In England we are getting hacked and it’s nation wide attacks.. The last few days everyone in the country didn’t have insurance for their cars... Let that sink in

You seem to be pretty knowledgeable, & everything you're saying flows logically. However, I'm a random internet person with no experience on the matter, & I say they're lying because they don't want to do their jobs anymore & are evil & want to make me sad, & that makes me right.

It’s amazing that someone actually can post an intelligent discussion here highlighting actual issues that occur in development. I’m very tired of armchair devs explaining how “simple” it is to fix massive attacks like this. Look at what Activision went through and they were only under attack for a day here and there. People need to grow up and realize that sometimes issues are more complex than they realize. Thanks for trying to educate the masses. The amount of comments suggesting that Bungie is lying is laughable.

You guys act like you are an engineer of some sorts and instantly knows what is happening because you guess some things ... ? 90% if not 100% of the playerbase were abusing the weapon glitch wich was the most gamebreaking glitch ever . In order to make that glitch work you simply had to run some stuff in the background so your pc would have some lag or you just play on an old xbox or a ps4 so you could have lower frame rates , slower connection and all just for a stupid glitch to work . That alone would cause some major server issues cause you are litterally asking for lag for the stupid glitch to work and then everyone was acting like a confused fool when the game was glitching . Now they tried to fix it but the servers are even worse now . The playerbase that abused that glitch during that weekend are the ones to blame , not bungo . Bungo is simply trying to clean up the mess they left behind . By the way if it the servers are really broken because of the weapon glitch then bungo will never admit that it is because of it cause they litterally said have fun with it so that will backfire in their face so a ddos attack would be their best lie at the moment . A ddos attack right after they tried to fix the weapon glitch that is still causing server issues to this day ??? Hahahah ok . Most likely not but ok .

I'm not gonna say anyone is lying, or that Bungie is telling the truth, I will say that the combo of gun guns being immediately followed by the servers just crapping the bed has been one of the funniest things I've ever seen.

[b]This post is wrong.[/b] A) Failed password attempts aren't even how a DDOS works. Infact, it would do nothing. What someone does is runs pings to the servers IP address. Now these are either bloated pings that congest the bandwidth, or garbage pings that the servers cannot actually do anything with. When you use garabge information pings, the connection cannot route it anywhere because it isn't a real request that is coming through, so it essentially takes up so many resources trying to find where it goes, unsuccessful everything it tries to do with it. B) www.CloudFlare.com charges very minimal fee for DDOS mitigation services. Bungie could pay CloudFlare and CloudFlare can take 206 TbpSECOND of bandwidth from attacks. No hacker has the bandwidth to overcome CloudFlare, as CloudFlare has over 300 different buildings full of servers all running full DDOS mitigation stacks. The hacker would have to have access to enough servers and 206 tbps of internet which frankly, just isn't possible without spending millions, possibly billions on server farms and top teir internet connections. C) The reason you used the word "kinda" and sound so unsure that it is even the answer is because you lack confidence in your own post, which is completely wrong. Idk how someone could sit there with a straight face and say wrong password attempts, regardless how many connections are trying at the same time, is how DDOS works. You overload a server with useless information and it exhausts itself trying every possible way to place it somewhere, but it can't, and eventually it times out after utilizing so much of its processing. Hense how lag switches work. They just send useless packets to your router. D) All this stuff about banning vpns and stuff is nonsense. You are just trying to seem like you have a clue what you are talking about and banning vpns isn't even a thing. CloudFlare would be the best option but there is others. [b]Simple fact is Bungie thought they could get away with not paying anyone to protect them to save pennies pretty much. It's called greed and stubbornness. Please stop spitting out nonsense and acting like Bungie has it tough trying to stop DDOS. They cheaped out on DDOS protection when every company pays for it.[/b] So many companies use CloudFlare, they have the billions of dollars to invest in 206 tbps of connections and servers, and then charge you very little to get protection with them. - [b]Source:[/b] 4 Years fixing the Internet in hundreds of different possible ways for the biggest ISP in Western Canada (shaw.ca). Infact, working at Shaw I literally had to work with CloudFlare to fix issues that could go wrong with your email and internet.

DDOS attack to a billion dollar company for a week or longer? Lmao. What a load of Bull💩💩💩💩

It's not DDOS attack 😂😂😂 Who would DDOS a dead 10 year old game? Bungie have just -blam!- up as always, and now lying about it. 😂

If it truly is a DDOS attack like Bungie have said, and not a side effect from them patching the crafting glitch. Would this website, the App and Destiny 1 not also be effected? so far they are all operating without any problems. Im asking because I really don't know, can Destiny 2 be targeted alone without effecting all of Bungie?

[quote]I used to be a front-end web developer and hosted about a hundred websites on my own server. That being said, I wanted to explain what little bit I've learned about the phenomenon. I am by no means an expert though. A DOS attack CAN crash a server completely, but most of the time it doesn't. It studders the server more than anything. Makes it crawl... A simple way to cause a DOS, constantly try to login with the wrong password over and over. This taps the server spiking server resources each time. A single person doing this wouldn't be enough to cause this kind of strain on the server. Unless, they wrote a program to do this with multiple VPS instances on their PC. Fixing a DOS is NOT easy. You need to know where it is coming from. Services like a VPN or Tor mask where it is coming from. Most CACHE services like Cloudflare have most malicious IP's already blocked. I'm sure Bungie is using a service like this. This means the DOS attacks are most likely new, and most likely caused by multiple people using multiple VPS instances on a Server. Sometimes, accidentally a DOS can happen. A site like Light.gg could have a bug in their code that continuously taps Bungie API(thousands of requests per 0.1 seconds). Although, if this were the case, Bungie would be able to identify it quickly and do something about it, like: cut them off, or contact them and ask that they fix it. Odds are this is a coordinated attack by people who are pissed at Bungie about something, or a direct attack by competitor(which Bungie has none) to get you to give up and play their game instead. Or maybe a player hired a malicious company to do it for them. DOS is more complicated that I have explained here. There are alot more variables involved. I'm just trying to keep it simple. BTW, banning VPN's is not the answer either. A VPN IP is not always identifiable. In addition, the ones that are identifiable, you could end up blocking innocent players(hundreds, if not thousands). Not to mention the person can just move IP's and continue the attack. In other words, fixing DOS are hard, unless its one person not on a VPN and using their real IP. EDIT: I think the most likely scenario is that someone or persons hired a nefarious group on the dark web during the funny weapons glitch to stop people from being able to play during this time. However, the attacks didn't start until AFTER the glitch was patched because payment and setup take a little time to do. If this is true, then the person(s) wasted their money. Bottom-line: someone threw a hissy fit... EDIT: some are saying Bungie should have DDOS protection. I would say I'm pretty sure they do. It comes standard with just about all web services nowadays. DOS protection is not 100% effective, just like condoms.[/quote] The feds would be involved with any ddos attack of this magnitude on US soil Yet you hear nada. Really suspect

A nefarious group on the dark web? Seems like a lot of money just to spite a company temporarily. However, I gotta agree with you— this case screams “advanced persistent threat” to me. My only question is, how did they manage to query the Bungie server clusters in this way? It’s not like each of their racks’ IP is public information. Kept under wraps by Xbox Live/PSN authentication layers and certainly a public facing rack for PC connections. But how could they have enumerated and targeted internal servers? I mean, come on! Logging into the game takes a minute, but everyone can do it. Inventories aren’t loading slowly, so the character info server is working just fine. But the moment you try to load something like Crota’s? It’s Currat, Rabbit and Cabbage till the cows come home. It’s just… something [i]reeks[/i] about it. It doesn’t make sense, and this is the first time I’ve heard of a major distributed denial of service attack against Bungie. Is this spurred by an insider threat, maybe? Did somebody leak an interface or webpage that nobody was meant to know about?

I would believe an attack like this could happen, given the right circumstances, yet what i have an Issue with, is bungie came out and explained the issue, and made sure to deflect from "Its not because of our patch/Update" This is Sus, when the servers go super nova, they dont explain squat, but now they are so open? I believe some one in the Programing department messed up, and its entirely on Bungie. Instead of Admitting Fault, they blame DDOS. The timing makes no sense.

Except there is no DDOS (of any significance to justify the current issues), just bad code being deployed to poorly run servers with subpar processes designed by people who have no business doing the level of engineering they are tasked with. Its like bungie hired a bunch of "front-end web developers" when they needed real network engineers and experienced system architects.

Bungies not getting ddossed. They have server issues every single season the past 2 years. They just don't have the qualified people to fix the issue with the servers so they sweep it under the rug. So instead of taking any accountability ever they place the blame on someone else.

Xarcell, I've been in web production & development for several years on an enterprise level, for some the biggest corporations... Your explanation of DDOS a how a connectivity-based company handles it is way too simple, not correct (enough), and small business biased. Large corps absolutely can protect themself from a DDOS. DDOS is the simplest and more annoying type of attack there is. I imagine Sony (parent company) is pissed at Bungie for lack of oversite and not implementing the PROPER resources to prevent and remedy this DDOS. If properly protected, services can be interrupted as you describe in the 1st moments of an attack (8-16 hrs max). From that point on, their cloud service deploys active measures (usually AI/machine learning) that instantly identify DDOS-type traffic and kill it before it reaches Bungie's authentication process. To the end-user, their login process might take a few seconds longer, at most, if logging in from a new machine/IP. But it definitely should be kicking authenticated users off brief period of time; that would be Bungie's poor netcode handling during high traffic [netcode is how the game handles connecting and syncing players to experience the same game session happening on different devices.] But this series of DDOS attacks has been going on for a week. It takes a week to migrate/upgrade their POE login services to a better-protected cloud server vendor. ...And this Bungie has dropped the ball (to cut cost, I'm sure), and takes a big L when compared to other game services that get DDOS'ed but don't go down for a week. There is no acceptable excuse for them (that they've made public so far). --- BTW: Don't expect Bungie to release any technical info about what went wrong & how they corrected their DDOS protection measures, they wouldn't want to give 'bad actors' any hints in finding other vulnerabilities.

[quote]I used to be a front-end web developer and hosted about a hundred websites on my own server. That being said, I wanted to explain what little bit I've learned about the phenomenon. I am by no means an expert though. A DOS attack CAN crash a server completely, but most of the time it doesn't. It studders the server more than anything. Makes it crawl... A simple way to cause a DOS, constantly try to login with the wrong password over and over. This taps the server spiking server resources each time. A single person doing this wouldn't be enough to cause this kind of strain on the server. Unless, they wrote a program to do this with multiple VPS instances on their PC. Fixing a DOS is NOT easy. You need to know where it is coming from. Services like a VPN or Tor mask where it is coming from. Most CACHE services like Cloudflare have most malicious IP's already blocked. I'm sure Bungie is using a service like this. This means the DOS attacks are most likely new, and most likely caused by multiple people using multiple VPS instances on a Server. Sometimes, accidentally a DOS can happen. A site like Light.gg could have a bug in their code that continuously taps Bungie API(thousands of requests per 0.1 seconds). Although, if this were the case, Bungie would be able to identify it quickly and do something about it, like: cut them off, or contact them and ask that they fix it. Odds are this is a coordinated attack by people who are pissed at Bungie about something, or a direct attack by competitor(which Bungie has none) to get you to give up and play their game instead. Or maybe a player hired a malicious company to do it for them. DOS is more complicated that I have explained here. There are alot more variables involved. I'm just trying to keep it simple. BTW, banning VPN's is not the answer either. A VPN IP is not always identifiable. In addition, the ones that are identifiable, you could end up blocking innocent players(hundreds, if not thousands). Not to mention the person can just move IP's and continue the attack. In other words, fixing DOS are hard, unless its one person not on a VPN and using their real IP. EDIT: I think the most likely scenario is that someone or persons hired a nefarious group on the dark web during the funny weapons glitch to stop people from being able to play during this time. However, the attacks didn't start until AFTER the glitch was patched because payment and setup take a little time to do. If this is true, then the person(s) wasted their money. Bottom-line: someone threw a hissy fit... EDIT: some are saying Bungie should have DDOS protection. I would say I'm pretty sure they do. It comes standard with just about all web services nowadays. DOS protection is not 100% effective, just like condoms.[/quote] When i was a child i learned about ddos stuff. Our group shut down a game developers service for weeks. Because the dev let their own group use hacks to win the alienware pc competition. What we did.... We logged into the game server ip using telnet servers. From there we could see everyones names and ips listed Then we made clones of that server... and duplicated all instances with other fake players to make the server stay full. We would fill the server faster than it could dump players... Then there was also port stuffing.... since we could see the ip of all people connected, we could attack the port used to connect them to the game.. for instant disconnect. These people are using similar old school warez tactics.