Today I attempted to introduce FG to a new player. Our plan was to have him download the trial version, and connect to me. However, for some bizarre reason, he was unable to connect to the website. The website timed out for him, and pinging from the cmd prompt also produced a time out. He was able to get the demo version from Steam, but was not able update it. In spite of his troubles, I was able to connect to the website, ping the website and update my version of FG. So, needless to say, it was a disaster. I then got an earful about Roll20.

Help!!! What the heck happened? I really want to introduce FG to this guy.

Kevin

Server issues made the site unresponsive for about 30 mins today. We've been trying to mitigate frequent issues that seem to be related to repeated DDoS attacks. Some traffic was still able to get through, but most new connections were getting turned away.

And I would point out to him that if Roll20.net is hit with a DDoS attack, you can't connect at ALL. With FG the GM hands out their IP address and the users connect using that, except for the ones using the free license supplied by the Ultimate License.

Wow. I mean, wow. I did not even know about DDoS attacks until now. This is devastating.

So, what does this mean for us, and the larger community in general? After wooing him with the amazing coolness of FG, I was planning to upgrade my license to ultimate. However, he cannot set up a free version at his end, and even once he does that, it sounds like, based on the above post, that if the site should be under attack when we try to play, we will be unable to play.

So what should I do now? Just keep trying?

On a more general note, is the evil person / people behind this attack winning this war? They have impacted the two us to the point that our establishment of a game is now in jeopardy. I cannot even begin to imagine the destruction that is being done. I really, really want to use FG, but he is a hardcore Roll20 fan. I understand the point about Roll20.net and a DDoS Attack. I hope he does too. But I know nothing about anti-DDoS attack strategies, or if they even exist. Is there hope for FG? I really hope so. I love this program.

Man, this is he most devastating thing (to me personally) that I have experienced in a long time. And I am just a lowly user...

i have a feeling it is having a bigger impact than is actually be felt here... it seems to mostly affect us in the asian/oceania timezones but if potential new players are looking for FG and find nothing... they arent coming back... so they are lost and we dont even know about it.

Wow. I mean, wow. I did not even know about DDoS attacks until now. This is devastating.

So, what does this mean for us, and the larger community in general? After wooing him with the amazing coolness of FG, I was planning to upgrade my license to ultimate. However, he cannot set up a free version at his end, and even once he does that, it sounds like, based on the above post, that if the site should be under attack when we try to play, we will be unable to play.

So what should I do now? Just keep trying?

On a more general note, is the evil person / people behind this attack winning this war? They have impacted the two us to the point that our establishment of a game is now in jeopardy. I cannot even begin to imagine the destruction that is being done. I really, really want to use FG, but he is a hardcore Roll20 fan. I understand the point about Roll20.net and a DDoS Attack. I hope he does too. But I know nothing about anti-DDoS attack strategies, or if they even exist. Is there hope for FG? I really hope so. I love this program.

Man, this is he most devastating thing (to me personally) that I have experienced in a long time. And I am just a lowly user...
Don't worry, all that happened was that you were unable to access the Fantasy Grounds web site, thats all. When you play a game via the Fantasy Grounds software, a connection is made between the Fantasy Grounds Host computer (the Game Masters PC), and each player's Fantasy Grounds Client PC. Thus for a DDoS attack to effect you and prevent you from playing your game with your players, the DDoS attack would have to target your PC or the PC of your friends. Which is very unlikely unless you have seriously pissed off a hacker - but again, the chance of a hacker targeting you personally with a DDoS attack, is highly unlikely.

If you played using Roll20, a connection is made between each players machine and the Roll20 web site. So if Roll20 was suffering a DDoS attack, then it would not work (for anyone) because you would not be able to contact the Roll20 web site.

We take the issue very seriously and we are scrubbing logs to try to track it back to the source or sources. I'm not sure what reason someone would have to target us, but we are in fact being targeted. When we find the source, we will do our best to prosecute the offenders. As has been mentioned, it's hard to qualify the loss of reputation and revenue when your site is affected by something like that. The site was down for roughly 45 minutes today as a result. It has been down for as much as 4 hours during past attacks. When down, new players won't be able to download and install the software during this time, run updates or connect to an Ultimate license. If we are present at the time of the attack, we are normally able to respond pretty quickly and restore the server to operation. We are also in the process of implementing a heavy duty anti-DDoS solution that should mitigate these issues in the future. The downside is that the cost for those services is usually pretty high.

I think every website strives to achieve a 100% uptime, but external factors don't always allow that to happen.

We should have our AD solution in place within a week. There is a risk of very minor downtime (5-10 mins) during this process, but from what I understand it should be seamless.

Don't worry, all that happened was that you were unable to access the Fantasy Grounds web site, thats all. When you play a game via the Fantasy Grounds software, a connection is made between the Fantasy Grounds Host computer (the Game Masters PC), and each player's Fantasy Grounds Client PC. Thus for a DDoS attack to effect you and prevent you from playing your game with your players, the DDoS attack would have to target your PC or the PC of your friends. Which is very unlikely unless you have seriously pissed off a hacker - but again, the chance of a hacker targeting you personally with a DDoS attack, is highly unlikely.

If you played using Roll20, a connection is made between each players machine and the Roll20 web site. So if Roll20 was suffering a DDoS attack, then it would not work (for anyone) because you would not be able to contact the Roll20 web site.

Hi Taliz - Ultimate Licenses lose most of their potency during a server outage - unlicensed/demo players cannot connect. Also new/prospective players cant download the game. So it does affect more than just the forums.

Hey guys,

Thanks for all of the responses. I am not worried about my computer. I am worried about the impact, perceived or real, on new players. This directly effects me only because I am in the process of courting a very keen new player. He informs me that he has been trying for three days now, and just tried again an hour ago, to no avail. The information provided goes a long way to keeping us motivated and trying.

All I can do is stand on the sidelines and cheer the FG team on, but please know that I will be doing that as the holiday season approaches. May the implementation and transition be as smooth as such things can possibly be.

there may additionally be something wrong at his end?

im not on all the time but I didnt see any outage this afternoon.

other than the 40mins while they were switching over to the new system...

https://www.fantasygrounds.com/forums/showthread.php?22702-Brief-Server-Update

As I said in the OP, I can still connect, even though he cannot. He is a new user.


most new connections were getting turned away.

Damned, you, like myself, are not a new connection. While the connection problems are not so severe for an established connection, the impression I have from working with this new guy is that the problem is very severe for new users. I received this message from him on the 4th. He has been unable to connect for four days now.


I downloaded the demo version off steam last night, but the fg server was down so I couldn't grab all the updates.Will do that tonight or tomorrow, and hopefully log in with you this weekend.

There haven't been any outages today and it was only briefly down yesterday. Where is he connecting from? We do block a range of IP addresses in areas of Asia that are responsible for a wide range of attacks. Our firewall also blocks IP addresses where attacks originate. If you can find his IP address and report it to me at [email protected], I can check it.

Where is he connecting from? We do block a range of IP addresses in areas of Asia...

That must be it. We both live in Japan. He must collateral damage from this attack on the site. I will get the information and send an email to support. Thanks again for you prompt replies. I will post an update here as soon as the issue is resolved.

I recently encountered this same problem. I used to log onto this website daily but within the last week or so I have been unable to log onto the website. On Friday night here a new member of our group could not access the website nor download and install the FG demo needed to play the game. Eventually I suggested him trying to launch a VPN service, this worked and allowed him to download the game and me to access the site. Bit of a pain in the *** though and it's definitely causing me to log into this website less :(

We're both in Hong Kong by the way.

Hopefully we can address this as we get switched over to the new system. If you wouldn't mind sending me your external IP address to [email protected], I can whitelist that specific IP address on our server for now and verify that this is the actual reason and not something else. I apologize for the inconvenience.

Is HK currently behind China's firewall, or is that a change that is yet to come?

The list I'm using breaks out each country individually, so there are separate entries for China, Hong Kong, Japan, Korea, etc. My understanding was that it was only supposed to include known, abusive IP ranges; however, it may be too broad. We obviously don't want to block out legitimate traffic from these countries.

Ok Doug. I've emailed you my IP. Let's hope that can resolve the issue.

Oh and no Nylanfs. China's firewall (thankfully) does not extend to Hong Kong. If and when it ever does I shan't be here to witness it. I guess that's one of the freedoms amongst many others that HK is currently fighting for.

Ok Doug. I've emailed you my IP. Let's hope that can resolve the issue.

Oh and no Nylanfs. China's firewall (thankfully) does not extend to Hong Kong. If and when it ever does I shan't be here to witness it. I guess that's one of the freedoms amongst many others that HK is currently fighting for.

After sending the i.p. address to Doug, our problem has now been resolved. It seems that the new player was inadvertently blacklisted.

Yeah mine too. Thanks for that Doug!

I'm glad it is working out for you and thanks for your persistence. It's unfortunate that we had to resort any sort of blocking at all.