Ubisoft's Authentication Servers Go Down 634
ZuchinniOne writes "With Ubisoft's fantastically awful new DRM you must be online and logged in to their servers to play the games you buy. Not only was this DRM broken the very first day it was released, but now their authentication servers have failed so absolutely that no-one who legally bought their games can play them. 'At around 8am GMT, people began to complain in the Assassin's Creed 2 forum that they couldn't access the Ubisoft servers and were unable to play their games.' One can only hope that this utter failure will help to stem the tide of bad DRM."
Re:They have the money already (Score:5, Informative)
Well, right now it seems only the pirates are still going to play, while those legitimate customers will not. Reminds me of a quote I saw:
The Arch Demon's mantra has always been they will do it The Arch Demon's way once the pain becomes severe enough. However, it absolutely amazes The Arch Demon how much pain the IDOITS [legitimate customers in this case] can endure.
Re:The DRM is working. (Score:5, Informative)
Actually, the proper term is Digital Restrictions Management.
DRM only exists to restrict, period. Any use of "Digital Rights Management" is due to marketing.
Re:Awful Anti-Pirate Systems That Will Probably Wo (Score:3, Informative)
The guy behind mIRC did this, and I still remember reading an interview with some guy probably years after the first release where he was one of the early people who had actually paid for it assuming that he had to. He was like number 10+ or something such.
So yeah, works great having people pay if they like the product, or not ..
Re:The DRM is working. (Score:3, Informative)
Re:Down or DDoS? (Score:2, Informative)
There are various techniques to battle against DDoS even on network level. But as we know nothing about their systems, it's quite impossible to say anything towards that matter. Maybe it's network, maybe it's software, maybe it's hardware. But if they go for a system like this, they have to do it properly. These things shouldn't be run off someones basement with an old P3. I bet theres been a lot of DDoS and other kind of attacks against Google, Microsoft, Slashdot, even any kind of smaller site or IRC network and they cope with it well. Unless you can sustain the same amount of service level, then you just won't do it.
Re:Down or DDoS? (Score:5, Informative)
Hey, remind me of something: what are you talking about? It's not like network administrators have a magic "prevent DDOS" button.
DDOS's can take a couple hours to be noticed and a couple more to fix, and that's if it's something simple. They come in a variety of shapes and forms. If it's more complex, it won't be as easy as just turning off a port or access to something or IP filtering.
As an example, did you ever think that it's entirely possible that ubisoft DDOS'd themselves with their connection checking?
Re:DONT WORRY GUYS! (Score:4, Informative)
Re:They have the money already (Score:5, Informative)
EA would never [slashdot.org] do that!
Re:In germany you would now be allowed to crack it (Score:1, Informative)
Correct. You also have a claim against the vendor (the store where you bought it, not Ubisoft) because the product is defective.
Re:Awful Anti-Pirate Systems That Will Probably Wo (Score:4, Informative)
Re:Down or DDoS? (Score:5, Informative)
Would it make you happy if someone were to list every possible high-availability best practice we currently know, and make some inferences about the probable architecture and design of the system, applying each best practice to that aspect of the design? It's not like DDoS or high availability is a new thing, it's been around for quite some time. And you likewise contain no counterargument, just pointing out that there is nothing to argue against. You didn't add anything to the conversation, you proved no point, you certainly did not earn your informative moderation. Not that it matters to an AC. Why the hell am I even typing this? Oh well, here we go.
The simplest way to prevent DDoS in a situation like this is to have an front-end server (load balanced/clustered) which routes your request to either the authentication system (if your connection hasn't been authenticated) to validate the installation such as checking the license key and verifying whatever else they verify. Or if authenticated it goes to the "simply reply" server. Both of these servers can dynamically update the firewall rules on the front-end, or even before the front-end, if they have something like IPtables accepting input from a specific set of IPs on the intranet-facing rail. The front-end uses these to block any connections which send garbage data or try to re-authenticate using multiple license keys (brute-forcing) or basically try any type of connection other than the two allowed above - initial auth or continued ping. So you have 3 tiers for your IP addresses - initial (send to authentication), authenticated (send to keep-alive) and "other", which simply force-closes the connection, and the front-end redirects as needed. An expiration time of an hour or two should be sufficient, at which time it gets removed from the list and will go to authentication.
Customer service should be able to manually update the list to unblock you if you have a legitimate key. The only time a person should have to call customer service is if a continued DDoS is going on, and only if the user has a dynamic IP address or the DDoS is using spoofed IP addresses and managed to invalidate your connection. So this isn't an unworkable solution - it's a worst case high-call-volume type scenario, and a company would do everything in its power to keep paying customers working.
The front-end itself can have several IP addresses in the DNS entry, so you can scale up that part as needed.
The front-end deals with IP filtering, the second stage does request routing, and a server farm does either auth or ping. It would be trivial to create a list from the front-end so that the hosting provider can filter out the most egregious of offenders before it even hits the Ubisoft network. This is all pretty basic stuff, and most of it comes directly from reading other reports of DDoS and how it was handled.
At that point the only real problem is IP spoofing from a very large botnet, which would pretty much ruin your day. Even that has its defenses, but much trickier. It's unlikely that they planned for packet-inspection as part of the filtering, but anything that contains unexpected packet contents can be ignored, since you know what the client will be sending. Only a targeted DDoS would be effective then, crafting packets to appear to be legit.
Software could be optimized, for example if it's a simple database contention issue, or move to a RAID type solution allowing for faster access to the validation keys.
It's possible you're saying to yourself "Yes, but that won't prevent a DDoS, just mitigate it." I'll go ahead and address that before you post more rhetoric. "There are various techniques to battle against DDoS even on network level." Poster did not claim to completely prevent DDoS, just work around it.
Having said that, it's impossible to say whether they can use this particular description because we don't know whether they use authentication and keepalive, so the most we can say is either they implemented an unpro
Re:I already said it (Score:2, Informative)
Everyone in my country has modded xboxes and PS3s. It's not as difficult as you make out. You just pay a little extra to get it chipped and if it ever breaks you just take it back to the shop, no problems. You can get it done anywhere, even the shopping mall sells pirated console games.
So what about online play right? Simple, everyone owns another console for that. You think that consoles are more secure but they're just as much of a joke (if not more so because of their popularity with pirates here).
Re:I already said it (Score:3, Informative)
Except in North America (and probably other places), you Cannot return open software. They absolutely won't take it. And if you bitch long enough to actually wear the poor clerk down to the point where they do take it, the store will simply write it off. They won't send it back to Ubisoft.
Re:Down or DDoS? (Score:3, Informative)
There are also companies that provide "DDoS-resistant" hosting. The Church of Scientology switched over to such a host after their site got horribly steamrolled.
Re:Reminds me of a story (Score:5, Informative)
Re:It wouldn't be so bad in my life (I think?) (Score:3, Informative)
But here goes: I don't think this DRM would be a huge problem in my life*.
[(*) Assuming it worked "correctly"--i.e. the Ubisoft servers were never down [...]
RTFA dude. In fact, just read the *title* and you will learn that this is not a hypothetical discussion - the Ubisoft servers ARE down.
Re:LOL (Score:1, Informative)
Ubisoft forums are now down. The thread discussing the DRM issue here:
http://forums.ubi.com/eve/forums/a/tpc/f/4721051016/m/7481010838/p/1
Forums not working...