Login Server Insanity
 

Seems like the login server always has to have issues on my days off or when I actually have time to play EQ these days. Seems like there would be a better alternative to this Login server that everyone that is running a server has to rely on it working properly just isnt realistic. I mean what is the point of keeping everyone going through one login server where there could be multiples then possibly use built in or 3rd party listing of servers.... I dunno... Im just saying that something needs to be done...

Error im getting is the Crappy Incorrect login and password ive tried changing it and 2 different accounts.... still nothing......

There are plenty of posts about that. No need to keep making new topics. Nobody wants to click and read that.

Secondary LS would be ideal in situations like this~

Could always go get soem sun on your pasty white skin while the LS is down. But I do agree with you, we fucking pay good money for this shit it should be working.

I don't speak Spanish.

Siempre podria ir consigue algun sol en la piel blanca pastosa mientras las L son hacia abajo. Pero concuerdo con usted, nosotros los joder pago dinero bueno para esta mierda que debe estar trabajando

Well i just started having the password issue. It's weird though, i have the issue at work on my new cpu, but i do not have it while i am at home on another cpu.

Think it could be a security issue with ip address's?

It is just a sporadic issue, most likely caused by someone intentionally crashing it. A plan to replace the current LS is already in process and it shouldn't be much longer before a good solution is in place. Also, alternate LS options are starting to pop up and I think we may still see 1 or 2 more LS options sometime soon. Just hang in there. This is a bad time for EQEmu but the smoke will clear soon enough and things will be better than they have for a very long time.

Can the source of these attacks be traced and the culprits identified?

It is my understanding that the attacks were coming from multiple IPs all over the world originally. I am not sure exactly what doodman had to do to make them stop, but I think he was able to mitigate most or all of the actual attacks by tightening up security considerably. Unfortunately, whatever he had to do to remove the possible attacks may be attributed to the new bad username/password issue we have been seeing for a couple of weeks now. I am not exactly sure what triggers it, but it seems like MySQL isn't communicating properly. I am unsure what is breaking MySQL at this point, but I wouldn't be entirely surprised if it was still attack related. The original attacks were DoS (Denial of Service) attacks, which basically means someone was flooding the server or trying to make a ton of requests that the server just wasn't able to handle. If attacks are still happening, then I don't think they are DoS attacks anymore, they are probably exploit attacks. If someone was aware of loopholes in the LS code, they could exploit those loopholes to crash the server. We know for a fact that this has happened recently and resulted in LS crashes. If someone is still using similar exploits to keep crashing it now, I am not sure.

Hopefully the loopholes in the code can be worked out to remove all possible crash exploits. This was probably one of the good reasons not to open source the Login Server. For someone to exploit it, they would need to have a copy of it, but unfortunately I believe the current LS is based on one that was shared publicly years ago and some of the same loopholes still exist.

Only Doodman can really answer that question for sure though. I am just speculating from what I have heard through different forums, PMs and IRC. Either way, the team is working on a permanent and stable solution for the Login Server. It shouldn't be too much longer, but I don't have any kind of ETA since I am not directly involved in the solution.

that is EXACTALLY Why i say a new hunk of hardware is NOT the answer you profess it to be trevius. No offense but you keep telling us how a new server being purchased will solve all our problems, yet now you admit that its caused by software loopholes, well I can tell you this a busted hunk of code is a busted hunk of code and no ammount of hardware upgrades will fix that

Dumb 5 minute rule lol

really? then explain how people exploit windows without ever having the source? you dont need source to find exploits. The software as keeps being posted is old apparently very old and very little work is being done to it. I also have to say the emu server source is released and people dont spend all their time trying to explot that, All im saying is that new hardware isnt going to fix this issue at all, thats like a bandaid on a gunshot. The code needs to be updated and activly developed Backup redundancy is needed because as has been pointed out this is a software vulnerability issue, while yeah a new server platform will be helpfull in the long run currently it will do no good whatsoever other then keeping the server running a bit longer before it crashes

I have alot to say about it cause ive done an ungoddly ammount of reading since i joined(Cant play most of the time so might as well read lol) to answer your question in another post trevius

What kind of redundancy are you talking about..?

any kind of redundancy like i dunno maybe fixing the software and keeping the old server as a backup or, i dunno just redundancy if the main one crashes options for connecting your server and client to others.

If you read through the wiki and forums enough youll see plenty of posts saying there are multiple loginservers running for older versions of the emulator on multiple ports. Theres lots of ways to have a backup

Image your LS and Minilogin release... completely awesome btw i use the minilogin now it works like a charm keep up the good work.

I just dont see why everyone keeps saying that a buying a new hunk of server hardware is going to fix all these problems caused by outdated software that isnt being activly worked on that people are exploiting

I believe the eqemu team will have some announcement within the next couple days on what their plans are beyond the hardware changes.

I hope they do have plans beyond it or they will be kicking themselves in the arse for dishing out that much cash and having the same problems crop up lol

Less drama please~

OpenBSD, OpenSSH and OpenSSL all disagree with you.

To quote a post I made today on the PEQ forums on this same topic:

That said, I also want to touch on the stats of the current Login Server. It is handing a 100K+ forums with up to dozens of people browsing it at a time. Also on the same host server is the Login Server, which probably actually uses only a small percentage of the system resources. All of this is running on a server that I believe only has 256MBs of RAM and a CPU that is comparable to that. No matter what our issues are, it wouldn't take much to push the server to the point that it is unusable. Even before any attacks or anything like that began, we had issues with the Login Server/Forums due to the extremely limited hardware. We cannot and will not have a reliable LS and Forums until the hardware is either upgraded by a large amount or it is moved to a completely new host with considerably better stats. So, if we want to have a stable Login Server, the first step is to get the hardware issue resolved and that is in progress right now.

The second step would be to clear up issues with the code that might allow exploits and also add security where needed to limit possible attacks. Right now with only 1 person (who has very little free-time) really having access to do that, we have little control over it to help improve it. Once ownership is moved, we should have considerably better support for ensuring that the code is up to par. KLS is one of the most knowledgeable people on the project at least as far as code goes, and if anyone can fix it, I am sure she can. And if she needs help, I am sure there are plenty ready and willing to help her. The best part is that she is an active member of the team, which is not the case with the current owner. If you read the changelog for the source for the past 2 years, you will see probably 100+ changes done by her alone. And many of those changes were HUGE for the emu to help it get to the state it is at today.

The project basically lost almost all of it's core developers a couple of years ago (not at once, but over time). Everything was setup for just them and the right people didn't have access to get things changed to add add more members to the dev team or even change the status of accounts in the forums. Slowly, but surely, we have been getting control over more and more things. If you are aware of our current google SVN setup, then you should be able to easily see how quickly things are updated on it. For probably a year+, I think KLS was the only one who had access to the old SVN and so she was the only person able to make updates. That was a very slow process because we had no easy way for people to get new code updates in. Everyone had to submit their code changes in a post in the forums and KLS would have to try to go through each person's code, and try to get it working, which I am sure was frustrating to her. Since then, we setup the google SVN which allows us (the team) to finally control everything that goes into the server. Updates have been flying every since. It is not surprising to see at least 1 new good update every day now.

The reason I mentioned the new SVN is because I apply that idea to the Login Server. Once it is in our hands (even if only KLS has direct access to it), we will finally have the means to fix the issues that exist with it. If the move to the new SVN sets any type of example of what we can do once we get our hands on things, then I am confident that people can fully expect a nothing but exceptional Public Login Server once it is all done.

Depending on who is allowed access to the new host, we may even have the option to get new features added to the forums and finally get the website updated so that it is current. I know everyone would love to have an option to reset Login Server passwords if they are lost/forgotten, which there is currently no option for. I would personally also love to see a server status page that would show which servers were up and connected to the Login Server and how many players were on them. There are quite a few other additions that we could add that I think would be great additions. Nothing has been changed here in years and it will be nice to at least have the option available to get some new features in and update some of the stuff that is no longer current (donations link on the main page, playguide link on the main page, etc etc).

All I am is asking is for people to have a little patience. Believe me, as much as you think this is frustrating to you, I can promise you it is just as frustrating if not more frustrating to all of us on the team. We all hate to see the emulator in the state it is today and we do actually care about the players. We want things to be perfect just as much as you do! :D

Im sorry i have to differ on this, the FIRST step should be fixing the code, that is where the problem lies that is where it needs to be fixed just throwing money and more resources at it only means that itll take a bit longer to crash not that it will not do so. There is no point whatsoever in throwing money down a hole for a new server untill the code is proven to be stable and reliable.

The second step should be cleaning out the database if you look at the index page of the forums you can see how many registered members there are, each allowed to have 3 accounts so multiply that number by 3 and you will have an idea of how bloated gunked up and overloaded the current database is, that needs to be cleaned long before its moved to a new server as well ( a simple select query going through that many records in a table would take a ton of resources right there think of how long it takes to source the current peq db on a brand new box)

third step should be updating the sites hosted and getting rid of outdated old stuff that is no longer used or needed.

Then after all this is done THEN you buy a new server migrate everything that is cleaned and updated and fixed to avoid bringing the new server down because of the same exact problems plaguing the current server.

what you are talking about is like getting the wagon to lead the horses that are supposed to pull it, without these things fixed the LS and website will continue to be just as unstable and unreliable as it always has been reguardless of the resources you throw at it hardware wise.

debunked software and databases are just that debunked broken no hardware on earth will fix that.

Just a question is there a group of people that mess with the login database? (cleaning banning updateing moving etc)? If so is it a personel issue? not enough people or time constrants?

Also 256 memory handling all those connections and what not an now just having problems is pretty impressive. 256 isnt crap anymore. all 3 video cards have almost 1 gig each on em.

I know its not the same thing but I agree Hardware needs addressed to a degree as well.

But also agree patches and cleaning up of the ls database would purge out alot of crap.

Sigh we will see what the plan is.

Maybe some sort of a fallback?