"DDOS" for MONTHS on end with no resolution UNACCEPTABLE

[sindriiisgaming]

do you have any ideas? no? well then its best to leave the network stuff to the experts. this is not a process that 1 can just snap away with their fingers, and until somebody has some amazing revolutionary idea to stop it, it shall remain a problem.
it costs the company an insane amount of money to track down and arrest these individuals doing this, some of these people are experienced cyber criminals and may evade being caught for many years. the FBI and secret service regularly employs these people

[AlienDiplomat]

until somebody has some amazing revolutionary idea to stop it, it shall remain a problem.

What about putting sign-on verification in a cloud provider to distribute points of attack and banning any accounts found to be involved in abusive authentication behaviors?

[sindriiisgaming]

What about putting sign-on verification in a cloud provider to distribute points of attack and banning any accounts found to be involved in abusive authentication behaviors?

wouldn't a vpn still get around that

[Kes13a]

What about putting sign-on verification in a cloud provider to distribute points of attack and banning any accounts found to be involved in abusive authentication behaviors?

if the attack isnt directed specifically at SE.. how would that help?

[AlienDiplomat]

wouldn't a vpn still get around that

A VPN only changes YOUR IP and route to the authentication server. By putting authentication in the cloud, there is no single physical server location to target via DDOS. So all using a VPN would accomplish is changing the route and specific entry point on the cloud network that client used to authenticate.

This would vastly multiply the cost of running a bot net capable of any significant disruption as it would need to simultaneously track and attack all points of entry on the cloud.

Further, automatic load balancing on the cloud network would offload further log-in attempts to a bogged network entry point to another route creating a spill-over effect that would dilute any concentrated attack over the larger network. These cloud providers are HUGE. The likelihood of some no-life pimple-faced losers having enough of mommy's credit card to afford to compete with such a provider by running a large enough attack network would be significantly reduced.

EDIT: Also using a VPN to mask your IP doesn't change your SE user account. So banned accounts would remain banned regardless of what IP they tried to use them on.

if the attack isnt directed specifically at SE.. how would that help?

It would eliminate static routes that allow attackers to isolate specific physical network segments to attack as much as it would avoid targeting SE servers. So they wouldn't be able to hit weak points in a physical route knocking out service to entire regions cut off by that failure point. The cloud network would simply offload encrypted authentication requests to another access point on the network and automatically balance the load.

[Titania40]

What about putting sign-on verification in a cloud provider to distribute points of attack and banning any accounts found to be involved in abusive authentication behaviors?

You think nobody's tried anything like that ever before? Part of the problem is that simply determining the vector of the attack and who's preforming it is difficult at best, from what I can find. Companies have been trying (and failing) to find a way to entirely stop DOS and DDOS attacks since the publicly accessed internet first came about. Hell, 4Chan apparently has communities which created specific tools such as their infamous "orbital laser" that allow any of their users to preform DDOS attacks any time they want with just the press of a button. There is no magic bullet that'll fix the problem.

[AlienDiplomat]

Part of the problem is that simply determining the vector of the attack and who's preforming it is difficult at best, from what I can find.

That is why the focus shouldn't be on trying to track back the source of the attack, but instead on mitigating the effect of any such attack. Companies should forget about trying to track down the culprits. Leave that to law enforcement entities. Instead, distributing load over a cloud network run by a super-provider with automatic route/load balancing would prevent any attack having major impacts on the service, which would eventually eliminate the incentive for losers to continue trying to inflate their flaccid ego by spending money to run fruitless attacks moving forward.

That combined with permanently banning any accounts found to be involved in abusive authentication behaviors would avoid needing to take more drastic measures, like SE needing to spend ridiculous amounts of money multiplying their own server infrastructure, or eliminating free trial accounts altogether.

[sindriiisgaming]

That is why the focus shouldn't be on trying to track back the source of the attack, but instead on mitigating the effect of any such attack. Companies should forget about trying to track down the culprits. Leave that to law enforcement entities. Instead, distributing load over a cloud network run by a super-provider with automatic route/load balancing would prevent any attack having major impacts on the service, which would eventually eliminate the incentive for losers to continue trying to inflate their flaccid ego by spending money to run fruitless attacks moving forward.

That combined with permanently banning any accounts found to be involved in abusive authentication behaviors would avoid needing to take more drastic measures, like SE needing to spend ridiculous amounts of money multiplying their own server infrastructure, or eliminating free trial accounts altogether.

this is just not smart. you should always try to track the source, because removing the individuals doing this, removes the problem, not only that but they are criminals and need to be trialed as such, we dont know what other major crime they are part of.
cyber criminals can evolve and evade top tier software. you must remove the criminal

can i just add to this

permanently banning any accounts

you have surley got to be joking right? if you get caught ddossing a company a perma banned account is the LEAST of your worries

[Mapleine]

I've just accepted that I can't play between 10 and 11 PM at the moment.

[hynaku]

Offline version of a MMO... you do realisze that a MMO client is only one part of the game right?
Private servers : you mean thoses scam were the "admins" ask for donation to keep the server running on highly bugged version with not even half of the content, then suddently close the servers and disapear with the money?

Thoses two option are just no.... Playing a MMo like a solo game or with only 10 person on an entire server.... It's just.... Well, you know.

I guess you never played one before. Look up Guild Wars 1 and Phantasy Star games.