Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ubisoft's Authentication Servers Go Down

Posted by kdawson on from the single-point-of-well-you-know dept.

ZuchinniOne writes "With Ubisoft's fantastically awful new DRM you must be online and logged in to their servers to play the games you buy. Not only was this DRM broken the very first day it was released, but now their authentication servers have failed so absolutely that no-one who legally bought their games can play them. 'At around 8am GMT, people began to complain in the Assassin's Creed 2 forum that they couldn't access the Ubisoft servers and were unable to play their games.' One can only hope that this utter failure will help to stem the tide of bad DRM."

35 of 634 comments (clear)

  1. LOL by bertoelcon · · Score: 5, Insightful
    Ha, ha.

    I don't know anything else that should be said here.

    --
    Anything can be found funny, from a certain point of view.
    1. Re:LOL by hairyfeet · · Score: 5, Insightful

      What is sad is I never thought I would see a day when EA would actually look like the better choice, but thanks to Ubisoft they look positively cuddly in comparison. Hey maybe that could be the new EA motto..."EA--Way nicer than Activision and not nearly as douchey as Ubisoft!"

      Seriously though when are these companies gonna wake up and smell the fail? It is really soooo simple: give the customers MORE value for their money and watch them pay, screw them over and watch the piracy shoot up, as this proves yet again that often the pirate version is the better choice. For an example EA got me to shell out $30 for MOH: 10th anniversary, even though I heard Airborne sucked (which it did) and how did they do that? By packing in MOH:Allied Assault with both expansions, along with the Director's Cut of Pacific Assault and an interactive timeline of the pacific war and finally the soundtracks. In other words they gave me MORE for my money, so even though I already had Allied and Pacific I bought it.

      But as long as they waste their time and the shareholder's money on stupid DRM that does exactly jack and squat to stop piracy while screwing over their paying customers we will continue to see the pirate version be actually more useful to the consumer than the retail version. it has gotten to the point I refuse to buy at release anymore, because I can never be sure if their crappy DRM will work with my 64bit OS. So I wait until a game hits the $30 bin before purchase, simply so I can have the No-DVD for the last patch ready to go at install. I used to buy all the big games at release, but this douchebag behavior on the part of the companies making the AAA titles has driven me away.

      Thanks to them it is the $30 bin and GOG all the way. at least with GOG I can back up the installer and don't have to worry about DRM borking my machines. And in this economy bitch slapping your paying customers is a sure way to drive them off, just as I won't be buying any more games from Ubisoft, even though I was looking forward to AC2 and the latest Silent Hunter. Great move Ubisoft, burn all your customers while the pirates laugh their asses off. real smart.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  2. Down or DDoS? by Elgonn · · Score: 5, Interesting

    Down or DDoS? We all know exactly how easy it was going to be for an outsider to screw everyone.

    1. Re:Down or DDoS? by sopssa · · Score: 5, Insightful

      Does it really matter though? If they're using something like this, they should had have hardened and test the system properly. Things like this are completely unacceptable. I would have thought they did as otherwise its going to backfire so good, but it seems stupid people never cease to amaze you.

    2. Re:Down or DDoS? by Opportunist · · Score: 5, Insightful

      It doesn't really matter to the user, does it?

      And before you say "A DDoS wouldn't be UBIsoft's fault": Deliberately and needlessly introducing a single point of failure to your system is patently dumb, and most definitly the fault of the party that introduced it if it fails.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:Down or DDoS? by Dragonslicer · · Score: 5, Insightful

      Deliberately and needlessly introducing a single point of failure to your system is patently dumb

      Quiet! You'll give them ideas.

    4. Re:Down or DDoS? by Opportunist · · Score: 5, Insightful

      Then implementing something that requires your servers to be available 24/7 OR ELSE is patently stupid.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    5. Re:Down or DDoS? by Protonk · · Score: 5, Insightful

      Ok, so please inform us how you would had hardened their systems against the DDoS if there was one.

      Uhhh..... Not have playing the game tied to an online authentication? That might help. I think that's kinda the point.

    6. Re:Down or DDoS? by b4dc0d3r · · Score: 5, Informative

      Would it make you happy if someone were to list every possible high-availability best practice we currently know, and make some inferences about the probable architecture and design of the system, applying each best practice to that aspect of the design? It's not like DDoS or high availability is a new thing, it's been around for quite some time. And you likewise contain no counterargument, just pointing out that there is nothing to argue against. You didn't add anything to the conversation, you proved no point, you certainly did not earn your informative moderation. Not that it matters to an AC. Why the hell am I even typing this? Oh well, here we go.

      The simplest way to prevent DDoS in a situation like this is to have an front-end server (load balanced/clustered) which routes your request to either the authentication system (if your connection hasn't been authenticated) to validate the installation such as checking the license key and verifying whatever else they verify. Or if authenticated it goes to the "simply reply" server. Both of these servers can dynamically update the firewall rules on the front-end, or even before the front-end, if they have something like IPtables accepting input from a specific set of IPs on the intranet-facing rail. The front-end uses these to block any connections which send garbage data or try to re-authenticate using multiple license keys (brute-forcing) or basically try any type of connection other than the two allowed above - initial auth or continued ping. So you have 3 tiers for your IP addresses - initial (send to authentication), authenticated (send to keep-alive) and "other", which simply force-closes the connection, and the front-end redirects as needed. An expiration time of an hour or two should be sufficient, at which time it gets removed from the list and will go to authentication.

      Customer service should be able to manually update the list to unblock you if you have a legitimate key. The only time a person should have to call customer service is if a continued DDoS is going on, and only if the user has a dynamic IP address or the DDoS is using spoofed IP addresses and managed to invalidate your connection. So this isn't an unworkable solution - it's a worst case high-call-volume type scenario, and a company would do everything in its power to keep paying customers working.

      The front-end itself can have several IP addresses in the DNS entry, so you can scale up that part as needed.

      The front-end deals with IP filtering, the second stage does request routing, and a server farm does either auth or ping. It would be trivial to create a list from the front-end so that the hosting provider can filter out the most egregious of offenders before it even hits the Ubisoft network. This is all pretty basic stuff, and most of it comes directly from reading other reports of DDoS and how it was handled.

      At that point the only real problem is IP spoofing from a very large botnet, which would pretty much ruin your day. Even that has its defenses, but much trickier. It's unlikely that they planned for packet-inspection as part of the filtering, but anything that contains unexpected packet contents can be ignored, since you know what the client will be sending. Only a targeted DDoS would be effective then, crafting packets to appear to be legit.

      Software could be optimized, for example if it's a simple database contention issue, or move to a RAID type solution allowing for faster access to the validation keys.

      It's possible you're saying to yourself "Yes, but that won't prevent a DDoS, just mitigate it." I'll go ahead and address that before you post more rhetoric. "There are various techniques to battle against DDoS even on network level." Poster did not claim to completely prevent DDoS, just work around it.

      Having said that, it's impossible to say whether they can use this particular description because we don't know whether they use authentication and keepalive, so the most we can say is either they implemented an unpro

    7. Re:Down or DDoS? by couchslug · · Score: 5, Insightful

      "Then implementing something that requires your servers to be available 24/7 OR ELSE is patently stupid."

      So is buying a game from such a company...

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
  3. DONT WORRY GUYS! by Anonymous Coward · · Score: 5, Funny

    Skid-Row will soon have a fix for this problem. This will also lessen the strain on Ubisoft's servers!

    1. Re:DONT WORRY GUYS! by BeardedChimp · · Score: 5, Funny

      After all in soviet Russia, you own game!

  4. Re:They have the money already by berzerke · · Score: 5, Informative

    ...gamers are still going to play...

    Well, right now it seems only the pirates are still going to play, while those legitimate customers will not. Reminds me of a quote I saw:

    The Arch Demon's mantra has always been they will do it The Arch Demon's way once the pain becomes severe enough. However, it absolutely amazes The Arch Demon how much pain the IDOITS [legitimate customers in this case] can endure.

  5. Re:The DRM is working. by SolidAltar · · Score: 5, Informative

    Actually, the proper term is Digital Restrictions Management.
    DRM only exists to restrict, period. Any use of "Digital Rights Management" is due to marketing.

  6. Re:Hope they learned a lesson by biryokumaru · · Score: 5, Funny

    Stop supporting games with this kind of DRM

    Ubisoft clearly has.

    --
    When you're afraid to download music illegally in your own home, then the terrorists have won!
  7. I already said it by Opportunist · · Score: 5, Insightful

    Can't find it now, but definitly NOW the DRM protection WILL be the discussion topic on the schoolyard. And maybe company lunchrooms too. People who bought the game will ask around, especially their "IT clued" friends what they could do to play what they paid for, and they will be informed about how to get cracks.

    People who never pondered cracking will now be introduced to it. So far they did actually buy their games. Either because they simply didn't know about it or, worse, because they didn't want to go through the hassle and thought that paying 50 bucks is easier, faster and less of a problem than futzing about with cracks and copying this and cracking that and executing this registry tuner and writing that into the registry...

    Now they learn that buying games leads to more futzing, more frustration, more "it doesn't just work" than finding it in P2P and downloading it. Legal copies just lost the only edge they had over cracked ones: Ease of use and "just working".

    Great job, UBIsoft. Just as the software industry finally regained some footing in the battle against copying, you go and aim the bazooka at your (and the industry's) foot.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:I already said it by MartinSchou · · Score: 5, Insightful

      Don't tell your friends to crack the game. Tell them to go to the store and demand their money back.

      The software is fundamentally broken. You haven't gotten what you've paid for. Returns will be a lot more painful for Ubisoft. Pose 90% returned games vs 90% pirated games at a stock holders meeting, and they'd probably prefer 90% pirated, as the 90% returned will be more expensive in the long run.

  8. Re:They have the money already by mjwx · · Score: 5, Insightful

    Why would this stem the awful DRM? They have the money, gamers are still going to play, life moves on.

    Gamers have already paid for the game but you see the issue we have here is that gamers have only paid once for the game. All DRM schemes are about extorting more money out of customers. Whether by killing the 2nd hand market or planned obsolescence they want you to pay to keep playing your games.

    Mark my words, in 12 or 18 months time EA/UBI and so forth will start complaining that keeping these DRM servers online is costing them money, meaning they require more money from existing customers to keep them on line.

    --
    Calling someone a "hater" only means you can not rationally rebut their argument.
  9. Nice response from an Ubisoft rep by TSHTF · · Score: 5, Interesting
    It's worth looking at how a Ubisoft rep replies to a post that gives users information on how to use the now-broken service:

    Please do not post about illegal activities and or downloads.

    The response summarizes the situation appropriately:

    WTF I posted a link to google that shows how to play since UBIcraps servers are down and you call it ILLEGAL activities? RAbble rabble! I will never buy another ubisoft product and I advise you to do the same!

  10. This is a good thing by BeardedChimp · · Score: 5, Interesting

    Several DRM schemes have only involked a reaction in the tech community such as slashdot while the general public carried on not caring.
    This shambles has made it painfully obvious to the masses of the dangers of DRM.
    The 45 page thread is evidence of it and is quickly filling up with hatred. Comments such as "I'll never buy from you again" which usually tend to be hyperbole this time ring true.

    Hopefully the end result of this is that the public won't have a short attention span and make true on their threats of not buying from them again.

  11. Let me just say... by Paintballparrot · · Score: 5, Insightful

    When I saw this story: *laughing for 5 mins* *gasping for air* *laughing for another 2 minutes* wooooooooooooooooooooooooo! ha ha ha

  12. Re:Interesting method... by FauxReal · · Score: 5, Insightful

    First time I've heard of a DDoS attack being used to break DRM...

    It didn't break the DRM, it broke the game.

    --
    Deltron 3030 - Virus (music video)
  13. Re:They have the money already by Toonol · · Score: 5, Insightful

    I think the more likely option is that they'll be taken offline about the time Assassin's Creed 3 is brought to market.

  14. Re:Hope they learned a lesson by DMUTPeregrine · · Score: 5, Funny

    MOD PARENT LEFT

    --
    Not a sentence!
  15. In germany you would now be allowed to crack it... by AlgorithMan · · Score: 5, Interesting

    the german law 69d UrhG allows cracking of software that you legally own and that won't work otherwise...

    --
    The MAFIAA is a bunch of mindless jerks who will be the first up against the wall when the revolution comes
  16. Re:I'm not mad by Floritard · · Score: 5, Insightful

    Maybe they should educate themselves then. Consumer abuse such as DRM is getting by largely because of public ignorance. Even if they have to learn the hard way, ie buying a defective product, they learn nonetheless. If they need to feel burned to start taking notice then I'm glad we have companies like Ubisoft around to burn them.

  17. Re:I'm not mad by SolidAltar · · Score: 5, Insightful

    Now they know better.
    This is the best possible thing that could have happened to them.

  18. Re:Hope they learned a lesson by Dachannien · · Score: 5, Funny

    No, no, you guys have it all wrong - it's MOD PARENT UP UP DOWN DOWN LEFT RIGHT LEFT RIGHT B A START!

    That's the only way to get infinite lives on Slashdot.

  19. Re:Do I smell a class action lawsuit? by Anonymous Coward · · Score: 5, Interesting

    In Germany, EULAs are non-binding if they're not presented before the sale. There's no way to disclaim fitness for the obvious purpose of the program either. Furthermore, if modifications are necessary to make the program work as intended, then such modifications are legal even without the author's consent: Happy cracking. Last but not least, the vendor who sold the defective product must either take it back and refund the price or fix the problem.

    UbiSoft really screwed up.

  20. Few reasons by Sycraft-fu · · Score: 5, Insightful

    1) Gamers may try and return the game. I suppose Ubisoft could refuse to issue refunds but that opens them up to lawsuits. Like it or not, a sold product does have an implied warranty of fitness, meaning that it will work for the purpose you sell it. If it doesn't, customers can get their money back and if you won't give it to them, a court can and will force the issue.

    2) It puts off people who haven't bought the game yet. Not everyone buys a game on the day it comes out. Plenty of people wait a bit. Well, they see this, realize that it is true if the auth servers are down there's no game to be played, and decide "Nah, I'll buy a different game." I mean we do not at all lack for good games these days, people can and will take their money elsewhere.

    3) It can lead to these people refusing to be customers again. Sure you got their money this time, however a business does not live based on selling one product. You need repeat sales. People who get burned by this (or just hear about it) may decide to give Ubisoft products a miss in the future because of it.

    The idea of "Oh well they got their money," is rather short sighted. When businesses operate like that, screwing people over and saying "We already got the money so who cares?" the end result is often the business suffering or going broke in the future.

  21. Reminds me of a story by Weaselmancer · · Score: 5, Funny

    Just because your connection to Verizon is up doesn't mean their connection to some other arbitrary network is working reliably.

    I use Time Warner and a cablemodem.

    One day, my net connect starts getting "spotty". Connect. Disconnect. Repeat all day long. After a couple of days it goes down altogether. I put in the call. Guy comes out and looks at the cable and shows me where a squirrel had been nibbling at it. Replaces the cable bit on the pole, off he goes. Cable goes right back down again. Put in another call. Another guy shows up, twiddles something, gets a good meter reading, and bails. Repeat this for about three months. Last guy finally fixes the problem - a router box upstream was foobaring my entire block's connection. Nobody on my block was getting internet, cable, anything through TWC. Dozens of customers complaining daily and it took them three months to finally figure out "gee the whole block is down, let's go look at the router for this block."

    So a few weeks later, a lady calls me. A customer survey drone wanting to know about my "experience". I tell her how frustrating the whole thing was. How does she conclude the call?

    By asking if I'd consider a package deal to have my telephone run through their modem too.

    This entire planet is mad, you know.

    --
    Weaselmancer
    rediculous.
    1. Re:Reminds me of a story by ae1294 · · Score: 5, Funny

      This entire planet is mad, you know.

      Well yes but mostly harmless.

    2. Re:Reminds me of a story by mikael_j · · Score: 5, Insightful

      The sad part is that it's likely quite a few of these actually have engineering degrees and real problem-solving skills but learned within a few weeks of starting their jobs that thinking for yourself and trying to find solutions that would not only temporarily fix a single customer's problem but also avoid having the problem happen to anyone else is not only not encouraged but downright discouraged, because thinking about things like that is what management is supposed to do.

      This is at least how my experience with working tech support was, a bunch of guys, ~50% of which were engineers or computer scientists, sitting in a room applying the same stupid workarounds all day every day and complaining amongst each other about how they weren't being put to good use.

      /Mikael

      --
      Greylisting is to SMTP as NAT is to IPv4
    3. Re:Reminds me of a story by salparadyse · · Score: 5, Informative

      Not mad - but rather, scripted. Deviate from the script = lose your job. It's the script writers that have killed intelligent responsiveness in the "customer interface department". No longer are people employed because of their knowledge of the subject, but because of their ability to "follow the script". Reminds me of a story of contacting BT's Tech Support on behalf of a friend. I told the woman (in India) what steps I'd tried (all the steps anyone which any person with reasonably high levels of IT literacy would try) and she then took me through scripted steps, all of which I'd already tried, all of which I told her I'd tried, and when none of them worked she said "contact your pc vendor" and hung up. She didn't know ANYTHING about computers, just how to follow the script on the screen. Not technical support at all really.

  22. Send A Message by FSWKU · · Score: 5, Insightful

    Now is the time to send a message to Ubisoft that this sort of intrusive DRM will NOT be tolerated. If the servers had stayed up and people just refused to buy the game, they would have written the poor sales off as being caused by "pirates." Now, you have a chance to prove otherwise. Every single person who bought this game on PC should return it to the store. Yes, most will attempt to deny the returns due to policy, or to exchange with a new copy since that one is perceived as damaged/defective. Do not stand for this. Tell them that yes, it is defective, but ALL copies are defective. Let them know that the software itself works just fine on your computer, and in fact ran EXACTLY the way it was supposed to. However, you are forced to return it because it does not work properly on yours or ANY system, because Ubisoft's servers weren't online to allow you to play a game that you legally purchased and met all the requirements for being able to play.

    Ubisoft won't be able to shrug it off as "piracy" when their sales numbers for this game begin to shrink due to returns and angry retailers. THIS will hit them in the pocketbook more than a simple, dubiously effective boycott. When they are forced to start handing money back because of their failures, that will speak much louder than never having been paid that money to begin with.

    --
    "So after all this, you make my case for me. To end this stalemate, you must die..."