DDoS Attack Confirmed

http://na.finalfantasyxiv.com/lodest...c98757b05b88f3

SE, I hope you are able to come up with a method to stop the attacks.

Because you can just flip a switch, right.

Quote:

---

Originally Posted by Vespar

http://na.finalfantasyxiv.com/lodest...c98757b05b88f3

SE, I hope you are able to come up with a method to stop the attacks.

---

The nature of a DDOS attack makes it incredibly difficult to prevent. The only guaranteed way to stop it is to block ALL incoming traffic, but that kills your legit connections too. And then it just starts back up again once the block is lifted.

Time to upgrade your hardware, SE. Good luck

>< Not as easy as you are making it sound. They are clearly doing anything and everything they can to solve this issue.

Quote:

---

Originally Posted by Metabug

Time to upgrade your hardware, SE. Good luck

---

That's not how you fix DDoS attacks. Not at all.

What I don't understand is why anyone would target XIV. The population of the game is not as vast as other games that have been targeted. Can 1 person jaded by square conduct such an attack?

I'm expecting Poetics in my Moogle Box if this takes too long. :<

Don't hold your breath on compensation. That said, awful suspicious that the attacks coincide with the 2.41 launch. I'm thinking it's some script kiddy try-hards who are angry at the easing of Second Coil. Guess they really are butt-hurt over losing their 'precious' exclusivity.

Yup, my bets are on Blizzard too haha

Quote:

---

Originally Posted by SayuriHime

What I don't understand is why anyone would target XIV. The population of the game is not as vast as other games that have been targeted. Can 1 person jaded by square conduct such an attack?

---

There could be a few reasons:

- Political Agenda - SE is Japan-based. In the past, with FFXI, it was due to relations with Korea.
- Possible Blackmail - Unlikely, but it happens. Attacking groups will make demands, and won't stop until they are met.
- Boredom - People like to see what they are capable of. Even though a DDoS attack isn't impressive, it still gets them off.

Probably other reasons, but until someone comes forward or they are able to determine who is behind it, we won't know.

Quote:

---

Originally Posted by Gilraen

Don't hold your breath on compensation. That said, awful suspicious that the attacks coincide with the 2.41 launch. I'm thinking it's some script kiddy try-hards who are angry at the easing of Second Coil. Guess they really are butt-hurt over losing their 'precious' exclusivity.

---

It was going on the day before patch as well.

I kind of suspected this sort of thing has been going on. But I think SE isn't admitting the full length of time this has been going on. You can check back and see several threads of people complaining about getting dropped from instances. Even groups of people doing coil struggling because they keep having half there people drop. I know there's been something unusual going on for a couple months at least. I have a handful of people in my FC that started having strange issues with the game. Getting dropped, lagging/rubber-banding. They've all spent a lot of time and effort to try resolving it on their end to no avail. They even tried WTFast, just out of desperation. This felt so much like that DDoS attack that hit FFXI years and years ago. It just started out small and got bigger and bigger until finally it gets to this point. GL getting it resolved SE, we know you'll get it done. You've been down this road b4, so has just about every successful MMO.

Quote:

---

Originally Posted by Drako

I kind of suspected this sort of thing has been going on. But I think SE isn't admitting the full length of time this has been going on. You can check back and see several threads of people complaining about getting dropped from instances. Even groups of people doing coil struggling because they keep having half there people drop. I know there's been something unusual going on for a couple months at least. I have a handful of people in my FC that started having strange issues with the game. Getting dropped, lagging/rubber-banding. They've all spent a lot of time and effort to try resolving it on their end to no avail.

---

It's entirely unrealistic to think they've been getting DDoS'd for months. Meanwhile there is an exceptional amount of evidence showing that the connections between backbones at level3 have had problems for years even before FFXIV started. Most US users must go through these poor backbone connections before hitting the game serer. Even apps like WTFast are only but so effective at routing around major internet choke points. Especially when there are few viable options to go around it.

Just because people have connection problems doesn't automatically make it a DDoS, or even a server issue. There is a vast and complicated network between the players and the server that causes quite a bit of problems.

Was the NA/EU servers the target of the attack, or the whole Montreal datacenter?

Quote:

---

Originally Posted by SayuriHime

What I don't understand is why anyone would target XIV. The population of the game is not as vast as other games that have been targeted. Can 1 person jaded by square conduct such an attack?

---

It doesn't have to be directed at just FFXIV. Motivations are often not clear until someone steps forward and claims responsibility of a DDoS attack. And yes, one person jaded by square may conduct such an attack. Botnets consisting of hundreds of infected computers may be rented to perform such attacks. There's a relatively big market for these sort of shady practises. Heck, if your own computer isn't protected sufficiently it may even be part of a botnet and be hammering servers. Often without your knowledge.

Quote:

---

Originally Posted by Fornix

It doesn't have to be directed at just FFXIV. Motivations are often not clear until someone steps forward and claims responsibility of a DDoS attack. And yes, one person jaded by square may conduct such an attack. Botnets consisting of hundreds of infected computers may be rented to perform such attacks. There's a relatively big market for these sort of shady practises. Heck, if your own computer isn't protected sufficiently it may even be part of a botnet and be hammering servers. Often without your knowledge.

---

That is horrifying. But wouldn't such an attack be expensive? Especially if you have to rent servers to conduct the attack?

Most likely some butthurt hardcore elitist doing it due to nerfs to second coil. given the timing of the DDoS and the incoming and subsequent nerfing of the coil, that is where I place my bet.

Quote:

---

Originally Posted by SayuriHime

That is horrifying. But wouldn't such an attack be expensive? Especially if you have to rent servers to conduct the attack?

---

You don't rent servers to do something illegal. That's how you get arrested. What they do is bank on the hundreds thousands internet users who don't update their software properly. They spread a virus around that turns those machines into zombies for the botnet. Normally without the owners being aware. Then those servers sit until the owner the net sends out a target up. The only real investment is time.

Quote:

---

Originally Posted by Snugglebutt

Most likely some butthurt hardcore elitist doing it due to nerfs to second coil. given the timing of the DDoS and the incoming and subsequent nerfing of the coil, that is where I place my bet.

---

Come on man. Baseless assumptions like this only serve to propagate prejudices.

I've been suspecting these RMT companies in China or Eastern Europe have their fingerprints all over this. SE coming down on their racket is bound to elicit a reaction like this.

Quote:

---

Originally Posted by Snugglebutt

Most likely some butthurt hardcore elitist doing it due to nerfs to second coil.

---

Why even bother with name calling?

There are groups out there just like Derp that just feel like randomly targeting all types of game servers for attention, nothing more.

FFXIV is a popular current MMO period and that alone makes it a target.

Quote:

---

Originally Posted by Tiggy

That's not how you fix DDoS attacks. Not at all.

---

Ah, but what if they're being DDoSed because someone has gone bonkers dealing with the normal lag/Level3 problems, and they're hoping to goad SE into opening its wallet and getting better equipment/internets? *grouchomarxeyebrowwiggle*

What if's like that serve no purpose other than to make assumptions from assumptions. The fact remains upgrading hardware is not how you fix a ddos. Nor does the level 3 problem reflect on squares hardware.

Considering that WoW was just hit by a DDoS last Thursday, I would put money on it being the same group just shifting targets.

Quote:

---

Originally Posted by ReplicaX

Why even bother with name calling?

There are groups out there just like Derp that just feel like randomly targeting all types of game servers for attention, nothing more.

FFXIV is a popular current MMO period and that alone makes it a target.

---

Timing of the attack is a major factor. Yes attacks can happen anytime but when the attacks happen right after a reasonably large change to one aspect of the game which is closely tied to people well known for having extremely large egos and elitist attitudes it weighs the chance of it being related to that group or more specifically someone within it at a much higher probability.

WoW was just attacked during WoD launch.
On the Age of Wulin FB page, they also announced being under attack (it's owned by Webzen, which also publish Flyff, Rappelz, Sevencore, etc.)

It would not be surprising if other services got DDoS attacked too. It's probably not a coincidence.
I would go with what Ultimatecalibur just said.

Quote:

---

Originally Posted by Ultimatecalibur

Considering that WoW was just hit by a DDoS last Thursday, I would put money on it being the same group just shifting targets.

---

Quote:

---

Originally Posted by Ultimatecalibur

Considering that WoW was just hit by a DDoS last Thursday, I would put money on it being the same group just shifting targets.

---

I don't think so. The DDoS on their servers was probably from someone lashing out due to the many problems their severs had when expansion came out. Someone butthurt probably due to not being able to play while they fixed the issues. This DDoS is (due to the timing) probably someone else who is butthurt over the changes to coil which just happened. I doubt it is a group or one person doing it to both...which is not to say such a scenario is impossible but highly unlikely in my opinion. DDoS canons and other such tools are rented out to individuals so does not require having to be some group with a grand agenda or political agenda by another nations citizens to be the cause of it. Such groups are rare, what is not rare is individuals renting these canons to target servers of companies whom did something they do not like.

Quote:

---

Originally Posted by Tiggy

What if's like that serve no purpose other than to make assumptions from assumptions. The fact remains upgrading hardware is not how you fix a ddos. Nor does the level 3 problem reflect on squares hardware.

---

But what if the DDoS is an inside job done as an allegory for casting Level3 Reflect on SE's hardware, to try and conceal its potentially insufficient capabilities?

There are some ways to defend against DDOS attacks, they're all pretty flimsy band aid like fixes or very costly and still not 100% effective lol. When the attack is large enough at least, you can absolutely defend against smaller attacks and even out buy their attack power - lol sounds like a game, someone should make DDoS the game XD.

Unless there is some serious vendetta by these attackers it would just make sense to have some minor aids (that won't be super effective) and wait it out.

Time to track down the source of every computer from the packets coming in, and sue its owner. People needs to learn to keep his PC safe, without make it a botnet client thanks to the last cracked expensive software he installed for the lulz to use it for free.

Why would anyone want to do that? I don't understand, Its just not nice.

Quote:

---

Originally Posted by Snugglebutt

I don't think so. The DDoS on their servers was probably from someone lashing out due to the many problems their severs had when expansion came out. Someone butthurt probably due to not being able to play while they fixed the issues. This DDoS is (due to the timing) probably someone else who is butthurt over the changes to coil which just happened. I doubt it is a group or one person doing it to both...which is not to say such a scenario is impossible but highly unlikely in my opinion. DDoS canons and other such tools are rented out to individuals so does not require having to be some group with a grand agenda or political agenda by another nations citizens to be the cause of it. Such groups are rare, what is not rare is individuals renting these canons to target servers of companies whom did something they do not like.

---

The DDoS started at the latest on Sunday, 2 days before they announced how they were nerfing SCoB.

Quote:

---

Originally Posted by Snugglebutt

Timing of the attack is a major factor. Yes attacks can happen anytime but when the attacks happen right after a reasonably large change to one aspect of the game which is closely tied to people well known for having extremely large egos and elitist attitudes it weighs the chance of it being related to that group or more specifically someone within it at a much higher probability.

---

You don't even know what you're talking about.. that much is clear. You realize that the game suffered the same issue on Sunday right? Several days before anybody knew about the coil nerfs. You're just pulling conspiracies out of thin air and pretending you have something to base your assumptions on when you in fact have no facts at all.

Quote:

---

Originally Posted by Jinorah

Why would anyone want to do that? I don't understand, Its just not nice.

---

Because there a lot of "not nice" people in the world?

Quote:

---

Originally Posted by Limecat

Ah, but what if they're being DDoSed because someone has gone bonkers dealing with the normal lag/Level3 problems, and they're hoping to goad SE into opening its wallet and getting better equipment/internets? *grouchomarxeyebrowwiggle*

---

Why you blaming ninjas?...
Probably because it is obviously ninjas :s

Quote:

---

Originally Posted by DoctorPepper

You don't even know what you're talking about.. that much is clear. You realize that the game suffered the same issue on Sunday right? Several days before anybody knew about the coil nerfs. You're just pulling conspiracies out of thin air and pretending you have something to base your assumptions on when you in fact have no facts at all.

---

The coil nerfs were known to be coming for quite some time prior to the notification of the patch which it came with. It did not take a genius to work out 2.41 was going to have it. Yes they might not have known what the nerfs would be but they knew when it was coming and since it came out the intensity of the attacks have got worse. In fact the person who started the big whiny thread about second coil nerfs that is currently around 60 pages of whining had pointed out and whined about the upcoming nerfs to the coils 2 days prior to the start of the DDoSing and before knowing what those nerfs were also. Just the principle of it being nerfed was enough for her to whine about it without even knowing what would be. It is not hard to assume that others felt the same way and one of those pre-emtively decided to lash out because of it.

Quote:

---

Originally Posted by Jinorah

Why would anyone want to do that? I don't understand, Its just not nice.

---

Some people enjoy causing other people problems and with the anonymizing properties of the Internet it can be fairly easy to do so and not get caught.

People, we knew about SCoB nerfs for months; ever since they nerfed BCoB. This is how SE pushes progression.

Far more likely culprits are RMTs who lost gold and gil from crackdowns, or industrial espionage paid for by a resentful developer.

Page wont load so just had to hit reply.

I'm being personally ddos'd so they have players ips

Found Syncflood attack from 111.140.32.16 in port 23 => Wed Nov 19 09:06:10 2014

Found Syncflood attack from 114.40.40.178 in port 445 => Wed Nov 19 09:06:10 2014

Found PingDeath attack from 220.168.169.150 in port ICMP => Wed Nov 19 09:06:10 2014

Found Syncflood attack from 218.77.79.43 in port 80 => Wed Nov 19 09:06:10 2014

Found Syncflood attack from 117.216.88.110 in port 445 => Wed Nov 19 09:06:10 2014

Found Syncflood attack from 182.116.241.51 in port 3389 => Wed Nov 19 09:06:10 2014

Found Syncflood attack from 112.85.42.93 in port 9064 => Wed Nov 19 09:06:10 2014

Found Syncflood attack from 195.211.154.179 in port 21320 => Wed Nov 19 09:06:10 2014

Found Syncflood attack from 123.151.42.61 in port 8088 => Wed Nov 19 09:06:10 2014

Quote:

---

Originally Posted by Bucy

Why you blaming ninjas?...
Probably because it is obviously ninjas :s

---

You may be on to something there. It could be a shaped attack that only lets select IP ranges of a few NINs stay logged in, so they can more easily get in-progress runs and only have to wait a few minutes to get a fresh DF group.