Login Server Insanity

[Aztore]

Seems like the login server always has to have issues on my days off or when I actually have time to play EQ these days. Seems like there would be a better alternative to this Login server that everyone that is running a server has to rely on it working properly just isnt realistic. I mean what is the point of keeping everyone going through one login server where there could be multiples then possibly use built in or 3rd party listing of servers.... I dunno... Im just saying that something needs to be done...

Error im getting is the Crappy Incorrect login and password ive tried changing it and 2 different accounts.... still nothing......

[barista1987]

There are plenty of posts about that. No need to keep making new topics. Nobody wants to click and read that.

[Tyen04]

Secondary LS would be ideal in situations like this~

[HurtinuDaily]

Could always go get soem sun on your pasty white skin while the LS is down. But I do agree with you, we fucking pay good money for this shit it should be working.

[Tyen04]

Quote:

Originally Posted by HurtinuDaily

Could always go get soem sun on your pasty white skin while the LS is down. But I do agree with you, we fucking pay good money for this shit it should be working.

I don't speak Spanish.

[HurtinuDaily]

Siempre podria ir consigue algun sol en la piel blanca pastosa mientras las L son hacia abajo. Pero concuerdo con usted, nosotros los joder pago dinero bueno para esta mierda que debe estar trabajando

[shalll]

Well i just started having the password issue. It's weird though, i have the issue at work on my new cpu, but i do not have it while i am at home on another cpu.

Think it could be a security issue with ip address's?

[trevius]

It is just a sporadic issue, most likely caused by someone intentionally crashing it. A plan to replace the current LS is already in process and it shouldn't be much longer before a good solution is in place. Also, alternate LS options are starting to pop up and I think we may still see 1 or 2 more LS options sometime soon. Just hang in there. This is a bad time for EQEmu but the smoke will clear soon enough and things will be better than they have for a very long time.

[WillowyLady]

Can the source of these attacks be traced and the culprits identified?

[trevius]

It is my understanding that the attacks were coming from multiple IPs all over the world originally. I am not sure exactly what doodman had to do to make them stop, but I think he was able to mitigate most or all of the actual attacks by tightening up security considerably. Unfortunately, whatever he had to do to remove the possible attacks may be attributed to the new bad username/password issue we have been seeing for a couple of weeks now. I am not exactly sure what triggers it, but it seems like MySQL isn't communicating properly. I am unsure what is breaking MySQL at this point, but I wouldn't be entirely surprised if it was still attack related. The original attacks were DoS (Denial of Service) attacks, which basically means someone was flooding the server or trying to make a ton of requests that the server just wasn't able to handle. If attacks are still happening, then I don't think they are DoS attacks anymore, they are probably exploit attacks. If someone was aware of loopholes in the LS code, they could exploit those loopholes to crash the server. We know for a fact that this has happened recently and resulted in LS crashes. If someone is still using similar exploits to keep crashing it now, I am not sure.

Hopefully the loopholes in the code can be worked out to remove all possible crash exploits. This was probably one of the good reasons not to open source the Login Server. For someone to exploit it, they would need to have a copy of it, but unfortunately I believe the current LS is based on one that was shared publicly years ago and some of the same loopholes still exist.

Only Doodman can really answer that question for sure though. I am just speculating from what I have heard through different forums, PMs and IRC. Either way, the team is working on a permanent and stable solution for the Login Server. It shouldn't be too much longer, but I don't have any kind of ETA since I am not directly involved in the solution.

[Aergad]

that is EXACTALLY Why i say a new hunk of hardware is NOT the answer you profess it to be trevius. No offense but you keep telling us how a new server being purchased will solve all our problems, yet now you admit that its caused by software loopholes, well I can tell you this a busted hunk of code is a busted hunk of code and no ammount of hardware upgrades will fix that

[Aergad]

Dumb 5 minute rule lol

really? then explain how people exploit windows without ever having the source? you dont need source to find exploits. The software as keeps being posted is old apparently very old and very little work is being done to it. I also have to say the emu server source is released and people dont spend all their time trying to explot that, All im saying is that new hardware isnt going to fix this issue at all, thats like a bandaid on a gunshot. The code needs to be updated and activly developed Backup redundancy is needed because as has been pointed out this is a software vulnerability issue, while yeah a new server platform will be helpfull in the long run currently it will do no good whatsoever other then keeping the server running a bit longer before it crashes

I have alot to say about it cause ive done an ungoddly ammount of reading since i joined(Cant play most of the time so might as well read lol) to answer your question in another post trevius

[image]

What kind of redundancy are you talking about..?

[Aergad]

any kind of redundancy like i dunno maybe fixing the software and keeping the old server as a backup or, i dunno just redundancy if the main one crashes options for connecting your server and client to others.

If you read through the wiki and forums enough youll see plenty of posts saying there are multiple loginservers running for older versions of the emulator on multiple ports. Theres lots of ways to have a backup

Image your LS and Minilogin release... completely awesome btw i use the minilogin now it works like a charm keep up the good work.

I just dont see why everyone keeps saying that a buying a new hunk of server hardware is going to fix all these problems caused by outdated software that isnt being activly worked on that people are exploiting

[image]

I believe the eqemu team will have some announcement within the next couple days on what their plans are beyond the hardware changes.