HAHAHAHA this is funny, many many moons ago i had found several such buffer overruns and other such nastys in the code and had fixed them, but because i was removed from the team, along with image, i kept them private.
I warned eqemu someday somone would use them for bad. Way to listen devs! btw Linux isnt immune, or any more secure, just need a different shellcode, and an extra 10 seconds to exploit this. |
Well, I meant Linux is more secure in the sense that, when they do hack in, it will be as what ever username I run the EqEmu server under, and can't damage my whole machine.
As for my EqEmu server, I keep many back-ups for when someone does decide to screw me. I don't really keep my own server on the public log in anyway, I'm content to play or do work alone on my MinI Login set up. Since most interest is with the "preferred" servers, these will be the ones to have most of these problems; although the Preferred Servers listings have no meaning at all for the moment, they still are "eye candy" for anyone just logging into EqEmu - the casual player thinks he/she has a free ticket to a "preferred" server, that offers more, and go straight to play there. Just like anyone else, hackers need attention too- so they will spend most their time hacking into the populated "preferred" servers. All the people who make new servers under the normal listing should probably lock it down and let players they know, come in and play. |
..
Quote:
and keeping all your work private is helpfull how ? hmmm whatever. They hit my server at least 3 times a night nowdays. I long ago learned to backup everything at least once a day nowdays. anyways if you find a fix for the DOS hacks let me know. seems there tons of servers...IF NOT ALL OF THEM.. with this explot in them. I would suggest tinyfirewall pro.... it lets you ban specific ip address's. and basicly anything from .ru should be blocked out as they are nothing but spammers nowdays. |
Quote:
|
Quote:
At any rate, I've completely closed my system down as best I could. Turned on windows firewall, closed all ports, installed Symantec AV corp edition and spybot. We'll see what happens I suppose. Only thing that worries me is they've been in before which generally means I should be starting with a clean install. |
Firewalls wont stop this exploit, it comes over the same port as the server runs on, if your server is open to the public, your vulnerable.
Its not funny that you got hacked, i am sorry for that, What is funny however that i warned of this happening, and what would happen when someone with some talent checked shiz out, and started using this exploit. When it comes to hard work there are very few people 'round here left that have put in as much work as I have. I was hours from giving the fixes to this when image and myself (senior developers mind you) where removed from the team. All the fixes are long gone now, nor do I have the desire to re-do them so some other security expert is going to have to do them. Oh wait, there aren't any real devs left.... Bravo Dev Team Bravo. |
Quote:
From what I remember you and image(and I still think that you are one and the same people) got rightfully bootet from this project because of exactly this type of sh*t. |
This has nothing to do with me. This has everything to do with the fact that there has been a KNOWN exploit that gives a remote user access to the server pc, and nothing has been done about it at all.
This would be akin to say gaim, or even linux itself (both open source software) leaving exploits in their code for however long its been. Wouldn't you be upset? Wouldn't you be a little upset that a fix was there, but the ruling king decided hey we dont need the fix we'll boot the dev that has it, and let the exploit stay? Now i sit here seeing that my fears have come true...Forgive me for being a little upset... As for my leaving the project, Doodman and image had a dispute, they kicked image, THEN myself. I had nothing to do with the original dispute. here we go my log from my chat with doodman Quote:
//edit: keeping all my work private? haha 90% of my work is in the fucking emu base code, i kept my db private. And didnt release my exploit fix because i wasnt a developer here anymore, and i was banned from irc and the forums, because of what i posted above. |
I really don't understand what the point is here, or if there is a "point", how big it should be?
As far as I'm concerned, anyone who has ever done any small piece of code, or is doing any code work now, is a Dev, reguardless if they are part of any special "EgEmu Dev" group or not. lately, I've become aggravated with the whole scene, due to lack of interest by the people who control what goes into the "official" code. But this has always been so, ever since I started in the EqEmu scene. Anyways, this last time around, I got so frustrated, I was not planning to post anymore of my stuff. But really, this is no way to be - very few of us do any "public" work any more, and this is what keeps this "open source" project alive. I've always been against people who keep stuff to themselves and not publish what they do to these forums or to the source. when I started here, *no one* was doing anything: no updates to any database or nothing to the source. This didn't mean there was no one doing any work, just meant who ever was doing work, kept it to themselves (like what happens now). What FNW or Doodman does or doesn't do, shouldn't really matter or hinder what YOU are doing - you have the source and everything else you need. They only hide the log in server code, but you could use the mini-login server, just the same, for public logins. So far, all the ones who rant and criticize, have not shown me where I sould trust them with the "official" source code. Especially the guy who tried to hack into what little we have left and ruin it (you know who you are). What a lot of us do not understand is, EqEmu *already* belongs to all of us, and we can do as we please with it. So what fuck it up, hack it , ruin it so everyone gets screwed? Anyways, I'm working on something I consider to be really big, it's a lot of work, so will take a while, but when I get done, I will post it for all of us to either share or keep it for youself and don't share at all. |
I need to say something:
You're willing to spend gobs of time fighting all sorts of problems running the emu server on an OS that the entire world knows has more holes than swiss cheese, yet you won't just sit down and put up a linux box and have a secure server once and for all? I submit that you're spending (read: wasting) a lot more time struggling with windows security (especially since it doesn't exist--if Microsoft can't even lock down their own OS, what makes you think you can?) whereas you could just invest the time to learn how to do it right on Linux and be done with it. |
Quote:
If they are going to control freak a GPL PROJECT like this, then they at least better be attentive to it. If something is submitted, and it works, then it needs to get into the tree, NOW. If they sit on it, then frankly, eqemu needs a fork. It's GPL, thus fair game for this. The whole point of the GPL is to be able to share code changes freely and easily. If a certain set of people are making it frustrating and difficult to do so, then someone else who will get these fixes in becomes necessary. While we're on the subject, I'd like to know who thought it was appropriate to originally license the LS code as GPL, then make it unavailable to anyone. Sorry, but you can't do that. And this isn't a copyright issue. You released it under a free license. You don't get to change your mind after the fact. |
this really begs the question though. if there is something exploitable, why is the patch not made available, regardless if it was rejected by any inner circle. by that argument, organizations like CERT shouldnt bother posting issues, because vendors like MS and others sometimes deny them or "scoff" at the danger rating.
== sfisque |
Because i was banned from the website, and the irc. After that ive gone through so many hard drives and shit the code just got lost. Again fault of the "devs" not mine
|
soo idk if dev is trying to help or prove something stupid or is butt hurt he was kicked? idk
|
Quote:
|
Question here DevNoob....If you were asked to rejoin the team.....would you?? I never had a prob with you or Image and personally I think a couple of great minds and been unfairly dropped and replaced with some people with larger heads albeit smaller minds . It would seem to me if you still did not have an interest to do the right thing for the community here then you would just be sitting back quiet listening to all of this. It seems you would like to help out but pride and a couple of people are standing in your way......
and that concludes our psychology session for today........ |
See Dev and Image did a LOT of work for eqemu, they were the core for a long time. However, the attitudes and elitist attitudes aren't missed at all. There was so much drama surrounding the whole Dev team during that time, that EQemu was almost spli and ripped apart.
I would love to see some of the old dev's to come back and revive this dying project, but if the attitudes and drama come back too, most of the people left here who still do contribute would leave then we would be right back where we are now. |
Quote:
I R uber...And you suck! hows that for elitist? woot. |
old days...
|
|
I wonder how this exploit works. If it is just an attack against the server ports it would help if the login Server and the eqemu server did some sort of handshake, so any IP who did not connect to the loginserver first might still be able to open these ports but the emu server will not communicate and close it instantly.
Also it would be nice to know if the attacker is stupid enough to operate from his own account. Wouldnt it be funny if this jerk is also browsing these forums with the same IP, maybe even logged in. That is what logfiles are for. Some facts about devnoob: Way back devnoob did his utmost to kill Lucid Vision. He messed with the login server and banned or hijacked accounts until they decided to run their own login server.Then tried to hack their forums and finally forced an wipe with some hidden backdoor in the eqemu code. It is not a matter of brilliance. I take an merely good lead programmer over an brilliant egomaniac anytime. Anyway. I would suggest not to feed the Troll any further. if no one responds to his BS he will get bored. |
Quote:
Because then i'm just opening up more problems for myself. I'm not familiar with Linux, so if something doesn't work I won't know if it's because i didn't set something up right, or because it's part of eqemu, etc etc. I would be *wasting* more time as it is. Plus I really have no time to learn something new, I have too many "Gotta Learn this system" at work going on as it is. Plus if this is an issue with ports eqemu uses, then it's going to affect linux as well. I've got my system locked down good, no one is going to be able to get into that doesn't use the 700* ports. My first problem was that I didn't do this before putting the server online. I was too excited about having a server running that I had no anti-virus installed, I had ports open on my firewall that shouldn't have been (VNC for one since I don't have a monitor hooked up ..btw that is disabled so don't try), etc etc. My main worries were that I overlooked something, but now I know it's just part of eqemu and for some classic eq i can live with that. |
I need to butt in here because oldlurker seems to love creating rumors left and right, maybe if his registration date wasn't July of 2007 I would be more impressed. I am not devn00b first off, but he is a good friend of mine, we live in different states. Secondly devn00b although had the ability to damage Lucid Visions servers did not do so, it was done on part by various eqemu members (To take down the server), although there were a few eqemu developers that created cheats (such as exploiting the point system for items).
I appreciate mattmeck's support as we did put a lot of effort into eqemu and I think as you can all understand when you put a lot of effort into something you have a lot of emotional feelings towards it. However what has happened is in the past, the big argument that occured I think is resolved for the most part atleast in my eyes. But seriously if you didn't understand the situation stop just making up stuff, thats just ridiculous. |
Quote:
Trust me, you really want to invest the time and get a linux server running. Yes, the learning curve is a bit steep but once you get the hang of it you wont look back. |
Now I *know* you hate me! (didn't invite me to your wedding!).
Quote:
|
There is absolutely NO reason in my mind that ANY good code from ANY source should not have the same chance to get committed as any other.
Personalities mean nothing. Infighting means nothing. This is about the code. The facts are this, whoever is policing the tree and is putting personalities over the project is flat out WRONG. If this sort of practice was the norm, we wouldn't even HAVE a linux kernel. Don't believe me? Go read the LKML. Whoever is cockblocking code from sources they don't "like personally", grow up. Get over it. Real people are out here running servers that cost real money. We have a right to the best emulator possible. If fixes, code, features and bugfixes are not hitting the tree due to politics, then I call bullshit. The players also deserve better. You may not like everyone that has ever worked on this project (or wants to now), but if they write good stable code that improves this project in ANY way, you have a DUTY to accept it, not sit on it. If you do, you're doing more damage to the project than they EVER could. Think about it. Image and devnoob (and whoever else) may all BE jerks for all I know. But I say, who cares--it does NOT MATTER. If they write good code, ACCEPT IT. Otherwise, the maintainers are the ones doing the real damage... and a fork becomes necessary. |
I don't think anyone is blocking anything, just simply, lack of interest is all.
Even if you were to fork, I would really think hard about who to give control to all this, because some people in this scene are acting very childish, to a point where they are willing to sabotage what we already have. Quote:
|
Dev, Image, I know you remember the EQEmu where if someone annoyed certain developers they have pics of the tub woman crapping in her own mouth posted, or added as there avatar. The constant bans from IRC, the instant bans from the forums for asking almost any question.
The work you two did in your time made EQEmu what it is, and guild wars is sorely missed, however all the stuff that went on (whether you did it or allowed it to happen) made EQEmu horrible. There has to be some way that developers can function and code without all that crap being done. We went from a lot of work being done but a poor community, to a great community and no work being done!! WTB the mythical middle ground!! |
I think a big problem right now is the interaction between the developers and users has been severed for the most part in EQEMu. All people who have been giving code additions have not been getting the attention they deserve (KLS for example, think thats the name). Either way its up to the current developers to take responsibility for the project. Most of the developers that have moved on are on new projects or working and don't have the time.
And yeah the early EQEMu years were pretty destructive, but the passion for developing EQEMu was much stronger at that period of time as well. So I think it somewhat balanced itself out and it began calming down for the most part. All I can say is it would be good to learn from those mistakes :) |
Quote:
Anyways, it irked me reading that nothing is being done to further the project, because it is simply not true. And this is coming from one of the "developers"... me. |
True, but you are just now posting the PEQ quest pack which hasn't had an up date since last year (probably was posted because you saw this storm brewing).
Also, your PEQ Database is posted, but very complicated for most people to access. They have to go to the CVS and learn how to fish for the files. In Resume, I think you are all most interested in the PEQ Server for gameplay (and fame), when your first passion and priority should be to serve the public and provide them with fast, easy updates to what you are doing (the source as well as the database). Maybe you "meant" to do it or "didn't have time" - but if PEQ is to belong to the public, then you first priority is to give it to everyone, not sit on it and work it into the server. If there is an update, it should go public right away and now dwell around on some ones "private" server. If there is a problem with the update, then we all know this is alpha/beta, so we can report it and take it out. I also think you are being unjust by not permiting other servers in the "Preferred Server" listings. Currently, I see no good reason why anyone should be under the "preferred" server listing void to promote their server. Quote:
|
|
I take offense to the fact that you seem to think our database is "private." The fact of the matter is CVS is very easy to use, and if people can't figure out, then that is their problem. I update it frequently, so our software is anything but private. I am not one to push out half assed releases just for the sake of releasing something. When I push something out, I want it to be of the highest quality. The Ykesha release isn't ready, but I do agree it has been too long since the last true release so it needed to get out. Maybe once the epics are all complete, and we get the few zones overhauled we wanted to, I'll do push a RC1.
I also take offense to the fact that you feel the server is the main part of the project and is about "fame." I agree we are concerned about gameplay... those corrections or bug fixes in the code go right to the EQEmu CVS. Looking down the EQEmu changelog I can list at least 20 items that either I requested or reported because of Grand Creation. But, the main purpose of the server is the database and quests, both of which I spend hours a day working on. The players are aware of the fact that the server itself is the least of my priorities, and as long as I do care about their concerns (which I am) they are happy and continue to feed me with database bug rerports and suggestions. |
Quote:
I apologize if this sounds like I'm mad. I have to admit I find what I have read here offensive to all the great work we have done at PEQ over the last year and to all the great work that is being done to server development itself. |
Wow, this thread was flirting with turning into something productive before everyone decided to Circle the Wagons.
Change scares some people, it's an unfortunate fact of life. I've been trolling the forums and playing on servers for few years (never hardcore, mind you), and I orginally heard about EQEmu from a friend that wanted me to try this awesome new thing called GuildWars (before the non-namesake ripoff PC game came out). I've seen a lot of things change, and bannings sway based on which cults of personality were in control of which piece at the time. Granted, I didn't post for years after seeing some of the things that happened to people that posted. I've had a ton of stupid questions, but slowly but surely, I've found the answers to them, until I was finally ready to take a stab at setting up my own server. Cavedude and Wildcard, I know it's instinct to get defensive, and I do understand that, but I think that you guys got brought into this as collateral damage. The central point to this whole thread is, something needs to happen to stimulate the community. Let's look away from the devs for a minute, and stop pointing fingers at whose fault it is. The bottom line is, people are starting to get bored. Yes, your community, the group of people that, I've seen so many pretend, don't fucking matter. I ask you this: If the community (read as: the players) are not important, because they haven't submitted code (yet), then who are you building this code for? I could fill the fucking grand canyon with the posts I've seen bashing the players. Do the devs get together and have a tickle fight on a different person's server every saturday? No. It's not anyone's midterm project, no one has to do this. The code and databases exists to put up a server for PLAYERS to log into. The community DOES matter, and the fact that I've seen reinforced over and over is that as soon as someone gets into a control position, they seem to forget why they can even call themselves a (insert title here). There are a lot of political and social parallels to this going on right now, but I'll keep that to myself, for risk of the thread getting further derailed. Something needs to happen, someone needs to, as image said, learn from the mistakes, and swallow a little gulp of pride. If you are in control (of the database, of the source, of the forums, of a server, of any aspect of this community), and you feel yourself getting disinterested, don't have time, or just don't give a shit, then do yourself and everyone else a favor and hand over the reigns to someone with some enthusiasm for it. Burnout is completely normal, and no one will view you as a quitter or a deserter for standing down, BUT do not half-way stand down (holding onto or holding back certain pieces of code, etc), don't try to make the community realize how fucking important you are, you'll only tarnish your own name, and people will resent you for your last days, rather than glorify your time in service to the community. This community (EQEmu and PEQ are not separate communities) needs to get excited about something, and it's been a while since anyone has had anything major to get excited about. When the community gets excited, you'll see more code slingers, database devs, security spooks, project managers, GMs, and players coming out of the woodwork to participate than you'll know what to do with (and all of the positions listed in this statement are equally important to this community, if you disagree, then reread the first two sentences of this paragraph quietly to yourself while you blush). If you are jaded and unhappy with your part in the community, you're projecting that on everyone you come in contact with. The good news is: Enthusiasm is extremely contagious, and it will only take is a few excited people to re-energize this entire project (if you say that it doesn't need to be revitalized, then you're in complete and total denial: likely due to a fear of healthy internal competition. Let's not forget that it's competition that put a man on the moon). [/motivational speach off] |
Ok some key points.
-PEQ is trucking along, work is being done -nice work being done to allow bots ! omg i think thats so cool -Openzone ! its te sweet! -open client, wow Wind, and anyone helping i am in awe. -countless others, with code fixes, quests and anything else i cant think of off the top of my head all great things. Not one was mentioned in my post, my concerns are based on those with a developer tag, those who can actually modify the code. Doodman has contributed so much to the community, not one person can claim otherwise. FNW, has rewrote, fixed, coded, quested, lord knows how much. I hear there is more developers know but /shrug where are they? who are they? and thats my point, there is no communication. so far i have tried to get a hold of the dev team via the following over 21 unanswered e-mails over 30 unanswered PM's via forums countless hours on IRC trying to get answers And i am sopose to be helping run the forums! The "official" development team has cut themselves off from anyone who cant live on IRC, if you can be there 24/7 then you can catch them, otherwise your left in the dark (including me) I have much love for the people who contributed and made EQEmu what it is, but the current devs need to look at "promoting" people who are more actively involved. I never claimed eqemu was dying, I just claim we need more involved developers. |
Matt please lock this down before more people are indicted on false pretenses and we lose some more good minds in this community .....and by the way Angel......why the fuck would you have to drag some innocent names into a conversation like this and talk about them in a defamatory way??
Quote:
While your at it Matt, I vote for a 10 day ban on Angel for out of jealousy bringing other people into this conversation and being such a little dick. P.S Angel,learn cvs you power mad little twit |
Quote:
Rather than trying to make a Stalinistic example out of someone, how about letting people speak to the points, and let's see where it leads us. |
FYI. The current dev team is probably not as cohesive as other dev teams in the past, but they include:
FNW Doodman KLS WildcardX Rogean I'm sure there are a couple others that also should be included as "devs" and who also have access to the server code respository, so this is by no means an all inclusive list. Also, some of us are more active than others at different points in the year. Speaking for myself, I know I do most of my work during the fall and winter, but then I go sit in my pool for the summer and drool over my wife's bikini. I agree there ought to be better communication and collaboration. |
Dev/Project Manager?
Quote:
We have always had a business analyst / project manager type person that keeps track of what everyone is working on and keeps everyone in the loop about the status of things, this way the devs can focus on being devs rather than worrying about that whole "communication" thing. ;) Maybe this project shouldn't be too far beyond the structure of a typical office environment in that aspect? Is there someone technical and familiar enough with the project that the devs wouldn't mind keeping in the loop, that could act as a liason to the community? Perhaps this person could bridge EQEMU and PEQ for this role as well? Just a thought. Dax |
| All times are GMT -4. The time now is 02:44 PM. |
Powered by vBulletin®, Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.