It is my understanding that the attacks were coming from multiple IPs all over the world originally. I am not sure exactly what doodman had to do to make them stop, but I think he was able to mitigate most or all of the actual attacks by tightening up security considerably. Unfortunately, whatever he had to do to remove the possible attacks may be attributed to the new bad username/password issue we have been seeing for a couple of weeks now. I am not exactly sure what triggers it, but it seems like MySQL isn't communicating properly. I am unsure what is breaking MySQL at this point, but I wouldn't be entirely surprised if it was still attack related. The original attacks were DoS (Denial of Service) attacks, which basically means someone was flooding the server or trying to make a ton of requests that the server just wasn't able to handle. If attacks are still happening, then I don't think they are DoS attacks anymore, they are probably exploit attacks. If someone was aware of loopholes in the LS code, they could exploit those loopholes to crash the server. We know for a fact that this has happened recently and resulted in LS crashes. If someone is still using similar exploits to keep crashing it now, I am not sure.
Hopefully the loopholes in the code can be worked out to remove all possible crash exploits. This was probably one of the good reasons not to open source the Login Server. For someone to exploit it, they would need to have a copy of it, but unfortunately I believe the current LS is based on one that was shared publicly years ago and some of the same loopholes still exist.
Only Doodman can really answer that question for sure though. I am just speculating from what I have heard through different forums, PMs and IRC. Either way, the team is working on a permanent and stable solution for the Login Server. It shouldn't be too much longer, but I don't have any kind of ETA since I am not directly involved in the solution.
|