"DDOS" for MONTHS on end with no resolution UNACCEPTABLE

[Archeron]

After wading through this entire thread I have to wonder, just what do people expect Square-Enix to actually do about the DDOS attacks? As far as I know, there's no real way to stop them beyond getting hardware and an ISP that can handle a higher load. And even that doesn't really work, since the attacker can just increase the volume of requests used in the attack.

Does FFXIV suffer from an excessive number of DDOS attacks compared to other MMOs? Why yes, it does. But this isn't because the other companies found some way to prevent DDOS attacks from affecting them. It's because they just aren't being targeted by DDOS attacks as often as FFXIV is. Blizzard-Activision gets hit with DDOS attacks on occasion, which shut down the ability to even log into their games. But it doesn't happen anywhere near as frequently, because something about the FFXIV player base seems to encourage people who preform such attacks.

I don't know, maybe the problem is that players of those other MMOs get jellous of Final Fantasy XIV's success and try to bring the game down? Maybe it's disgruntled players taking their frustrations out on the servers? Maybe it's 4Chan users thinking it's funny? I don't know, and none of the rest of the player base likely does either.

If there was no defense against DDOS *whatsoever* literally every single game service would be taken down and unavailable 24/7. Xbox Live, PSN, Steam, you name it, it would be trashed and taken offline if it were *that* easy.

WoW has been DDOSed, but the difference is, that it was NOT ongoing for months on end. Even while they were embroiled in controversies and the community was absolutely LIVID with them, WoW servers were not being taken down every single night, at the same time, for hours on end, every single day, for months. While everyone seems to be claiming that Square Enix "Can't do anything", or that they are "Defenseless" against such attacks, why is it that every other MMO has been able to handle these problems and minimize their disruptions? I'm no engineer, but SE doesn't deserve the benefit of the doubt when this has been ongoing for a prolonged period of time and there has been minimal communication about what is being done to resolve this issue, if a resolution is even possible in the first place... Which you know they could literally make a post about on the lodestone informing us about what is going on, like any other company would in their position.

I guarantee you nobody is jealous of FFXIV, especially after Dawntrails mixed reception. I'm sure the competition is actually delighted with the turn of events, no DDOS is required when SE launches an expansion that doesn't meet expectations and drives a portion of the community away and into other games.

[Titania40]

From my research, while there are "defenses" against a DDOS attack, they are preformed by the ISP and not a company like SE. Even then, those defenses don't stop said attacks, merely try to mitigate some of the effects. The main defense is how you respond during and after the attack. And if your company isn't even the target of the DDOS, but merely an incidental victim due to your ISP being the actual target? Then there is literally nothing you can do beyond contacting the ISP.

So again, with that in mind... Just what do people expect Square Enix to actually do to stop all DDOS attacks on them and their ISPs?

[Archeron]

From my research, while there are "defenses" against a DDOS attack, they are preformed by the ISP and not a company like SE. Even then, those defenses don't stop said attacks, merely try to mitigate some of the effects. The main defense is how you respond during and after the attack. And if your company isn't even the target of the DDOS, but merely an incidental victim due to your ISP being the actual target? Then there is literally nothing you can do beyond contacting the ISP.

So again, with that in mind... Just what do people expect Square Enix to actually do to stop all DDOS attacks on them and their ISPs?

1. Communicate with their paying customers, whom they are taking $15 a month from, and are providing an inferior, unstable service to, and either tell them "We can't fix it" or give them a timeline as to when a fix may be implemented.
2. If they *can't* do anything about it, Why not just say that? Make a lodestone post. Instead they choose to say nothing, beyond that they are "implementing countermeasures" which only makes them look worse with each passing day when nothing changes.
3. Compensate, or partially compensate everyone who has been affected by the downtimes, and unstable service.

I mean this is just BASIC customer service.

Is it my fault as a paying customer that they can't find a solution to a problem that is affecting their business? No.
Is it my fault as a paying customer that their ISP is being DDOS attacked? No.

Compensation should be owed due to the length of time these disruptions have been going on. I don't care if its because Square is the "Victim" of a DDOS attack, I don't care if its because their servers are imploding, I don't care if the sky is falling and the world is ending, they have an obligation to provide a service to their paying subscribers, and if they fail to provide that, then compensation should be owed, especially given the length of time this has been going on for.

[Loggos]

I don't know if this can somehow help anybody to get a clearer picture what the root cause could be, but: I have been having no problems at all on Light/EU data center so it seems like NA is affected locally?

The odd thing is, when there was that big DDoS attack before Dawntrail, EU servers were affected and we had very unstable or unplayable games too.
So it seems like this time something is different?

[sindriiisgaming]

do you have any ideas? no? well then its best to leave the network stuff to the experts. this is not a process that 1 can just snap away with their fingers, and until somebody has some amazing revolutionary idea to stop it, it shall remain a problem.
it costs the company an insane amount of money to track down and arrest these individuals doing this, some of these people are experienced cyber criminals and may evade being caught for many years. the FBI and secret service regularly employs these people

[AlienDiplomat]

until somebody has some amazing revolutionary idea to stop it, it shall remain a problem.

What about putting sign-on verification in a cloud provider to distribute points of attack and banning any accounts found to be involved in abusive authentication behaviors?

[sindriiisgaming]

What about putting sign-on verification in a cloud provider to distribute points of attack and banning any accounts found to be involved in abusive authentication behaviors?

wouldn't a vpn still get around that

[AlienDiplomat]

wouldn't a vpn still get around that

A VPN only changes YOUR IP and route to the authentication server. By putting authentication in the cloud, there is no single physical server location to target via DDOS. So all using a VPN would accomplish is changing the route and specific entry point on the cloud network that client used to authenticate.

This would vastly multiply the cost of running a bot net capable of any significant disruption as it would need to simultaneously track and attack all points of entry on the cloud.

Further, automatic load balancing on the cloud network would offload further log-in attempts to a bogged network entry point to another route creating a spill-over effect that would dilute any concentrated attack over the larger network. These cloud providers are HUGE. The likelihood of some no-life pimple-faced losers having enough of mommy's credit card to afford to compete with such a provider by running a large enough attack network would be significantly reduced.

EDIT: Also using a VPN to mask your IP doesn't change your SE user account. So banned accounts would remain banned regardless of what IP they tried to use them on.

if the attack isnt directed specifically at SE.. how would that help?

It would eliminate static routes that allow attackers to isolate specific physical network segments to attack as much as it would avoid targeting SE servers. So they wouldn't be able to hit weak points in a physical route knocking out service to entire regions cut off by that failure point. The cloud network would simply offload encrypted authentication requests to another access point on the network and automatically balance the load.

[Havenchild]

A VPN only changes YOUR IP and route to the authentication server. By putting authentication in the cloud, there is no single physical server location to target via DDOS. So all using a VPN would accomplish is changing the route and specific entry point on the cloud network that client used to authenticate.

This would vastly multiply the cost of running a bot net capable of any significant disruption as it would need to simultaneously track and attack all points of entry on the cloud.

Further, automatic load balancing on the cloud network would offload further log-in attempts to a bogged network entry point to another route creating a spill-over effect that would dilute any concentrated attack over the larger network. These cloud providers are HUGE. The likelihood of some no-life pimple-faced losers having enough of mommy's credit card to afford to compete with such a provider by running a large enough attack network would be significantly reduced.

EDIT: Also using a VPN to mask your IP doesn't change your SE user account. So banned accounts would remain banned regardless of what IP they tried to use them on.



It would eliminate static routes that allow attackers to isolate specific physical network segments to attack as much as it would avoid targeting SE servers. So they wouldn't be able to hit weak points in a physical route knocking out service to entire regions cut off by that failure point. The cloud network would simply offload encrypted authentication requests to another access point on the network and automatically balance the load.

You are correct in that this could be a solution mitigated through load balancing in something like AWS.

There are two specific issues though.

1) Going this route will cost SE a fat sum of cash. Likely approaching millions per month to create load balancing for their servers.

2) Queue times go up for everyone on the regular. During a DDOS event, you may even get a complete baloon of the queue ala Endwalker.

A special reasoning -

Cloud delay. Im not entirely sure how authentication works in XIV but if the client somewhere checks in with the server even after you log in (to maintain connection), you will likely create client/mechanic delay every check in as the data now passes through this cloud environment.

Lastly, when there isn't an attack, SE is just bleeding money for no reason. Probably why they haven't bothered going this route. Little gains, roughly the same problems.

[Kes13a]

What about putting sign-on verification in a cloud provider to distribute points of attack and banning any accounts found to be involved in abusive authentication behaviors?

if the attack isnt directed specifically at SE.. how would that help?