DDoS Attacks Confirmed

Quote:

---

Originally Posted by Texa

I am surprised they directly confirmed this at all given that they are a Japanese company and admitting that they were vulnerable to an issue like this is very shameful for them. Directly admitting to what happened to their customers base is not something they would take lightly.

---

Name one MMO that hasn't been DDoSed, and they likely weren't even worth existing.

DDoS protection varies in strength, as does the magnitude of the attacks themselves. This was obviously a high-level attack that a game with small protection would've struggled to keep the servers operational period. Consider how the attacker has been proceeding and there really isn't any shame at all, except for the DDoSer who clearly is full of shame. Some people are saying SE is lying to us, but can they prove it isn't a DDoS attack? Until they can SE is being honest with us and not hiding anything, which is credible.

Quote:

---

Originally Posted by YitharV2

There are methods to sort of help, but in my opinion, they're really hard to counter. You can think of a router as a small computer. You can think of it having incoming ports and outgoing ports. When multiple packets go to the same destination, they're put in a queue. But the router only has so much memory, so when the queue is full packets are dropped. That's why it's bad for actual traffic.

---

What kind of methods would you suggest, baring in mind that the login servers are most likely using tcp transmission instead of udp?

if your thinking of switching to udp transmission that would be good for SE's wallet as they'd be billed for less traffic usage but it would also cause a lot of headache for them with the players complaining about that next.

your analogy was pretty good though which is why i had to ask to see what you'd consider doing.

Quote:

---

Originally Posted by daedalusAI

Proof for that claim?
Do you just uncritically accept their "news" about an ongoing DDoS-attack of which they inform their customers only 5 days later?

---

Considering I have worked in InfoSec I applaud them for providing service period during an attack. It takes guts to admit the issue itself to your player base. They probably could have done something different to prevent the issue but security is more hindsight and best practices. It also takes considerable planning to roll out a fix for DDoS specific issues depending on your architecture and programming.

Quote:

---

Originally Posted by Tonkra

Oh look there is a conspiracy theory all over again.

just to tell you:a company should really avoid to lie. i worked in several companies and we never lied concerning technical issues and stuff. There is a huge risk that the truth is coming out which would damage the credibility of a company sustainly. So i really doubt your conspiracy theory.

Its quietly possible that this is a DDOS attack, it is very popular for people to ruin the release of a new expansion also.
Additionally it is less afford needed to run a DDOS attack, everyone can do this.

---

If they had said something 2-3 days ago maybe I would be more inclined to believe them, the fact that nothing is said until after poor media reception starts being posted leaves a lot of suspicion. Lets also add to the fact it is common for Japanese companies (not just SE but in general) to have individuals or outside sources take the blame for project or business failures in order to save the companies reputation. It is never the companies fault when it can be someone else's fault.

Perhaps this is a DDoS attack but it honestly just shows more of a pattern of overselling your product beyond support capacity. This is coming from many years of MMO launches and expansions and having seen queues (which are fine and common) to whole servers being taken down (which is not) and then for some unknown reason them having the brilliant idea that during a time (launch of a new expansion) when your going to see a massive peak of returning characters on top of your normal load (which on some data centers and servers already see queue times) to also launch a login campaign to bring even more players into it seems like they simply created a poor situation for themselves and are trying to find a reason why it isnt the companies fault but someone specific or some outside source.

DDoS's happen, that is life. DDoS's do not create line ups because your server doesnt create more than one instance. It doesnt change a few of the issues we have experienced that they have claimed to fix. It will cause some of the issues we have experienced but those issues are just as likely to be caused by the servers being overloaded with too many players and not a proper system or plan in place to deal with them

Quote:

---

Originally Posted by Joe777

Name one MMO that hasn't been DDoSed, and they likely weren't even worth existing.

DDoS protection varies in strength, as does the magnitude of the attacks themselves. This was obviously a high-level attack that a game with small protection would've struggled to keep the servers operational period. Consider how the attacker has been proceeding and there really isn't any shame at all, except for the DDoSer who clearly is full of shame. Some people are saying SE is lying to us, but can they prove it isn't a DDoS attack? Until they can SE is being honest with us and not hiding anything, which is credible.

---

I have to wonder what the motivation for the DDoS is, to try and blackmail SE? Most of the time DDoS's have two goals:
1) compromise the data by forcing bugs in the OS or netcode to be exploited
2) lose the target company sales by frustrating the customer base

The latter seems more likely, but as much as I would like to think that, I don't see the payoff. Who wins from this?

What they do at the data center my servers are at, is they just blackhole certain ip address ranges that the DDoS's come from (eg China, Romania, Russia, Ukraine, various VPN's and Tor end points), and it works both ways. If the network operations manager decides that a customer's machine is generating DDoS-like traffic, they will cut the machine off.

Quote:

---

Originally Posted by KisaiTenshi

I have to wonder what the motivation for the DDoS is, to try and blackmail SE? Most of the time DDoS's have two goals:
1) compromise the data by forcing bugs in the OS or netcode to be exploited
2) lose the target company sales by frustrating the customer base

The latter seems more likely, but as much as I would like to think that, I don't see the payoff. Who wins from this?

What they do at the data center my servers are at, is they just blackhole certain ip address ranges that the DDoS's come from (eg China, Romania, Russia, Ukraine, various VPN's and Tor end points), and it works both ways. If the network operations manager decides that a customer's machine is generating DDoS-like traffic, they will cut the machine off.

---

Sadly, DDoS attacks can lack a true motive beyond doing it for kicks. However, some may resort to it to keep others from playing a game or a game owned by a company that pissed them off.

Quote:

---

Originally Posted by Joe777

Name one MMO that hasn't been DDoSed, and they likely weren't even worth existing.

---

I don't play other mmos (cept Wow for a bit when it was new, and I mean "no expansions out yet" new) so I wouldn't know : p.

I agree though, that is directly explaining what happened to their customers is shameful for them. Japan usually makes a point to be as vague as they can when it comes to explaining business issues. Hearing the nitty gritty about major problems isn't something they usually do.

I don't see why they would lie about a DDoS, Square has our money already. they have already come out and said there were problems on their side, the DDoS just made things worse in my opinion. and don't worry in my own experience the DDoS attacks never last longer than a week, they just want to ruin the initial fun of the expansion, they will get bored and move on soon enough... Overall I'm loving the new expansion, one of the best I have ever had the pleasure to play, Good luck to everyone trying to see the content, it will all work out, just have some patience, this is only the beginning! <3

I can believe it, WOW, COD, and LoL servers behave like the SE servers have been when they get ddos'ed

Uh huh, if it really happened, it would've been a lot worse. Unless the script kiddy was incompetent.

lol @ all the geniuses just assuming they're lying about it. It's not impossible, but neither is a ddos attack--happens all the time, and it being a ddos attack explains a lot.

Both lodestone and mog station needing emergency maintenance?
Instance servers crashing despite SE bottlenecking them? How do you think that happens?
Literally every type of server involved in the game having issues
EU being so congested it needed 2 extra servers, yet NA's got the same queue times afterwards and we're still having way more issues than JP or EU
This being confirmed as the servers are taken down, giving SE the ability to see that access attempts are still being thrown at it despite no logins

etc
etc
etc

Hey, geniuses who are saying "HM well they didn't say it before so gosh clearly somehow that makes it a lie?"

Do YOU have any understanding of how one confirms a ddos attack as opposed to just congestion?

No, guessing not.

People need to step back and realize the limitations of their knowledge instead of rushing to sound smart on a forum.

Does seem fishy, but then again I was getting alot of different issues today that I wasn't getting a few days back. Heck, on day 2 and 3, the servers were doing just fine for me. It wasn't until today I started having issues again, and issues I never had before.

Solo instances freezing up, then disconnecting me outright after staring at a black screen for a few mins. Then I got stuck in a queue. And each time I got booted off, the queue would increase.. I just took it as people were starting to play the game for official release.

Then, the queue got bigger, alot more than I had even seen from the Hyperion server. It had hit 1k+ before it booted me for no reason at all in the Wolf's Den, practicing on a training dummy. I had given up after that..

Things just didn't seem like normal issues I would usually have, and things have been quite ok, until right before maintanence, when shite hit the fan.

Plus if it was a DDoS attack, who knows. That very person could be from the forums for all we know, taking enjoyment from all the posts about the issues. The perfect front row seat.

Quote:

---

Originally Posted by Texa

I am surprised they directly confirmed this at all given that they are a Japanese company and admitting that they were vulnerable to an issue like this is very shameful for them. Directly admitting to what happened to their customers base is not something they would take lightly.

---

Given that it is near-impossible to defend yourself completely against a DDoS attack it is not exactly shameful to admit you are vulnerable to something that practically every other company in the world are also vulnerable to.

As someone that played and observed the events unfold since the 16th I have my doubts on the sources of the attack

I see a lot of people here in this thread talking about the definition of a DDoS attack and whatever can be the generic motives behind them but, while I do believe that a DDoS "attack" did happen, I'm very doubtful of the sources, when:

1) I've seen in my server at least, players using scripts to click in front Raubahn and Pipin in an attempt to access an instance server that is datacenter-wide for hours and hours long, considering the area in question had 3 instances, each with around 250 players according to the menu, that's around 750ish people either clicking manually or using scripts to access a solo-instance server and constantly hammering it.

if SE claims that attacks did start on the 16th, that part has to be a factor too somewhere in the equation, those are all requests, at high frequency, from several different IP addresses, to one target, at what I would consider a high volume assuming the same thing happened on the rest of the servers/datacenters, it effectively constitutes a Denial of Service to me even if it was not voluntary by those who caused it, the effect is the same.

2) on Primal, while 90002/90006 disconnections loops did happen, they were pretty rare in general until tonight, I did hear that they happened more often on Aether but, the experience has been relatively smooth until tonight

Quote:

---

Originally Posted by Poisonous

lol @ all the geniuses just assuming they're lying about it. It's not impossible, but neither is a ddos attack--happens all the time, and it being a ddos attack explains a lot.

Both lodestone and mog station needing emergency maintenance?
Instance servers crashing despite SE bottlenecking them? How do you think that happens?
Literally every type of server involved in the game having issues
EU being so congested it needed 2 extra servers, yet NA's got the same queue times afterwards and we're still having way more issues than JP or EU
This being confirmed as the servers are taken down, giving SE the ability to see that access attempts are still being thrown at it despite no logins

etc
etc
etc

Hey, geniuses who are saying "HM well they didn't say it before so gosh clearly somehow that makes it a lie?"

Do YOU have any understanding of how one confirms a ddos attack as opposed to just congestion?

No, guessing not.

People need to step back and realize the limitations of their knowledge instead of rushing to sound smart on a forum.

---

Let us start from the top of this and work our way down.

We just had the official launch of the expansion, the lodestone was having issues with updating character portraits, probably due to new gear not being properly recognized. The mog station? How about all those happy users getting their expansion codes and wanting to register them making the mog stations hits per hour 1000x more than normal and them needing to implement a solution for the extra traffic?

Instance servers crashing? well boy howdy that is actually one of the issues they "fixed" and have JUST now "fixed" again. From the lodestone; "A countermeasure to prevent the system in charge of managing transfers from and to instances, from acting abnormally has been implemented."

Server issues on a new expansion? Don't need a DDoS for that just throw 2-3x more people onto a server than it was really meant to deal with should do just fine :)

EU getting new servers to deal with a population boom? Also I would question you as to when the NA servers have EVER been as reliable as the JP ones or even the EU ones after the EU data center had stabalized

As for what qualifications do I have to judge things, well I am no server admin for sure. I just work for a national company who has systems that do occasionally have people choosing to DDoS us. I get to read the reports and am required to have at least basic knowledge in order to determine whether our IT guys budget requests are valid or not (such as renting additional racks or server space for promotional events or paying someone (well 4 people on that occasion) to implement an offload system to maintain our online services functionality). I get to wade into the "nerd pit" (their words not mine) quite often so while I am not qualified to fix things but I do feel I am more than qualified to have an opinion on it.

Quote:

---

Originally Posted by wicked-one

We had more than "day 1 issues" but that point is, that news-post sounds like "nope, not our fault, totally theirs"...

---

Only "issues" I've seen on Cerberus after the first day have been long login queues at evening when everyone is home and trying to get it, but that much is normal for a launch.

As for the DDoS itself? Could be either way, but I'm not sure why Squenix would lie about it. Not like they have anything to gain doing that.

What you people keep ignoring is that this attack coincided with an expansion release. What is one of the ways you tell there's a DDoS attack on your network? A huge spike in traffic. What's one of the things that an expansion brings? A huge spike in traffic. This is looking for a needle in a haystack.

Quote:

---

Originally Posted by Yurimi

I just work for a national company who has systems that do occasionally have people choosing to DDoS us.

---

Did your company just release a highly anticipated expansion at the time of said DDoS attack? No? Then no you don't have the qualifications to make that argument. That's like saying you can drive a Semi when you drive a VW Bug. I'm not saying that the problems were 100% on a DDoS attack, alot were on SE's account, but I'm also saying 100% of the problems weren't from SE. Ya'll need to stop watching The X Files. Multiple things can happen at the same time.

Quote:

---

Originally Posted by TensaiSogetsu

snip.

---

not to mention in North America, when nearly every time a major title releases a new game, or DLC it gets DDOS'ed, WoW has been targeted durning holiday events, COD gets DDOS'ed nearly every Christmas/yule. If its multiplayer and gets a lot of advertising, the running trend in North America is piss on everyones fun and DDOS it over the last 2 years

You know, one of the saddest things about this topic is those basically calling SE liars for reporting the problems the have experienced as a result of a DDOS attack. With a server based MMORPG that makes extensive use of instances, there are certain key systems that coordinate cross world matching and the transfer of characters from world to instance and back again. DDOS that server and you get what we've seen, do it during a launch and you mask your attack.

But the sad bit is this. Naoki Yoshida has absolutely stepped up to the mark on numerous occasions to accept blame for things that were less than perfect. I don't know about you, but I find his contrition and candor very refreshing and rare in this day and age. If the problems we've seen were their fault, SE, aka Yoshida, would step up and say so. It's sad how so many with no evidence but their own bias doubt and cry "lies" when and explanation is offered.

Grow up people, and learn what it means to carry the can for something. Yoshida would be a good, positive case study.

And what are they going to blame PS4 launcher problem on? You know that major issue where you have to redownload the whole game again. You know the issue they ignored all weekend all long and are just now acknowledging exist. I'm sorry but they really need own up to their mistakes. DDOS attack or not they handle a lot of things poorly with this launch. No excuses.

Pretty easy to blame a third party, seems like an easy out to me. Haven't seen the typical twitter brags that usually come with an attack on this scale, near continuous for 5 days against the infrastructure of a major online network business? Far more popular games have in the past been hit for far less of a period of time. The network issues like all the 90002 disconnects have been happening even at extremely off peak times during this period. In addition, I find it a bit suspect since their original story was,'so sorry, please try again later, working as intended'. Sure its possible, but either way as a business having a series of roadblocks keeping your customers from a satisfactory experience the ball is still in their court to resolve these issues and do right with their player base. In all likelihood sure there was probably some DDoSing, but I continue to doubt that is the sole reason for this bad launch.

Quote:

---

Originally Posted by Elim

I don't think it's a conspiracy or SE lying or whatever mumbo jumbo. I believe that they were dealing with an influx of players from the expansion and random DDoS attacks.

---

Agreed. It's like some people forgot that here in the real world a problem can have more than one contributing factor behind it.

Quote:

---

Originally Posted by Kosmos992k

-snip-

But the sad bit is this. Naoki Yoshida has absolutely stepped up to the mark on numerous occasions to accept blame for things that were less than perfect. I don't know about you, but I find his contrition and candor very refreshing and rare in this day and age. If the problems we've seen were their fault, SE, aka Yoshida, would step up and say so. It's sad how so many with no evidence but their own bias doubt and cry "lies" when and explanation is offered.

Grow up people, and learn what it means to carry the can for something. Yoshida would be a good, positive case study.

---

Im trying to stay out of supporting or denying the claim, but you do make a good point, not to mention they have never passed the blame before. why do it now.

Quote:

---

Originally Posted by birdy_reene

Im trying to stay out of supporting or denying the claim, but you do make a good point, not to mention they have never passed the blame before. why do it now.

---

One distinct possibility for incongruous stories is that I doubt Yoshida has all info and information releases flow through him at all times, he's a busy guy and usually there are other PR entities that handle things in addition to lead devs resulting in one hand moving opposite the other. This can frequently lead to miscues and miscommunications. For example, just last month in world of tanks a NA legal offices put out a press release on an issue for the EU region that was completely contrary to what the EU office had said resulting in a PR debacle. I'm curious to see what further information comes out clarifying/supporting/elaborating on the tech issues and this 'DDoS' issue.

Quote:

---

Originally Posted by Asphexius

One distinct possibility for incongruous stories is that I doubt Yoshida has all info and information releases flow through him at all times, he's a busy guy and usually there are other PR entities that handle things in addition to lead devs resulting in one hand moving opposite the other. This can frequently lead to miscues and miscommunications. For example, just last month in world of tanks a NA legal offices put out a press release on an issue for the EU region that was completely contrary to what the EU office had said resulting in a PR debacle. I'm curious to see what further information comes out clarifying/supporting/elaborating on the tech issues and this 'DDoS' issue.

---

yep good point. I been combing thru some of the websites of major data hubs trying to see if anything has been issues about it, and poking around in the less than desirable places on the net to see if anyone is hinting at who did it too.

Quote:

---

Originally Posted by birdy_reene

yep good point. I been combing thru some of the websites of major data hubs trying to see if anything has been issues about it, and poking around in the less than desirable places on the net to see if anyone is hinting at who did it too.

---

Is Square publicly traded/beholden to a board? I also wonder sometimes with companies because no matter how great and honest a Lead Dev can be, I've seen the CYA (cover your a...) legal/PR departments make some very shifty moves/statements in the past (other companies/games, my experience with SE is pretty limited so I dunno about their past integrity etc). People like to forget sometimes that the almighty bean counters can trump producers/directors/devs sometimes in major corporations. Either way I'd like to see what they do about this going forward because regardless of the reasons getting chain DC'd half the time you enter an instance isn't a good experience.

Well no queue right now
http://i.imgur.com/2tEQNjom.png

Quote:

---

Originally Posted by Asphexius

Is Square publicly traded/beholden to a board? I also wonder sometimes with companies because no matter how great and honest a Lead Dev can be, I've seen the CYA (cover your a...) legal/PR departments make some very shifty moves/statements in the past (other companies/games, my experience with SE is pretty limited so I dunno about their past integrity etc). People like to forget sometimes that the almighty bean counters can trump producers/directors/devs sometimes in major corporations. Either way I'd like to see what they do about this going forward because regardless of the reasons getting chain DC'd half the time you enter an instance isn't a good experience.

---

publically traded

Quote:

---

Originally Posted by RukiaFae

And what are they going to blame PS4 launcher problem on? You know that major issue where you have to redownload the whole game again. You know the issue they ignored all weekend all long and are just now acknowledging exist. I'm sorry but they really need own up to their mistakes. DDOS attack or not they handle a lot of things poorly with this launch. No excuses.

---

Considering the hot fix patch list. Perhaps you can agree to the thought that not all issues were DDoS and not all issues were SE's fault, and not all issues were caused by players alone?

Quote:

---

Originally Posted by TitaniaZero

Considering the hot fix patch list. Perhaps you can agree to the thought that not all issues were DDoS and not all issues were SE's fault, and not all issues were caused by players alone?

---

Can we pick D, all of the above? :P

I think a lot of the backlash here is the fact that the DDoS post made it sound like they are saying this one thing is why there have been issues when its pretty clear its not just one thing. Wording matters. It would have gone over much better if it was more clear that, "hey we had some DDoS contributing to network instability" and acknowledging whatever else is going on/what we improvements we can expect upcoming.

Quote:

---

Originally Posted by Asphexius

Can we pick D, all of the above? :P

I think a lot of the backlash here is the fact that the DDoS post made it sound like they are saying this one thing is why there have been issues when its pretty clear its not just one thing.

---

All of the above is what I'm going for. The DDoS post has been misleading... for those unaware of the maintenance and hot fixes it was aimed for. Its like... well they said it was this... then they said it was that... now they say this other thing. Oh wait... do they mean it all?~ Not one issue but several rather vexing issues that they and us have to endure till its all cleared up. And one set of those is external to it all. *sigh* At least most of the issues can be easily addressed.

Quote:

---

Originally Posted by Asphexius

Can we pick D, all of the above? :P

I think a lot of the backlash here is the fact that the DDoS post made it sound like they are saying this one thing is why there have been issues when its pretty clear its not just one thing. Wording matters. It would have gone over much better if it was more clear that, "hey we had some DDoS contributing to network instability" and acknowledging whatever else is going on/what we improvements we can expect upcoming.

---

Thank you. That perfectly sums up how I feel about the many issues over the last few days.

lucky SE did not get hack like Sony PS3 PSN back in 2011 1 month without online gaming. 1 month without FF14 SE could loss millions subscription and alot money

DDoS attack can be mitigated by countermeasures but it can not be completely prevented.
I hope the criminal will be found soon.

Ive seen alot of Ddos attacks in games, and It makes sense to me, and i do believe them. As i know people who are and expert on pc can check it themselfs somehow i think? (im dont have a full tier Pc, just to clarify). Nonetheless I feel sad for NA players that u have such complications and hope u can soon play

DDoS on top of the launch glitches makes perfect sense to me. Everyone was having problems at first, but it too NA servers a few extra days to get past them.

I don't see any reason not to believe SE on this one either.

Quote:

---

Originally Posted by Asphexius

Wording matters.

---

It does.

Which is why it notes specific dates - namely that these issues are specific to June 16th, June 18th, and June 20th. They are not blaming all of the issues across the entire EA period on the DDoS, and instead making the claim that specific issues faced on those days were caused by a continuous DDoS that has continued since the 16th.

Careful reading of what has been posted also matters.

Quote:

---

Originally Posted by TheLastDream

Did the DDOS build that bottlenecked MSQ instance, How about the huge queues letting 5 people in every 30 seconds. Just own the bad launch and get it fixed don't start blaming fake DDOS attacks...

---

Um..hate to destroy your view on what a DDOS is...but yeah, that's exactly what a DDOS does....even with the MSQ

A DDoS wouldn't be all that surprising. Bear in mind, Square Enix hyped the hell out of Stormblood. That is what attracts the likes of Lizard Squad; notoriety. Considering JP had nowhere near the difficulties NA did, I'm inclined to believe them.

Quote:

---

Originally Posted by TheLastDream

Did the DDOS build that bottlenecked MSQ instance, How about the huge queues letting 5 people in every 30 seconds. Just own the bad launch and get it fixed don't start blaming fake DDOS attacks...

---

Uhh... that's a DDoS attack. Someone literally floods the servers with garbage code at an alarmingly fast pace until it overloads due to congestion. Think of it like this. When you try transferring a lot of files to an USB all at once, it slows down considerably, yes? Imagine if you tried transferring millions at a never ending stream. That's what a DDoS does.

Yeah I'm pretty skeptical about this. Especially since the bulk of the problems were with solo instances and duty finder servers which are ingame mechanisms. If there were DDoS attacks it would take down the entire server in general. They probably experienced DDoS in the last 2-3 days and claimed it was from the beginning to cover their bad game design and awful servers.