DDOS attack

Here we go again - bit of a shame that you cannot plan anything that needs you to stay logged in without wipes...

Quote:

---

Originally Posted by rizzy24

Heavy allegations. Unless you have proof it's not true.

---

That person posts nothing constructive to this thread. Should just ignore them as they have repeatedly shown themselves incapable of posting in good faith.

Quote:

---

Originally Posted by rizzy24

Heavy allegations. Unless you have proof it's not true.

---

https://i.imgur.com/rP4YLqZ.png

Just wondering if we're gonna get any sort of gametime compensation considering how long this has been going on for. I've had to cancel raid nights, missed out on big fish windows and hunts marks, my POTD Solo run file got nuked, and crafts have been lost.

Imagine trying to go for any of the Deep dungeon solo achivements now

I was in the middle of my POTD run on the first day the attacks happened, I had been working on the file slowly between raids for a couple of weeks XD

I like how the most recent DDoS notice didn’t even list the regions lol.

Basically ”Yep, it happened again y’all” xD

Quote:

---

Originally Posted by pandorazellas

Just wondering if we're gonna get any sort of gametime compensation considering how long this has been going on for. I've had to cancel raid nights, missed out on big fish windows and hunts marks, my POTD Solo run file got nuked, and crafts have been lost.

---

Yeah, it's been going on for about a week now. Have had to cancel a ton of events because anything that needs a stable connection goes out the window.

This DDOS is so fucking annoying, holy damn hell.

Crazy how SE is being hit with constant DDoS attacks for a whole week shortly after they screw up payment processing for an entire region of the globe AND one of the most common payment methods.
Not saying it's related for certain, but man, that timing makes you wonder.

Quote:

---

Originally Posted by -Teria-

Crazy how SE is being hit with constant DDoS attacks for a whole week shortly after they screw up payment processing for an entire region of the globe AND one of the most common payment methods.
Not saying it's related for certain, but man, that timing makes you wonder.

---

only thing I'm wondering is how the two could even be linked.

I can imagine some things, like with a Sony title(s).

But some bad actor doing ddosing and the payment system.

If that actually was the case, Person really has a insane case of "Main Character Syndrome" Where they go after people's "Perceived" Indie Company.[In their mind]

Quote:

---

Originally Posted by pandorazellas

Just wondering if we're gonna get any sort of gametime compensation considering how long this has been going on for. I've had to cancel raid nights, missed out on big fish windows and hunts marks, my POTD Solo run file got nuked, and crafts have been lost.

---

They should add some game time compensation, yes, it has been going on for too long and pretty bad for everyone. A ddos is not their fault, but it isn't ours either. It would be a nice gesture.

Quote:

---

Originally Posted by -Teria-

Crazy how SE is being hit with constant DDoS attacks for a whole week shortly after they screw up payment processing for an entire region of the globe AND one of the most common payment methods.
Not saying it's related for certain, but man, that timing makes you wonder.

---

As amusing as the timing is, the issue with this line of thinking is that it's pointless to do a DDoS attack like this for such a reason without claiming ownership of the attack and stating you're doing it for said reason.
There's a 1001 reasons for any botnet to DDoS a large company, a huge amount of reasons that are far more likely/valid than 'some person was frustrated and decided to ruin the fun for everyone else'. So if the attacker wanted to put pressure on Square Enix to solve it, not announcing a targeted motive that Square Enix could bring as pressure to talks with their new payment processor is just stupid, since Square would be infinitely more likely to consider the 1000 other reasons why they'd be getting DDoS'd.

Doubly so when DDoS attacks on this scale can run thousands, if not tens of thousands of dollars, and someone who could pay for it for a week would be 100% financially suave to have alternative means to pay for a subscription in FF14. They'd easily be able to buy an entire account that has dodged all the address issues off an RMT site for what amounts to pennies to them so they could play if they wanted.

It's highly unlikely the attack is someone's personal grudge. It's basically guaranteed to be some larger corporate reason, like demonstrative purposes for potential clients and FF14 just happened to be something they picked since it is one of the bigger MMOs on the market. "Our botnet took down the servers of a huge MMO" is a great headline for a selling point.

Quote:

---

Originally Posted by Daeriion_Aeradiir

It's highly unlikely the attack is someone's personal grudge. It's basically guaranteed to be some larger corporate reason, like demonstrative purposes for potential clients and FF14 just happened to be something they picked since it is one of the bigger MMOs on the market. "Our botnet took down the servers of a huge MMO" is a great headline for a selling point.

---

So far it only caused a lot of mild annoyance so that's not a really great demonstration either.

Quote:

---

Originally Posted by Taliriah

So far it only caused a lot of mild annoyance so that's not a really great demonstration either.

---

This may be intentional on the attacker's end. Hitting the game intermittently is still enough to disrupt and discourage playing content and is cheaper to do. But this would also likely mean that whoever is behind it, knows more about the game than just "it's a big MMO".

Anyone notice that this time and last time were to do with data center maintenance lol. It's gotta be intentional

Quote:

---

Originally Posted by Ravenblade1979

Anyone notice that this time and last time were to do with data center maintenance lol. It's gotta be intentional

---

I believe that while there is some DDoSing going on, it is also a convenient excuse for SE's own mishaps. That isssue we had right after the maintenance where people on the Chaos DC weren't able to log in only with some of our characters can't be caused by DDoS (even though support blamed it on DDoS anyway)

It's slightly bothersome because it's making me miss the late-night fishing boats. :(

Playing on Oceania is fine, but the queue times are tragic.

had two disconnects yesterday other fellow FC members responded that they also got this amount of DC(getting disconnected two times in a row)
must be forum bug i double posted by accident sorry deleting the copy post

Quote:

---

Originally Posted by Taliriah

So far it only caused a lot of mild annoyance

---

Well Deep Dungeon solo is no longer a content because of this :/

This hurts a lot of event holders and casual raiders that do only a few hours a week. It is not a mild annoyance if you value your sub's worth.

Expecting an apology on Thursday live letter. Also, free game time when?

agreed also keep getting error 90002
getting annoying back in queue with 61 others

Quote:

---

Originally Posted by UkcsAlias

For ddos attacks the prices differ massively, and prices arent linear. The heavier the attack, the faster the price goes up. And especialy when they become very heavy, its exponential. The price betweeen the strongest attack and one at half of that is a diffirence of like 500x here. Maintaining large botnets is very expensive.

This is why IPS systems are problematic for ddos attacks long term. Initialy the ddos is cheaper than the defense, but once they scale up, pricing here is quite linear. As long as you can buy a server, you already require a ddos to be significantly stronger to compensate.

Also, if its detected which sources are known to be part, they can be blocked well ahead of the target. It only needs to pass through 1 of the datacenters that are part of a global system to avoid big ddos attacks, and suddenly your attack becomes crippled. And yes, large datacenters do these things because they otherwise would also risk hardware damage when a target is near one of their DCs.

---

This is really interesting! I only heard that it becomes/is expensive but I never imagined something like 500x! Using common sense, it does in a way make sense that maintaining a large amount of compromised devices can also be costly, to my not-tech-savvy brain, I'm guessing it's all about staying one step ahead is that it?

I guess if I had to break it down to my example, a small restaurant (not too many staff/resources) and a large restauranted (well staffed, plenty of resources)...The large one can probably handle the customer rush, but I imagine if this example could be parallel server upgrades, let's say your restaurant/game is functioning quite well as medium and you only expect a 'rush' during expansion releases. I can see why the decision to 'just buy more servers' just to counter DDoS may not be feasible for a business to make? I'm going into this with the assumption that 'just buying new servers' could be considered a waste I guess.

Is that true on the technical side? I'm kinda looking into it from a general business-y standpoint I guess.

I'd like to think if SE would have made some gametime compensations? (I'm personally indifferent, but I think it'd be a nice gesture), paused auto demo (for the time being maybe?), maybe extended the length of certain events, I'd like to think people would be happy? I think some good will might be gained from decisions like this. I don't blame SE for being attacked, it's a good thing that people WANT to play the game and with the expansion approaching I'd think people may be resubbing to catch up and/or prepare for DT.

Also ShB and EW just got a 60% off discount.... Lodestone Sauce for the PC/Mac version.

Looks like it continues today, was afk for a few mins and returned to disconnect error.
I guess any serious content requiring stable connection is out of order today too
Which is bad, because 90 percent of end game content requires dodging things and quick reactions :rolleyes:

Quote:

---

Originally Posted by Rueby

This is really interesting! I only heard that it becomes/is expensive but I never imagined something like 500x! Using common sense, it does in a way make sense that maintaining a large amount of compromised devices can also be costly, to my not-tech-savvy brain, I'm guessing it's all about staying one step ahead is that it?

I guess if I had to break it down to my example, a small restaurant (not too many staff/resources) and a large restauranted (well staffed, plenty of resources)...The large one can probably handle the customer rush, but I imagine if this example could be parallel server upgrades, let's say your restaurant/game is functioning quite well as medium and you only expect a 'rush' during expansion releases. I can see why the decision to 'just buy more servers' just to counter DDoS may not be feasible for a business to make? I'm going into this with the assumption that 'just buying new servers' could be considered a waste I guess.

Is that true on the technical side? I'm kinda looking into it from a general business-y standpoint I guess.

---

That's a flawed analogy for a ddos: the attackers aren't customers, they are just in the way. A better analogy would be: a bunch of people show up in your restaurant but are just standing around, not ordering anything. More staff wouldn't help, because the problem is all those non-customers hindering the staff. And you can't just kick them out, because you first have to talk with them to know if they're an actual customer or just here to be annoying.

10:16 CET chaos - omega, disconnect again, after a big lagspike (Error 90001)
Internet connection is stable

Quote:

---

Originally Posted by Yeol

Expecting an apology on Thursday live letter. Also, free game time when?

---

There is NOTHIGN SE CAN DO ABOUT IT.... its very difficult to ward against DDoS, no company who needs net based services to be online including Apple, Microsoft and any government can fully ward against this, if anyone needs to apoligize it would be you for making that statement.

It is very hard to do anything about it when there is more layers onto as well, other than possible making more password protected doors to be able to access the servers which means a nuisance for player when you have to have 5 different passwords to jump from one login server to another which also would make it even easier for the DDoS losers to do something... like totally blocking off the first gate.

Quote:

---

Originally Posted by Taliriah

That's a flawed analogy for a ddos: the attackers aren't customers, they are just in the way. A better analogy would be: a bunch of people show up in your restaurant but are just standing around, not ordering anything. More staff wouldn't help, because the problem is all those non-customers hindering the staff. And you can't just kick them out, because you first have to talk with them to know if they're an actual customer or just here to be annoying.

---

Hmm I actually thought of them just standing around doing nothing but it felt like it didn't fit? I guess to me the making orders bit helped translate the overloaded servers and how the service is getting affected. But I think you're right in a way! If I imagine a restaurant that can serve let's say 40 people and has a capacity to fit 60 people. Then you suddenly had an influx of 300 people, standing around and disrupting the staff from serving the restaurant's actual customers. Hmm I think maybe that's a better analogy? Maybe?

Hmm I guess I equated the server resources to staff which made more sense to me? But now that I think of it I think your correction makes more sense. To me I'm guessing a combination of 'make the restaurant bigger, hire more chefs/staff' would make them slightly less affected but I think the best way is to stop these 'I'm gonna enter and chill' at the door. I guess this boils down to my limited understanding! Thank you so much for clarifying. It's a really interesting thing, but I'm not tech savvy at all so I need to kinda break things down for my unwrinkly brain.

This got me thinking though that they might need a better and faster log in process in the future. While the attacks are somewhat annoying by getting booted in the game is ok now, imagine what's gonna happen when you not only have like 400 players in front of you but 4000 or even higher like EW release.

They better think of something quickly before dawntrail cause hell will break loose if this happens again during expansion release creating another negative bad press that potentially could have been avoided

Quote:

---

Originally Posted by Rueby

Hmm I actually thought of them just standing around doing nothing but it felt like it didn't fit? I guess to me the making orders bit helped translate the overloaded servers and how the service is getting affected. But I think you're right in a way! If I imagine a restaurant that can serve let's say 40 people and has a capacity to fit 60 people. Then you suddenly had an influx of 300 people, standing around and disrupting the staff from serving the restaurant's actual customers. Hmm I think maybe that's a better analogy? Maybe?

Hmm I guess I equated the server resources to staff which made more sense to me? But now that I think of it I think your correction makes more sense. To me I'm guessing a combination of 'make the restaurant bigger, hire more chefs/staff' would make them slightly less affected but I think the best way is to stop these 'I'm gonna enter and chill' at the door. I guess this boils down to my limited understanding! Thank you so much for clarifying. It's a really interesting thing, but I'm not tech savvy at all so I need to kinda break things down for my unwrinkly brain.

---

Yes, that's kinda the idea. From a purely technical standpoint, you can consider an internet connection as a pipe, and you have data packets coming one after another. You need to read a packet before you can get to the next one. And after reading a packet, you need to see what's in it before you can know if it's a packet from an actual player or some bogus crap sent by a ddoser.

There are ways to mitigate it by detecting and rejecting bogus packets earlier, things like that. But you can never completely fully prevent it. The very properties of the internet that made it so successful (in short: reliability is ensured at the end points and intermediary nodes need only to make a best effort of carrying packets around) means that anyone can send data to anyone else, and it's up to the recipient to sort it out.

Perhaps the best analogy, in the end, would be someone ordering a bunch of pizzas to be delivered at your address.

Quote:

---

Originally Posted by Taliriah

Yes, that's kinda the idea. From a purely technical standpoint, you can consider an internet connection as a pipe, and you have data packets coming one after another. You need to read a packet before you can get to the next one. And after reading a packet, you need to see what's in it before you can know if it's a packet from an actual player or some bogus crap sent by a ddoser.

There are ways to mitigate it by detecting and rejecting bogus packets earlier, things like that. But you can never completely fully prevent it. The very properties of the internet that made it so successful (in short: reliability is ensured at the end points and intermediary nodes need only to make a best effort of carrying packets around) means that anyone can send data to anyone else, and it's up to the recipient to sort it out.

Perhaps the best analogy, in the end, would be someone ordering a bunch of pizzas to be delivered at your address.

---

Ooooo, this makes alot more sense, the pipe thing that is...

Thank you so much for taking the time to respond to me! I think the analogy of someone ordering a bunch of pizzas to be delivered to your address is much easier and maybe I made it abit hard on myself that I tried to break it down in a maybe round about way. I feel like trying to learn more about the issue can help temper expectations abit, so I really appreciate this.

Quote:

---

Originally Posted by Somnolence

Well Deep Dungeon solo is no longer a content because of this :/

---

Good. As someone who has experienced stability issues even before the DDoS and got told by the community it's a me problem, I'm glad more people are affected now. Maybe it will make the devs reconsider this design where you need to stay connected throughout an entire 5-10 hour run.

Quote:

---

Originally Posted by Jessica_VS

Something had better be done about this sort of thing before Dawntrail releases, or the release days will be rough.

---

The release days will be rough regardless, they always are. I'm sure they'll be happy to blame it on DDoS.

Quote:

---

Originally Posted by Taliriah

I believe that while there is some DDoSing going on, it is also a convenient excuse for SE's own mishaps. That isssue we had right after the maintenance where people on the Chaos DC weren't able to log in only with some of our characters can't be caused by DDoS (even though support blamed it on DDoS anyway)

---

They did write a separate notice about that one tho.

Quote:

---

Originally Posted by Rueby

Ooooo, this makes alot more sense, the pipe thing that is...

Thank you so much for taking the time to respond to me! I think the analogy of someone ordering a bunch of pizzas to be delivered to your address is much easier and maybe I made it abit hard on myself that I tried to break it down in a maybe round about way. I feel like trying to learn more about the issue can help temper expectations abit, so I really appreciate this.

---

To go a bit deeper: there are two commonly used methods of DDOS attacks called "layer 4" and "layer 7", referring to the OSI model used to describe the relationship between parts of computer networking. What you think of here would be a "layer 7" attack, while "clogging the pipe" is a "layer 4" attack.

A layer 4 attack exploits the "transport layer", or the protocols that manage network connections. For the pizza analogy, this would be the phone at the pizza parlor. Think of a thousand hijacked phones constantly calling and when they get picked up they just sit there in silence. The "protocol" at the parlor is to open with "Hi, this is pizza place, what would you like to order?" and wait for a response. But these bogus calls aren't answering back, and the parlor will have to sit there for a few moments before hanging up. Since the attack is calling en masse like this, legit customers will just get a busy signal and the parlor can't make pizzas since they aren't receiving orders.

A "layer 7" exploits the "application layer", or the service itself. In this case, the hijacked phones will instead present themselves as customers and place often huge and numerous orders. The point this time is to keep the kitchen so busy with bogus orders that legit ones can't be processed.

Quote:

---

Originally Posted by Sove92

They did write a separate notice about that one tho.

---

Ah. Their reply to my ticket (that I had opened just in case the problem got overlooked, happened to me once on a smaller issue on their end that was affecting multiple players) was "its because of DDoS". Although I can't fully blame them for giving only a cursory look at tickets in these situations

I think things are mostly isolated to JP and EU but NA still has sporadic issues. My entire Unreal party got Sundered last night and came back to about a 300 person queue. Hopefully things clear up soon for JP and EU.

Quote:

---

Originally Posted by Taliriah

Ah. Their reply to my ticket (that I had opened just in case the problem got overlooked, happened to me once on a smaller issue on their end that was affecting multiple players) was "its because of DDoS". Although I can't fully blame them for giving only a cursory look at tickets in these situations

---

Very likely the support staff was not aware of the real cause at the time. While CBU3 has a good track record of notifying about issues and why, the time it takes for that information to reach people still needs some work. Boilerplate text really shouldn't take that long to be sent out (they also appear on JP lodestone 15-30 minutes before other regions, which is the really frustrating part, because that sounds like they need to go through translation for no reason).

Oh wait, I just criticised SE, what's wrong with me? Didn't a certain catgirl here say I only defend them no matter what? /s