We've discussed this in the support tickets that were opened for those that were affected and reported issues, we found that DoS attacks were behind the issues, and in some cases network saturating DDoS attacks.
Application layer DoS:
Sometimes just a few IPs will connect to the join port of a Warband server, with around 1-20ms of delay between each packet on a repeating random timer, until the server stops responding or becomes laggy enough to become unplayable. At this point it seems a restart is required on the Warband server application to fully bring performance back to normal after the attack is stopped.
In some cases depending on the attack method this will show up in the Warband logs as well as "someusername has joined the game with ID: 01234567" at an extremely fast rate(1-20ms between each one).
DoS protection is difficult in this case, as the attack mimics a proper connection to the server from a client, or a query; filtering this would mean no one could join the server unless their IP is whitelisted when/if filtering is applied.
In other cases it behaves more like a DDoS attack and is from various random IPs to the join port and does not show up in the log(UDP or TCP can be used). This method seems to require more unique IPs and more bandwidth from the attacker to have a noticeable effect on server performance, and only affects the targeted game server still. No information shows up in the logs in this case, but the warband engine still seems to respond in some way to this.
Network level DDoS:
Actual DDoS saturation attacks are automatically handled by the datacenter and DDoS protection, and will show up as packetloss in WinMTR to the host, usually 100%(though in some cases this is just the Firewall, we can explain more in support tickets as it depends on the location). When this happens the server won't show up at all in the server list until the attack is filtered, and FTP most likely won't work as well.
DDoS protection and onsite monitoring we've always had in place since day one, and get notifications when they happen from the datacenter, but the DoS attack attacks on the application level and leaves a server online generally, and only affects that one Warband server(WinMTR will show no packet loss and low latency, in game latency will be impossibly high and unplayable).
The DoS attacks are small enough in bandwidth/pps that they do not saturate the network and do not provide an alert and are very hard to filter out from normal legit traffic.
We've had some clients who reported the issue continued after they tried another provider or home hosted, so I don't believe there is currently a solid defense against the application level exploit.
If there is one, we will gladly add/patch\filter for it.
If you have had issues, please open a support ticket and we'll look into it and see what can be done. If for any reason you want to cancel the server, we still offer pro-rated refunds on the remaining paid time so you are never stuck with a service you don't like.