Jump to content
Sports Interactive Community

SEGA & Sports Interactive explain authentication problems with Football Manager™ 2009

Matt ex SEGA

Recommended Posts

Matt ex SEGA

Matt ex SEGA

Posted
Posted

SEGA and Sports Interactive explain authentication problems with Football Manager™ 2009

After prolonged issues with pre-release piracy, this year SEGA and Sports Interactive decided to implement a new copy protection system for Football Manager 2009. The incorporation of Uniloc's copy protection system for the game has unfortunately caused a number of unexpected difficulties which SEGA would like to explain to any customers who may have experienced problems authenticating their copy of Football Manager 2009 since it launched on Friday November 14th.

The first problem was that the printing of the keycodes on the in-game manuals. The choice of font meant that some customers were unable to decipher their authentication keycode correctly due to some of the different characters in the keycode looking very similar. On realising this on the Thursday evening, SEGA worked closely with the team at Uniloc to update code on the authentication servers to work around the problem. This situation does not affect customers in Australia and America where the keycodes were printed without any issues.

The authentication servers then suffered a distributed denial of service (DDoS) attack from an external party which significantly delayed the distribution of the solution for several hours. The knock-on effect of the DDoS attack subsequently necessitated that the phone line keycode activation, which also runs through the online authentication servers, had to be suspended so that the online authentication servers could be prioritised. Since this time the individual phone lines have been under constant DDoS attack. Unfortunately this means that some customers are still experiencing difficulties authenticating their copy of the game via phone activation, although the online server authentication is currently working as it should be.

SEGA would like to stress that while there are still some problems being experienced with customers trying to authenticate their game via phone, everything is being done to ensure that this is resolved as soon as possible. SEGA and Sports Interactive take pride in producing the very best Football Manager year on year, and regret that this unfortunate situation has arisen. SEGA and Sports Interactive would like to unequivocally apologise to any customers who have experienced difficulties in authenticating their game, restate their desire to solve every issue encountered in the process, and enable all customers to be able to play and enjoy Football Manager 2009.

Despite the issues that some users faced at the weekend, and since its launch on Friday, Football Manager 2009 has authenticated over 200,000 copies globally, but all at SEGA and Sports Interactive are determined for the small amount of people who are still having issues to be up and running as soon as possible. For those who are still experiencing problems, please do contact our Customer Services department at www.sega-europe.com/support, or visit our game forums at http://community.sigames.com/showthread.php?t=63556 where a FAQ is available for those still having issues.

Statement ends.

This is posted on behalf of SEGA and SI - this would have been posted by Miles had he not been on a plane at this moment.

Link to post
Share on other sites
  • Replies 428
  • Created
  • Last Reply
Wacks07

Wacks07

Posted
Posted
SEGA and Sports Interactive explain authentication problems with Football Manager™ 2009

After prolonged issues with pre-release piracy, this year SEGA and Sports Interactive decided to implement a new copy protection system for Football Manager 2009. The incorporation of Uniloc's copy protection system for the game has unfortunately caused a number of unexpected difficulties which SEGA would like to explain to any customers who may have experienced problems authenticating their copy of Football Manager 2009 since it launched on Friday November 14th.

The first problem was that the printing of the keycodes on the in-game manuals. The choice of font meant that some customers were unable to decipher their authentication keycode correctly due to some of the different characters in the keycode looking very similar. On realising this on the Thursday evening, SEGA worked closely with the team at Uniloc to update code on the authentication servers to work around the problem. This situation does not affect customers in Australia and America where the keycodes were printed without any issues.

The authentication servers then suffered a distributed denial of service (DDoS) attack from an external party which significantly delayed the distribution of the solution for several hours. The knock-on effect of the DDoS attack subsequently necessitated that the phone line keycode activation, which also runs through the online authentication servers, had to be suspended so that the online authentication servers could be prioritised. Since this time the individual phone lines have been under constant DDoS attack. Unfortunately this means that some customers are still experiencing difficulties authenticating their copy of the game via phone activation, although the online server authentication is currently working as it should be.

SEGA would like to stress that while there are still some problems being experienced with customers trying to authenticate their game via phone, everything is being done to ensure that this is resolved as soon as possible. SEGA and Sports Interactive take pride in producing the very best Football Manager year on year, and regret that this unfortunate situation has arisen. SEGA and Sports Interactive would like to unequivocally apologise to any customers who have experienced difficulties in authenticating their game, restate their desire to solve every issue encountered in the process, and enable all customers to be able to play and enjoy Football Manager 2009.

Despite the issues that some users faced at the weekend, and since its launch on Friday, Football Manager 2009 has authenticated over 200,000 copies globally, but all at SEGA and Sports Interactive are determined for the small amount of people who are still having issues to be up and running as soon as possible. For those who are still experiencing problems, please do contact our Customer Services department at www.sega-europe.com/support, or visit our game forums at http://community.sigames.com/showthread.php?t=63556 where a FAQ is available for those still having issues.

Statement ends.

This is posted on behalf of SEGA and SI - this would have been posted by Miles had he not been on a plane at this moment.

"After prolonged issues with pre-release piracy" right, it may be ovbious, but i don't know the first thing about computers, but if it's pre-release piracy, why don't you keep the game from being copied until you start selling it... i could understand people pirating it AFTER it's been released, but if it is being pirated before its release.. why on earth would you need to stick an activation code on the game for when its released... does that make sence? or do i not understand what is meant... on a side note its good that you've made an effort to release a statement.... although it would of been better if it included the line of " next year activation will be scrapped 'cos of the problems it causes" are you not worried about the loss of revenue next year because of the bad press of this version? and has the activation system saved you more money from pirated copies?

Link to post
Share on other sites
Matt ex SEGA

Matt ex SEGA

Posted
  • Author
Posted
"After prolonged issues with pre-release piracy" right, it may be ovbious, but i don't know the first thing about computers, but if it's pre-release piracy, why don't you keep the game from being copied until you start selling it... i could understand people pirating it AFTER it's been released, but if it is being pirated before its release.. why on earth would you need to stick an activation code on the game for when its released... does that make sence? or do i not understand what is meant... on a side note its good that you've made an effort to release a statement.... although it would of been better if it included the line of " next year activation will be scrapped 'cos of the problems it causes" are you not worried about the loss of revenue next year because of the bad press of this version? and has the activation system saved you more money from pirated copies?

Protecting the game at all stages is vital to our business which is why we looked into this in the first place.

It's much too early to say exactly what we'll do with the protection on this years version or what we'll do next year at this point. What I can categorically say is that, as long as I'm still working here, whatever our plan is will be better thought out, tested and communicated than it has been this year, and I don't think anyone at SI or SEGA would find issue with that comment.

Link to post
Share on other sites
schuey100

schuey100

Posted
Posted
Protecting the game at all stages is vital to our business which is why we looked into this in the first place.

It's much too early to say exactly what we'll do with the protection on this years version or what we'll do next year at this point. What I can categorically say is that, as long as I'm still working here, whatever our plan is will be better thought out, tested and communicated than it has been this year, and I don't think anyone at SI or SEGA would find issue with that comment.

I assume you, like most of us, find it ironic that although you managed to stop the pirates copying the game before the official release, they ended up playing it before a huge number of people anyway because of the activation problems. As such this plan was a total mess because the pirates ended up playing the game first again!

As for having a better thought out and communicated plan next year, I should hope so, could it be any worse? I can't think of a disaster of this scale taking place with any other publisher/developer your size.

I really was hoping for a more thorough explanation with a greater emphasis on an apology but you seem to have attempted to gloss over this to end it quickly. With the issues of activating the game early, then saying that STEAM purchasers wouldn't be able to play early, then going back on that and allowing them to, all the while people spending hours trying to get their codes to work, it's at best a Monty Python sketch and at worst a case study in how to ruin your business

I do wonder what kind of memory FM gamers have. You've got a massive fan base but your last two releases, for varying reasons have been, well, a disaster. I hope that next year you get hit where it hurts and people will refrain from pre-ordering and that sales are down. Perhaps that might kick start you lot into thinking about the customer for once.

Because it seems to me you thought about two things this year, your revenue and the pirates. The customer was just an afterthought.

Link to post
Share on other sites
LycanGav

LycanGav

Posted
Posted

A continuous DDoS attack lasting four days would surely throw up MASSIVE red flags across any number of boards? I'm guessing police action is already in the works since it's illegal and we can expect to read about it in the press, etc.... Strange too, would have expected something like Wrath of the Lich King (which easily pipped you guys to the number one spot), a much bigger launch, to garner this kind of attention. Must have been a personal thing then, someone with an axe to grind against SI and/or SEGA specifically.

Link to post
Share on other sites
Matt ex SEGA

Matt ex SEGA

Posted
  • Author
Posted
To say I'm very sceptical at the claims of a DDoS that lasted for 4 days or so is a bit of an understatement.
How can you be so sure it was an orchestrated ddos and not just the vast number of legitimate users being hampered by annoying drm trying to continually activate a product that they have purchased?

OK, first of all I'm not remotely technical and have asked Murray to come and explain that in a little more detail.

My understanding is that the attacks are continuous and as we can't actually stop them, we mititgate against them - I honestly don't know how that's done, though.

All systems are functioning as they should be but that doesn't necessarily mean we've stopped what we happening, is the best I can explain it.

Link to post
Share on other sites
benkeat

benkeat

Posted
Posted

shabby practice that statement.

focusses on technical garbage that the majority won't understand, and irrelevant news (200,000 activated) that the people the statement should be intended for (the people who were delayed in getting their game working/are yet to get working) won't give a toss about.

should have just come totally clean and admitted that you were too clever for your own good, and therefore frustrated the life out of 1000s of people with some over elaborate and needless nonsense.

type of statement i'd expect from david brent after his entire workforce got laid off because of him.

Link to post
Share on other sites
feedthegoat

feedthegoat

Posted
Posted
OK, first of all I'm not remotely technical and have asked Murray to come and explain that in a little more detail.

My understanding is that the attacks are continuous and as we can't actually stop them, we mititgate against them - I honestly don't know how that's done, though.

All systems are functioning as they should be but that doesn't necessarily mean we've stopped what we happening, is the best I can explain it.

So if the attacks are carrying on, does that mean anyone trying to authenticate via the phoneline is still going to face problems?

Link to post
Share on other sites
MarkTrevor

MarkTrevor

Posted
Posted

You're all going on about SI and Sega making up this rubbish but at least they had the decency to explain the problems and what caused them. Get off your high horses, most of you are playing the game.

And if they say the DDoS attack lasted 4 days, believe them. You have no proof it didn't happen, so why complain?

Link to post
Share on other sites
Matt ex SEGA

Matt ex SEGA

Posted
  • Author
Posted
Were the attacks intentional or were they caused by traffic volume?

EDIT: I'm not having a go like some of the other lads, by the way. I'm just genuinely fascinated.

Intentional.

So if the attacks are carrying on, does that mean anyone trying to authenticate via the phoneline is still going to face problems?

All I know is that, at time of typing this, everything is functioning normally.

Link to post
Share on other sites
qwerty2k

qwerty2k

Posted
Posted

By the way, mine was a genuine question. As im sure with the number of users who got the game at the same time and tried to activate all at once it could look like one, just wondered if its definitely an attack or just caused by the high traffic volume.

If it was a genuine attack why not inform us the users at the time, people would have been far more understanding if you had come out and said 'sorry, we are experiencing an attack on our activation server, we are looking to resolve it asap' rather than ignoring it.

Link to post
Share on other sites
snootyjim

snootyjim

Posted
Posted

I've seen this issue of pre-release piracy mentioned several times on the forums. What I don't understand is why this protection is meant to prevent that - people could still purchase the game a week before the release, and hence people were able to get hold of the disk and start investigating the DRM well before the release date.

It's just gutting to see every games company around go down the DRM route, irritate the hell out of all of their customers while the people who are meant to be suffering simply don't. Nonetheless, I have no intentions of continuating this debate... I just think that digital DRM always ends with the same disappointing result, and hope that something better will be used next year.

Link to post
Share on other sites
homerjnick

homerjnick

Posted
Posted

Here:

Surviving attacks

The investigative process should begin immediately after the DoS attack begins. There will be multiple phone calls, callbacks, emails, pages and faxes between the victim organization, one's provider, and others involved. This can be a very time consuming process. It has taken some very large networks with plenty of resources several hours to halt a DoS attack.[citation needed]

The easiest way to survive an attack is to have planned for the attack. Having a separate emergency block of IP addresses for critical servers with a separate route can be invaluable. A separate route (perhaps a DSL) is not that extravagant, and it can be used for load balancing or sharing under normal circumstances and switched to emergency mode in the event of an attack.[citation needed]

Filtering is often ineffective, as the route to the filter will normally be swamped so only a trickle of traffic will survive. However, by using an extremely resilient stateful packet filter that will inexpensively drop any unwanted packets, surviving a DoS attack becomes much easier.[citation needed] When such a high performance packet filtering server is attached to an ultra-high bandwidth connection (preferably an internet backbone), communication with the outside world will be unimpaired so long as not all of the available bandwidth is saturated, and performance behind the packet filter will remain normal as long as the packet filter drops all DoS packets.[20] It should be noted however, that in this case the victim of the DoS attack still would need to pay for the excessive bandwidth. The price of service unavailability thus needs to be weighed against the price of truly exorbitant bandwidth/traffic.

[edit] Firewalls

Firewalls have simple rules such as to allow or deny protocols, ports or IP addresses. Some DoS attacks are too complex for today's firewalls, e.g. if there is an attack on port 80 (web service), firewalls cannot prevent that attack because they cannot distinguish good traffic from DoS attack traffic. Additionally, firewalls are too deep in the network hierarchy. Routers may be affected even before the firewall gets the traffic. Nonetheless, firewalls can effectively prevent users from launching simple flooding type attacks from machines behind the firewall.[citation needed]

Modern stateful firewalls like Check Point FW1 NGX & Cisco PIX have a built-in capability to differentiate good traffic from DoS attack traffic. This capability is known as a "Defender", as it confirms TCP connections are valid before proxying TCP packets to service networks (including border routers). A similar ability is present in OpenBSD's pF, which is available for other BSDs as well. In that context, it is called "synproxy".[citation needed]

Comodo Firewall Pro has a built-in Emergency Mode which is activated when the number of incoming packets per seconds exceed a set value for more than the specified time, for example, more than 20 packets/sec for more than 20 seconds. If this happens, the firewall classifies it as a DoS attack and switches to Emergency Mode. In this mode, all inbound traffic is blocked except previously established and active connections, but outbound traffic is allowed. The packet number threshold and the time needed for verifying an attack can be adjusted by the user separately for TCP, UDP and ICMP. The firewall also has some other attack prevention mechanisms, like protocol analysis, checksum verification (so that the packets are not altered since transmission) and NDIS protocol monitoring for attempts at making a DoS attack by using own protocols, thus outmaneuvering older firewalls.

Link to post
Share on other sites
Matt ex SEGA

Matt ex SEGA

Posted
  • Author
Posted
By the way, mine was a genuine question. As im sure with the number of users who got the game at the same time and tried to activate all at once it could look like one, just wondered if its definitely an attack or just caused by the high traffic volume.

If it was a genuine attack why not inform us the users at the time, people would have been far more understanding if you had come out and said 'sorry, we are experiencing an attack on our activation server, we are looking to resolve it asap' rather than ignoring it.

We were very concerned about the severity of the attacks and the potential of incurring further more damaging ones.

Link to post
Share on other sites
gavnoble

gavnoble

Posted
Posted

To be frank I would be more forgiving if you had just come and said for this year's game we got it wrong in going down the route we did. I don't like to use the phrase whitewash very often, but I feel with this statement it is exactly what SEGA and SI have done.

The situation on Friday was totally unacceptable in terms of not being able to activate the game for nearly 12 hours in my case and despite some users predicting this exact situation would happen, their views were ignored or treated with contempt, which makes what happened even more frustrating.

This statement does not go anywhere near rebuilding bridges, at least for me anyway. I will have to think long and hard about whether or not I purchase next year's game if the DRM used this year remains in the game, which is a shame as once you get the game activated it's actually quite an enjoyable game for all its faults.

Link to post
Share on other sites
Wakers

Wakers

Posted
Posted

DDoS attacks can last for days, even weeks, if the company under attack doesn't have the resources or structure to deal with them, or if it is a particularly well organised attack from a country out of political reach (Ukraine, Russia, China etc).

Matt - with regards to activation for next year - I played Guild Wars a couple of years ago. When they released a new chapter, and you pre-ordered it, you would be either emailed an activation code, or sent a goodies dvd with a card containing an activation code, and you could activate it as soon as you received, often up to three weeks before the content went live.

Would a similar thing not be more prudent, rather than opening up the servers just a day before or on the day of release? It would keep the traffic way down, and also, if you did come under attack, it would give you plenty of time to protect yourself from it, and secondly, less people would be effected by the problems because a large number of them would have already registered.

It could even be linked into your SEGA account that we all have to post on these boards, and then you could also tie into that the deactivation process, instead of having them hosted on a separate site.

Of course the other upside to that is it would encourage more people to register on these boards and then you have a greater number of customers interacting with you and giving you feedback. As well as shouting their heads off at you ;):D

Link to post
Share on other sites
Matt ex SEGA

Matt ex SEGA

Posted
  • Author
Posted
is there going to be an equivalent apology for all the Mac problems? Or even a mention of when the patch will be done (as another deadline you set has now passed?)

Not ignoring, but will need to ask Miles to address this comment.

To be frank I would be more forgiving if you had just come and said for this year's game we got it wrong in going down the route we did. I don't like to use the phrase whitewash very often, but I feel with this statement it is exactly what SEGA and SI have done.

The situation on Friday was totally unacceptable in terms of not being able to activate the game for nearly 12 hours in my case and despite some users predicting this exact situation would happen, their views were ignored or treated with contempt, which makes what happened even more frustrating.

This statement does not go anywhere near rebuilding bridges, at least for me anyway. I will have to think long and hard about whether or not I purchase next year's game if the DRM used this year remains in the game, which is a shame as once you get the game activated it's actually quite an enjoyable game for all its faults.

I'm sorry you feel like that - as the statement says we're trying to resolve every issue that is reported to us and we're extremely disappointed that we've had such problems. We've tried to be as transparent as we can and explain the problems we had - which were in significant areas entirely our own doing, and in others very much beyond our control.

Link to post
Share on other sites
Wakers

Wakers

Posted
Posted
oh you've been very transparent alright, i think we can all see right through this ddos story.

Come on - I know i don't always come across as Sega's/SI's biggest fan but they would not lie about that - it would put them on very dodgy legal grounds and its something that can eventually, if not already, be backed up with evidence, one way or another.

Link to post
Share on other sites
bigguyinthesky

bigguyinthesky

Posted
Posted

i feel for sega and si they were trying the best to stop the game being pirated and thus making more cash for reinvestment next year. But the sad fact is it was cracked within 24 hours and so far its up to 45 thousand illegal downloads and still going thats a whooping 1.3 mil lost at a retail price of 29.99. So i can understand why they tried this the industry has got to keep trying to stop cracking or eventually they will go out of buisness so i for one can wait 12 hours to get my game if it means they are doing something to try and stop piracy

Link to post
Share on other sites
Doog

Doog

Posted
Posted

even so, multiple simultaneous requests for a connection to a single server? online authentication on release day? to call it a 'coincidence' would be putting it mildly. tbh, until (unless?) they provide solid proof that a large number of the connection requests originated from a single source then I'm not going to believe this ddos line for a second

Link to post
Share on other sites
Wakers

Wakers

Posted
Posted
i feel for sega and si they were trying the best to stop the game been pirated and thus making more cash for reinvestment next year but the sad fact is it was cracked within 24 hours and so far its up to 45 thousand illegal downloads and still going thats a whooping 1.3 mil lost at a retail price of 29.99 so i can understand why they tried this the industry has got to keep trying to stop cracking or eventually they will go out of buisness so i for one can wait 12 hours to get my game if it means they are doing something to try and stop piracy

Its not that black and white. A large percentage of those people download because they wouldn't spend money on the game in the first place. I'm also sure a decent percentage of the people that have downloaded that illegal version did so because they had already bought the legal version but couldn't activate it.

Link to post
Share on other sites
Spottswoode

Spottswoode

Posted
Posted

So let me get this straight. Its purely coincidence that someone "intentionally" performed a prolonged denial of service attack on the phone line activation? You'd be hard pressed to find anyone who could spin that in a way that people would believe.

Just admit it. You ballsed up. You didn't have/expect the necessary phone/server capacity for the user authentication. It clearly wasn't researched or planned properly, otherwise the (quite literally) hundreds of various issues people had would not have happened. You also still ended up losing to pirates anyway.

Whether you have the correct technically knowledge to explain a denial of service attack or not, you and the rest of the staff need to man up and admit that you did it wrong, instead of trying to shoehorn the blame onto an "anonymous" third party. You can't possibly think people would fall for this garbage?

Link to post
Share on other sites
Wakers

Wakers

Posted
Posted

Ehm, you guys do know that there are "activists" out there that target any gaming company that uses DRM right? This would not be the first time an authentication service was attacked on the release day of a game?

Was it a coincidence? No, of course it wasn't, don't be silly, its a major game release using DRM, of course it wasn't a coincidence.

Is the attack a lie? No chance.

Link to post
Share on other sites
bigguyinthesky

bigguyinthesky

Posted
Posted
Its not that black and white. A large percentage of those people download because they wouldn't spend money on the game in the first place. I'm also sure a decent percentage of the people that have downloaded that illegal version did so because they had already bought the legal version but couldn't activate it.

i dont believe so if they couldnt get it free from torrents then i bet you quite a few of them would want it enough to go out and buy it

Link to post
Share on other sites
Uncle_Sam

Uncle_Sam

Posted
Posted

Yea, it sounds legit to me. What do you people think happened? SI and SEGA sitting around having a laugh and drinking tea while you guys couldn't authenticate? FFS, give them a break. They cowboyed up and took responsibility for their role in the disaster. Move on. Go, sink your teeth into some ribs or a nice sirloin and choose to enjoy life rather than be miserable at some computer game company.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...