not really it still does go down it is just bounced faster now and actually i do have changelogs prior to 0.6 versions of the emulator which goe back heck probably almost all the way and most of your basecode was done by them just because its tweaked doesnt mean they didnt lay the foundation you know. without that foundation they helped lay there would be nothing for anyone to build upon give credit where credit is due.

I read all the posts about it, yeah running on the same hardware and kls' answer was to shut the site down entirely for what two weeks or so because apache was using too many resources between the wiki and the forums mysql queries?

in any court aside from the admitted attacks the rest is circumstantial is all im saying. So yes to quote you... before making accusations have facts aside from 2 or 3 instances that were admitted to. There is no proof it was either of them all the times it crashed and its been admitted by the person takling care of the ls now that most of the issues were related to apache and mysql and lack of server resources. Unless of course you are calling kls a liar in her posts?

Thats all im saying is you are accusing them because devnoob admitted to it 2 or 3 times your blaming the whole thing ont hem because the emu staff arent too thrilled that there is a new public loginserver system out for anyone to use. not based on proof that they had anything to do with the long term issues with the loginserver.

I never said that they didn't earn respect in the past. I wish they had kept that respect and remained with the project this whole time, but neither is the case. They lost their respect long ago when they burned their bridges here. It doesn't matter how much anyone helps out if they can't keep from turning on the community at any given point.

They didn't leave the community willingly. They had their moderator or admin status (whatever) on the forums removed and were removed from the project forcefully years ago for having malicious intent against the project and/or community. Maybe one of them would be kind enough to lay out all of the details of why they were removed from the project in the first place, but I wouldn't expect the full truth either way.

By KLS shutting down apache, it proved that the LS was stable enough to remain on the current hosting as long as we move the website to new hosting at some point. I much prefer having the forums down and the LS up if it is a choice between the 2 of them. The final resolution to the whole LS issue is still in the works. The site was kept down as a temporary solution while other options were being considered. At least the LS was working, which is top priority. I still don't have any kind of ETA on when the next steps will be taken.

You are aware that the way that Devn00b was crashing the LS was by sending malformed packets to the LS. This means he probably has some code to simulate a very simple client connection and was able to write a structure that was not accepted by the LS, which is what caused it to crash. My best guess is that maybe they have a copy of the Simple Client source code, or some other old code that simulates a client connection. I know I have seen doodman link screenshots of a EQ Client simulation he had made, and it wouldn't surprise me at all if Image has something similar. Either way, it has to be something other than a normal EQ client that they were using for this "testing". I don't really know why they would want to simulate a client if they are building a LS to be designed to work with Titanium in the first place.

Basically, I don't know exactly how they did it, but I do know that it was a malformed packet that caused those crashes. Then, 3 days after those admitted crashes happened, I read reports on the PEQ forums of their world server crashing repeatedly. Their server was restarted several times and the problem repeated and then simply stopped as mysteriously as it had started. A couple hours after I first read about the issue on PEQ, I happened to be looking at the processes on Storm Haven and noticed that my world server had just started bouncing at random. I then got reports that all of the popular servers were sporadically popping off and on the Public LS list. This is because the same thing was happening to all of the Popular Public Servers. None of the servers with 0 or 1 players were having this issue, only the ones that get higher player numbers. It didn't take long for me to figure out that this was an intentional attack on our servers and I alerted Cavedude immediately.

After investigation, their team found that the world servers were being crashed by, you guessed it, Malformed Packets! The direct result of this exploit/hack was why Revision 396 was put in as a quick fix.

This was an obvious attack and anyone who would do something like this does not deserve to be a part of this community. The simple facts are these:

1. Devn00b had openly admitted to using this exact same technique to crash the Public LS 3 days prior to this whole incident happening.

2. Only a very small percentage of the community is aware that such exploits like this exists and even less of them would even know where to begin to be able to abuse them.

3. By making the Public LS look bad, unstable, and appear to be causing actual servers to crash, only someone hosting their own Login Server would have anything to gain from doing this.

4. Devn00b obviously already had something in place that could send malformed packets at any part of the connection process, so this would have been insanely simple for him to do.

5. This was barely 3 days after the same attack had occured on the Public Login Server itself, which was caused by Devn00b.

I don't know how there can be any doubt at all that it was them.

I certainly don't blame all of the LS issues on them, but the part they played should not be ignored. There were multiple issues with the site and LS that were all results of different things. One issue was caused by hackers who were flooding the site with requests and bogging it down so much that it hosed the LS. That was the initial issue we saw where the site would take forever to load and then the LS would still be reachable if you tried non-stop for like 10 minutes.

To battle that issue, doodman changed some stuff, which I believe started the "bad username/password" issue after MySQL would fail.

And somewhere in there, the LS was just crashing at random even while the Forums were up and speedy, which was the result of someone crashing it. I don't know how many times it happened, but IMO, that doesn't matter considering the world crashing attack that happened.

If a new Login Server had come from well-trusted, respected, long-time members of the community, then I think we would all be ecstatic to get it. Since that is not the case, I don't think it is right to not give our community a warning about the source of these Login Servers. Heck, you already lost your entire LS database to someone that now has all of their usernames and passwords! That is just the beginning of what would happen if this was to become widespread.

While it may seem like we are being controlling about the Login Server, it is actually that we are trying to find the best way to keep the communities passwords and other information safe and provide them with a reliable and trustworthy service.

Ok well I do have to say that sof client crashes the worldserver to and looks a great deal like malformed packets as well which is why i am in the process of disabling it entirely till world can understand what the client is sending.

About my LS I want to state it was not my idea to store users passwords unencrypted and once My access to the servers was removed i moved quickly to inform my users of the compromise and they dont seem to care so, that one is on them. But I do see your point which is precisly why I an I alone have access to my ls database as of this moment and that is the way it is going to stay.

I do understand your POV I am nerely saying like any exploit once one person figures it out well then all the script kiddies gotta try it.

I really do think they are genuinly trying to help the community with the new ls, and I think they should be given a chance, dont condem people for mistakes of the past. Yes im sure they screwed up in the past image has admitted to me he did so but he was young as we all were at one time.

It should be noted that My issues were not a result of anything devnoob or image coded in their ls I will say that.

Instead fo pointing fingers and such why dont we all try working together, Forks included we dont have to all be super activ ehere to have something to contribute. forks can coincide with the main project and collaboration can take place.

Even if they were crashing these things that inturn helped the community because the problems were found and are in the process of being fixed. I try to be a silver lining kind of a guy usually.

Even with what happened to My project I look at it as now i have total control over it and it was actually a good thing in a way that it happened.

Thats all Im saying people screw up they dont need to be repeatedly crucified for it.

I have been using the LS they made since before it was officially released I have had 0 issues with it its stable and secure and all in all a good program IMO.

Yes I am playind devil's advocate but i think if we all work together rather then against one another it will help everyone as a whole in the long run

I really don't see what SoF has to do with any of this other than the fact that it has been my priority for months to help get the emulator upgraded to work with a newer client and you are trying to make a personal attack on me through my work (and the work of others who have helped). If you don't like what we have done with SoF, then don't use it, but don't try to relate it to this discussion in any way. If you think you can discredit me by saying the work I have done on SoF is bad for the project, then that is just ridiculous.

If you are trying to say that SoF had anything to do with the world crashes that ALL of the popular servers (including many that didn't even have SoF enabled on them) were experiencing, then again, that is just ridiculous. I have worked with the SoF client from the very beginning and I know what it can and cannot do, and the crashes that we were seeing had nothing to do with it. The crashes were happening while the client was making a session request and I can definitely speak for Storm Haven that the SoF client was working 100% fine for requesting sessions when whoever it was was crashing the world.

If you think that SoF causes world crashes still, then I don't know what you are doing with it to cause them. I have been running it on my server for months now and anything that could have caused a crash has been resolved as far as I am aware of. I haven't seen world crashes on Storm Haven in quite some time and I only use SoF now. Maybe if haven't updated your server code in a while, you might run into some of the old issues, but as I said, most of them have been resolved for a while now.

Not that you would do it, but one of my main concerns with multiple people running Login Servers is that they could be abused extremely easily. I am sure you have people register with their email addresses, and not everyone knows better than to use the same password for their LS account that they use for their email. So, if a LS was to get hundreds or even thousands of registered users, there is a good chance that some of them may have given the same password to get into their email account. If someone running a Login Server was doing so with malicious intent, it would be all too easy for them to take advantage of people, find other personal information and probably even to steal from them.

Private information (gaming or otherwise) should not be taken lightly, and by giving everyone access to run their own Login Server, there are bound to be security risks. When handling any private information, there should be at least decent security to ensure that it stays safe and private. And, if extra precautions aren't going to be taken, the users should be made aware of that so they know to take their own safety measures (which they really should be doing automatically in the first place).

I am not exactly sure what you are referring to here. But, if you are referring to the malformed packet crashing the world servers, that information was not disclosed until after it happened. The Login Server one was mentioned, but the issues with the client itself were not. The source is open, so if someone had really wanted to exploit that issue, and knew what they were doing, they could have done it at any point. It happening 3 days after the LS crashes is extremely unlikely to be just a coincidence.

When their project had any chance of getting some of this community to move to it, they mentioned that they would probably allow "custom LS builds" for a price. So, they would have been charging people for them to remove the restrictions in the Login Server code that they had put there in the first place. Once it was clear that the issues with the EQEmu Login Server were going to resolved, only then did they give out the unrestricted version. If you want to help an opensource, free project, you don't do it by creating an alternative to it and charge for it :P

I am almost always willing to give people a second chance, depending on how bad their first offense was. I really wish they could have come back and proven themselves respectful and trustworthy. This project would no doubt benefit from someone with coding skills like Image has. But, if it comes at a cost of deceit and drama, it just isn't worth it. Since I was not around for the first issue with these 2, I couldn't exactly hold it against them. But, after seeing the recent issues and actions, I think it is clear that they have something against the entire team and are willing to go to great lengths to show that.

I can agree with you on this one. It wasn't their fault for what happened to you. But, I am extremely hesitant to use anything that is closed source and isn't from a highly respected source.

There is no fork (sounds like something from the Matrix). There is no secondary project going on. There is just EQEmu as far as I am concerned. Now, if someone else started their own SVN, or started releasing non-EQEmu binaries or something, then that would be a fork. But, as of now, it is all just normal EQEmu. Just because you use your own private LS doesn't make you a fork. That would be like saying that people who use the old mini-login are all forks.

Other than the fork statements, I agree with you on this one too. We should all just work together and stop the drama. Drama is such a time consuming waste. I could certainly be doing much better things with my time. I will never push for drama. All I try to do is discuss the issues at hand. If all we do is delete/lock threads, and suppress drama, it will never get resolved. I am more than willing to play moderator to see any drama to the end in a reasonable fashion.

I consider myself an extreme optimist and always try to look on the bright side. I also try to give people the benefit of the doubt if there is any doubt in me to give. While you may have somewhat of a point here, it is still completely ridiculous to even say such a thing. That statement doesn't do anyone any good. You are saying that we should love the hackers because they forced the problem to get fixed? If someone really wants to help, they help without hurting in the process. The issues with the LS were due to sick attacks and anyone who would do something like that is just a bad seed. Effecting thousands of people for weeks on end just so someone can get revenge or get their way is just too selfish for words.

[QUOTE=Aergad;167936]Even with what happened to My project I look at it as now i have total control over it and it was actually a good thing in a way that it happened.

Sometimes learning the hard way is the best way. You won't soon forget that lesson I hope. I still think that the real lesson you should have learned is that you shouldn't trust people who haven't earned your trust.

If people consistently screw up and cause problems, which in turn wastes other people's time and efforts, then yes they do deserve what they asked for.

While that may be true, a closed source program could always be hiding something that could come back to bite you in the end. I really hope that isn't the case here, but you can never truly be too cautious about that sort of thing.

I can play devil's advocate all day, obviously. But I would honestly much rather see the drama gone for good and for things to get back on track. Already since KLS has gotten access to the LS, things have been better than they have for quite a while. I am sure once the LS issues are all finalized and taken care of, people will quickly forget about this whole issue. I knew that would happen from the start and as soon as the LS was back up and stable, the drama suddenly stopped. Since some issues hadn't been fully resolved, I knew something like this was bound to pop up at some point. So, I figured it would be good to clear things up while I had the chance. I don't pretend to know everything that goes on around here, but I will say that I know my fair share :P

As much as I love a good pissing contest, can we please get back to the real focus of this thread...which is how much of a tool Richardo is?

I thought the point of the thread was to discuss the Tallon/Vallon Zek server, :x

Maybe I'm in the wrong thread.

well where to start lol ahh closed source programs... well for one the official loginserver tracks every player on ever server down to the zone they are in why it does this i have no idea however i found the code and the opcodes in world and zone that accomplishes this so the official ls is doing precisly what you warned against.

Minilogin has been used for quite some time as a closed source program theres no telling what information that really sends i suppose i could look back in the old old ls code i found and find out but even still the point im getting at is that there are secrets even the people handling the official ls have kept reguarding its operation.

What possible purpose does it server for the loginserver to track that kind of player data i dunno.

Everytime i see a user using SoF ( btw i just compiled my server on linux using the latest svn source) I get a garbled mess of output that is just raw packet data being sent to the worldserver but it doenst understand the packet so it kinda has a coniption fit lol thats all i was sayin

Im only disabling it for now till the client functionality is more completed where world doesnt spazz like that lol

thing about My issue is this guy was hosting it supposedly in a professional datacenter he owned the company that was supposedly a reputable company that handled financial transactions and so on and so forth for major companies. All that made it easy to trust the guy. even still i can say had he not yanked my project out from under me the way he had, everything was secure i mean what are the odds that the guy runing the datacenter would be a completely immature tool anyway lol

anyway yeah lol its too early for me to think much clearer need coffee lmmfao

EDIT: That just got you a one week ban.

I really dont know what to say about all of this...

I personally tried to form some sort of relations with other server staff in hopes of working together on things to improve the community, such as sharing information on who was banned cross-server and why. The fact that staff from other servers, would come onto the public forum and slander people's EverQuest servers that are worked on and run free of charge shocks me.

For example Bane of Life. I personally notified you guys about the EQEMU password trojan that was embedded in the website the moment I was sent the information from the informant in Lucid Vision, in hopes that you would change all of your passwords to avoid the email account hijackings that our staff had to go through.

You state on your website that our server is hack infested, yet when I attempted to inform you that many of the registered users on your forum are ones that have been banned for using 3rd party software, you blow me off like you dont even care.

Hell, we even built a MQ hack detector and distribute it to openly.

as for our database, it is far from "generic" in my opinion. Not only am I told by players that come to play here ( many in hopes of a PvE duplicate some day ) that it is the most live-like experience they have gotten out of EqEmu, but some people have even wanted to purchase a copy of the database ( denied of course ). To me, that says something good.

In the end, the fact that you, as server devs, come onto a public forum and bash another server openly only proves to me the type of arrogant, immature community you plan to run.

GM Gronkus