"DDOS" for MONTHS on end with no resolution UNACCEPTABLE

[AlienDiplomat]

until somebody has some amazing revolutionary idea to stop it, it shall remain a problem.

What about putting sign-on verification in a cloud provider to distribute points of attack and banning any accounts found to be involved in abusive authentication behaviors?

[sindriiisgaming]

What about putting sign-on verification in a cloud provider to distribute points of attack and banning any accounts found to be involved in abusive authentication behaviors?

wouldn't a vpn still get around that

[AlienDiplomat]

wouldn't a vpn still get around that

A VPN only changes YOUR IP and route to the authentication server. By putting authentication in the cloud, there is no single physical server location to target via DDOS. So all using a VPN would accomplish is changing the route and specific entry point on the cloud network that client used to authenticate.

This would vastly multiply the cost of running a bot net capable of any significant disruption as it would need to simultaneously track and attack all points of entry on the cloud.

Further, automatic load balancing on the cloud network would offload further log-in attempts to a bogged network entry point to another route creating a spill-over effect that would dilute any concentrated attack over the larger network. These cloud providers are HUGE. The likelihood of some no-life pimple-faced losers having enough of mommy's credit card to afford to compete with such a provider by running a large enough attack network would be significantly reduced.

EDIT: Also using a VPN to mask your IP doesn't change your SE user account. So banned accounts would remain banned regardless of what IP they tried to use them on.

if the attack isnt directed specifically at SE.. how would that help?

It would eliminate static routes that allow attackers to isolate specific physical network segments to attack as much as it would avoid targeting SE servers. So they wouldn't be able to hit weak points in a physical route knocking out service to entire regions cut off by that failure point. The cloud network would simply offload encrypted authentication requests to another access point on the network and automatically balance the load.

[Havenchild]

A VPN only changes YOUR IP and route to the authentication server. By putting authentication in the cloud, there is no single physical server location to target via DDOS. So all using a VPN would accomplish is changing the route and specific entry point on the cloud network that client used to authenticate.

This would vastly multiply the cost of running a bot net capable of any significant disruption as it would need to simultaneously track and attack all points of entry on the cloud.

Further, automatic load balancing on the cloud network would offload further log-in attempts to a bogged network entry point to another route creating a spill-over effect that would dilute any concentrated attack over the larger network. These cloud providers are HUGE. The likelihood of some no-life pimple-faced losers having enough of mommy's credit card to afford to compete with such a provider by running a large enough attack network would be significantly reduced.

EDIT: Also using a VPN to mask your IP doesn't change your SE user account. So banned accounts would remain banned regardless of what IP they tried to use them on.



It would eliminate static routes that allow attackers to isolate specific physical network segments to attack as much as it would avoid targeting SE servers. So they wouldn't be able to hit weak points in a physical route knocking out service to entire regions cut off by that failure point. The cloud network would simply offload encrypted authentication requests to another access point on the network and automatically balance the load.

You are correct in that this could be a solution mitigated through load balancing in something like AWS.

There are two specific issues though.

1) Going this route will cost SE a fat sum of cash. Likely approaching millions per month to create load balancing for their servers.

2) Queue times go up for everyone on the regular. During a DDOS event, you may even get a complete baloon of the queue ala Endwalker.

A special reasoning -

Cloud delay. Im not entirely sure how authentication works in XIV but if the client somewhere checks in with the server even after you log in (to maintain connection), you will likely create client/mechanic delay every check in as the data now passes through this cloud environment.

Lastly, when there isn't an attack, SE is just bleeding money for no reason. Probably why they haven't bothered going this route. Little gains, roughly the same problems.

[Arzalis]

You are correct in that this could be a solution mitigated through load balancing in something like AWS.

There are two specific issues though.

1) Going this route will cost SE a fat sum of cash. Likely approaching millions per month to create load balancing for their servers.

2) Queue times go up for everyone on the regular. During a DDOS event, you may even get a complete baloon of the queue ala Endwalker.

A special reasoning -

Cloud delay. Im not entirely sure how authentication works in XIV but if the client somewhere checks in with the server even after you log in (to maintain connection), you will likely create client/mechanic delay every check in as the data now passes through this cloud environment.

Lastly, when there isn't an attack, SE is just bleeding money for no reason. Probably why they haven't bothered going this route. Little gains, roughly the same problems.

Something like FFXIV would still have a point of failure somewhere along the way. If it's not the game servers, it'd be the auth servers. If it's not the auth servers, they can hit the node one jump before which SE would have no control over. A targeted DDOS attack is pretty much impossible to prevent. They've been problems for ages and nobody really has a solution for a reason. They basically exploit a flaw in the entire internet and networking as a whole.

The best solution we've gotten so far is stuff like Cloudflare which, and I'm simplifying, basically hides your actual IP address and forwards traffic from their servers. If it gets DDoSed, they swap servers to mitigate the attack. That doesn't work for games because it introduces a ton of latency.

[Kiyumi]

While there's no reason to get dramatic about every little thing, this problem has gone on too long and too hugely.

SE isn't some indie company without options - it's a massive corporation of sufficient size and weight to make any network deals they want and afford any infrastructure that can be done. They don't make less money from FF14 than the MMO's who do manage to shut this sort of thing down way better, they make far, far more.

Being DDoS'd because of some mistakes can happen. But this long? This persistently? Sorry, but they're doing something wrong. You can fix it with the cloud, with clever deals, with active teams reaching out, with stronger infrastructural failsaves, there's many routes, and you can combine them.

But very clearly, they're not doing enough. They have no reason to be doing worse at this than everyone else is, yet they are. It's a failure on their end, and at this point they owe us an apology, an explanation and a solution.

Please stop defending the corporation making hundreds of millions from this game, they don't need your defense, they need to understand they can't allow this to keep happening.

(honestly, same for the VISA issue. Sure, it was a third party, but who struck that deal? Who struck that deal without making sure they have clauses and fallback options for the transition? SE is not being professional about this right now, at all.)

[Valkyrie_Lenneth]

While there's no reason to get dramatic about every little thing, this problem has gone on too long and too hugely.

SE isn't some indie company without options - it's a massive corporation of sufficient size and weight to make any network deals they want and afford any infrastructure that can be done. They don't make less money from FF14 than the MMO's who do manage to shut this sort of thing down way better, they make far, far more.

Being DDoS'd because of some mistakes can happen. But this long? This persistently? Sorry, but they're doing something wrong. You can fix it with the cloud, with clever deals, with active teams reaching out, with stronger infrastructural failsaves, there's many routes, and you can combine them.

But very clearly, they're not doing enough. They have no reason to be doing worse at this than everyone else is, yet they are. It's a failure on their end, and at this point they owe us an apology, an explanation and a solution.

Please stop defending the corporation making hundreds of millions from this game, they don't need your defense, they need to understand they can't allow this to keep happening.

(honestly, same for the VISA issue. Sure, it was a third party, but who struck that deal? Who struck that deal without making sure they have clauses and fallback options for the transition? SE is not being professional about this right now, at all.)

The government can barely make isps move and you think a relatively small company (in the grand scheme of things) can do anything?

[Kes13a]

What about putting sign-on verification in a cloud provider to distribute points of attack and banning any accounts found to be involved in abusive authentication behaviors?

if the attack isnt directed specifically at SE.. how would that help?

[Titania40]

What about putting sign-on verification in a cloud provider to distribute points of attack and banning any accounts found to be involved in abusive authentication behaviors?

You think nobody's tried anything like that ever before? Part of the problem is that simply determining the vector of the attack and who's preforming it is difficult at best, from what I can find. Companies have been trying (and failing) to find a way to entirely stop DOS and DDOS attacks since the publicly accessed internet first came about. Hell, 4Chan apparently has communities which created specific tools such as their infamous "orbital laser" that allow any of their users to preform DDOS attacks any time they want with just the press of a button. There is no magic bullet that'll fix the problem.

[AlienDiplomat]

Part of the problem is that simply determining the vector of the attack and who's preforming it is difficult at best, from what I can find.

That is why the focus shouldn't be on trying to track back the source of the attack, but instead on mitigating the effect of any such attack. Companies should forget about trying to track down the culprits. Leave that to law enforcement entities. Instead, distributing load over a cloud network run by a super-provider with automatic route/load balancing would prevent any attack having major impacts on the service, which would eventually eliminate the incentive for losers to continue trying to inflate their flaccid ego by spending money to run fruitless attacks moving forward.

That combined with permanently banning any accounts found to be involved in abusive authentication behaviors would avoid needing to take more drastic measures, like SE needing to spend ridiculous amounts of money multiplying their own server infrastructure, or eliminating free trial accounts altogether.