Go Back   EQEmulator Home > EQEmulator Forums > General > General::General Discussion
Reload this Page Reality Check

General::General Discussion General discussion about EverQuest(tm), EQEMu, and related topics.
Do not post support topics here.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #13  
Old 03-28-2009, 05:01 PM
AndMetal
Developer
  
Join Date: Mar 2007
Location: Ohio
Posts: 648
Default
Quote:
Originally Posted by WillowyLady View Post
If the LS is indeed receiving DoS attacks, surely the culprit(s) can be traced and reported to thier ISP. However, I think they would be savvy enough to hide behind proxy server(s), even then is it not possible to trace to that server and Identfy the owner and report the attacks?
I would say possible, but not probable. Until computer users stop running viruses (see Zombie Computer), you can report issues to ISPs and they will usually inform the user of the issue (sometimes disconnecting their service until they can prove they have the virus removed), but with all of the anonymous proxies out there, that all depends on the willingness of the proxy owner to help.

Quote:
Originally Posted by Aergad View Post
just block the ips from the server iptables and the problem is solved cant attack what they cant connect to that will give them time to actually fix the code
The problem with just blocking the IPs @ the firewall is they start coming from another IP (mostly proxies, but not all of them). Doodman was trying to force 500-series errors to trick the bots into giving up, although I'm not really sure what became of that (I stopped following the IRC logs about a week or so ago).

The issue is the web server was being DoS'd, not the login server (out of 10,000 connections available, ~9,000 of those were from a single IP). That was causing the issues with the main page, forums, etc from being accessed. However, this wasn't really affecting the login server.

The issue with the login server was a buffer overflow exploit (my money's on the user count). Doodman addressed this in the post in the News section, including that a fix has been put in for the issue:

Quote:
Originally Posted by Doodman View Post
The loginserver was running pretty well for a long time, until someone in the community found a buffer overrun bug in the loginserver and decided to exploit the fact that they could make it crash. It wasn't a random crash. It was crashing in the same spot, from the same user, sending the same information. I hastily implemented a fix to prevent the attack, which ended up fixing the issue but introducing the "incorrect password" issue that was seen for a day or so. That is also now fixed. The login server has been up (except for a restart by me) w/o crash for day in a half. Which, sadly, considering the past few weeks is quite a bit.
The bottom line is, yes, there are more than likely enhancements that can be made to the existing login server source, but if a more powerful server was in place, it would have been much more likely for it to shrug off the DoS attack, which was the main problem. That's still going to be the biggest bottleneck, not an issue in the software that has already been patched.
__________________
GM-Impossible of 'A work in progress'
A non-legit PEQ DB server
How to create your own non-legit server

My Contributions to the Wiki
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

   

All times are GMT -4. The time now is 03:08 AM.

EQEmulator - Archive - Top

 

Everquest is a registered trademark of Daybreak Game Company LLC.
EQEmulator is not associated or affiliated in any way with Daybreak Game Company LLC.
Except where otherwise noted, this site is licensed under a Creative Commons License.
       
Powered by vBulletin®, Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Template by Bluepearl Design and vBulletin Templates - Ver3.3