  • As previously suggested, disable "prefer port 6112" in the SCR options, and ensure your router is not forwarding port 6112. By default, your router should not be permitting random traffic to any port to reach your network. If you have manually forwarded port 6112 or other ports on your router, these are potential vulnerabilities.
  • If you have a dynamic IP address, re-lease your IP address to try to get a different one.
  • As has already been suggested in this thread, using a VPN will allow you to easily cycle through various IP addresses. The VPN provider may also be able to filter out traffic from the offending IP address.

As many have stated above, there is a group of dos attackers in clan -rf-.
Anyone in clan -rf- should just be looked at for the communities sake. The Xu-rf- player in particular has dos attacked me over and over again and I’ve spent maybe 50 hours attempting to connect my internet instead of enjoying my night because of him. He also goes by “Frux”. There needs to be an ip ban mechanism for these people, or starcraft will eventually cease to exist again just like it did in early 2017 before the remaster, hackers and abusers killed it slowly then and it will happen again unless action is taken.


Hi Grant,

Thank you for addressing this issue and sharing methods to help protect ourselves.

As you’re probably aware, the Blizzard West servers were DDOS’d today. Friends have advised me that the same hacker (redhotmoon/moon-rf-/red-hot-moon and other variants) was just online an hour ago and bragged about DDOS’ing the Blizzard server.

My friends also have purported information that identifies this individual by name and phone number in Canada.

This is getting pretty serious now, like major league criminal actions. Feel free to reach out if you would like to corroborate this information or ask more questions. If this type of activity isn’t dealt with and the very hackers performing a DDOS are able to continue to log into the game, then it’s going to ruin a legendary game for good.

Hi, im havind ddos attack, every time i try to play a game.
Suddenly my ping of 8, goes to 60ms, froze my FPS for 3 secs, and my units are gone. GG

The outage on US West was simply a software failure in the automatic deploy process, not an attack.


Clan rF doesnt support the denial of service attacks or the users deploying them.
It would be nice if blizzard was able to patch or mask the ip leak for player hosted matches.
Halo MCC used the old network module as well and they were able to mask ips after encountering these same issues.

I have a question. okay, two. will cheat codes be allowed in multiplayer, and also, are you banning people who use cheat codes in the campaigns. (never Mind)

1 Like

is this problem affecting LAN?

1 Like

wow…cool thing_!!!_cc

The same person (redhotmoon) is again using the SC platform to threaten DDOS attacks and then executing them. He’s again DDOS’d me and another friend. This time I saved a replay file with him threatening the attack and then immediately executing the attack. He admits he’s redhotmoon using the new handle “forza_juv”.

Why hasn’t this person’s license been revoked and their VPN or ISP banned?


Is anything being done about this? Im encountering drophacks & blocked from logging in frequently.

1 Like

I’ve been having lag and disconnection issues in the last week or so. I’ve been suspiciously disconnected and logged out of games and rooms.

Hopefully you guys get them all.

I made a report and provided evidence of a hacker getting my IP and other information.
Support’s reply was just that there’s no way anyone can obtain that information through the game even though it had happened and I provided proof.

Sounds like they need to release a memo for the support team about classic games ip leak vulnerabilities.


Hi, where i can report map hacker player???

Well, one of the main players doing the DDOS’ing is still at it, using the handle Red-Hot-Moon…stalking and harassing people. Great job Blizzard in handling this! NOT!


Got drophacked again today.

Hi, the 2 accounts at the top of the ladder (2800+ MMR) are drop hackers, 38-0 and 36-0 records. A pro gamer just played one of them on stream and it’s just a newbie that disconnects after a while and gets a win anyway.

1 Like

You should link the stream for proof.