|
Plans
Posted by: KLS :: 15 Replies :: 0 Views ::
I'd like to take a moment while the server is up to give out the plans for the near future.
We're going to be moving the current website off this box and onto it's own web hosting solution. Right now the issues with the server come from apache basically. You might notice when I kill it, the LS tends to run smoothly.
Wont be able to kill apache totally, there will still need to be a way for people to setup new accounts and manage(change the passwords) their old ones; but with only a few pages the resources and impact should be fairly minimal.
We also have a more up to date login in the works at the moment and when it becomes fairly mature we may deploy it instead of the current one. I haven't decided what to do with it beyond that but it will be actively developed, and wont invalidate older servers, any server that currently runs will be able to connect.
We also want to revamp the wiki to not only be something that is not a safe haven for bots but to be something that has a more coherent flow and information will be easier to find. This will probably be a work in progress after we move the site to it's own server.
That's the basic plans for now, anything else beyond that is just speculation and we'll cross that bridge when we get there. =p  Past, Present and Future
Posted by: Doodman :: 28 Replies :: 0 Views ::
I just wanted to post about the event over the last few weeks in regards to the stability (or lack thereof) of the site and the login server.
The site and loginserver were running pretty well over the last few months or more until a few weeks ago. Starting the the site was completely unusable and the loginserver was crashing all the time. Seems odd that after months of running well it all fell apart.
The site was being hammered by numerous bots (bad bots, ignoring robots.txt, etc) and was slaughtering the site. I spent a lot of time over the last couple of weeks watching logs, banning IPs and implementing defenses against the attacks. I finally resorted to, as I'm sure you noticed, making the forums require logging to even be viewed. This seemed to turn the tide for the site.
The loginserver was running pretty well for a long time, until someone in the community found a buffer overrun bug in the loginserver and decided to exploit the fact that they could make it crash. It wasn't a random crash. It was crashing in the same spot, from the same user, sending the same information. I hastily implemented a fix to prevent the attack, which ended up fixing the issue but introducing the "incorrect password" issue that was seen for a day or so. That is also now fixed. The login server has been up (except for a restart by me) w/o crash for day in a half. Which, sadly, considering the past few weeks is quite a bit.
During this time (mainly because of the DoS attack) it became painfully obvious that the box we signed up for 2 years about is showing its age. The machine is was undersized as far as CPU and RAM and badly need to be upgraded to newer hardware.
We've asked KLS to investigate a new server (based on donations) and to take the lead in being responsible for the server. The rationale here is several-fold.
1) I don't do anything with EQEmu except some minor maintenance on the server.
2) I'm too busy with other things to give it the attention it needs
3) Since I don't do anything with EQEmu, I'm done footing the bill personally.
I know people are frustrated with the level of service over the last few weeks (or more). Trust me, so am I. I did what I could to keep it under control when it was happening and it seems to have paid off.
I know an alternate loginserver has been offered and, frankly, I don't blame anyone who moves to that server. I think it is a bad idea to have two separate loginservers, but there is nothing I can or will do about it. You are free to make your own choices.
I won't speak for the other admins, but I'm not going anywhere. It's just the time for changing of the guards.
I'll be here if needed and will do what I can to help support the project. Even though I don't work with EQEmu anymore, my heart still belong to EQ and EQEmu. Feel free to PM me or catch me on IRC is you need anything. Login
Posted by: KLS :: 26 Replies :: 0 Views ::
Okay as I've posted before the login server is looking to upgrade to a new host. Our first option would be to get an entirely new server for it. For this I can't foot the bill, sorry. To do this we would need community help. So I've put up a paypal account for collection of donations toward getting and maintaining a new server.
Edit: I've taken donation down for now until we decide what to do. Thanks everyone. Passwords Compromised
Posted by: Rogean :: 9 Replies :: 0 Views ::
Recently a group of people gained access to an Administrator's account on the EQEmu forums, and edited the site templates to include a javascript entry which submitted all logins to a remote web server. As soon as we found out about this we locked the forums and removed the script.
Unfortunately, the hackers have the username and password of Every user who has logged in to the forums in the last 2 months. Yes, the passwords are encrypted in our database, but the javascript was executed as the passwords were typed into the login field, and before they were encrypted on the server. This means they get a cleartext version of the password, non-encrypted.
As as result, we have reset everyone's password on the boards and sent the new one to the email address on the account. I suggest that everyone get their new password and then change it to something you haven't used before. If your password was the same for your login accounts, I would change those too (Hell, change them anyways even if they weren't the same).
I apologize for the inconvenience this has and will cause, unfortunately we live in a world full of assholes that like to do this kind of shit. Happy New Year! 2009Posted by: Richardo :: 4 Replies :: 0 Views ::
Happy New Year to everyone! We wish and hope you all have a good new year and celebrate to your hearts content!
Looking back on the months gone by,
As a new year starts and an old one ends,
We contemplate what brought us joy,
And we think of our loved ones and our friends.
Recalling all the happy times,
Remembering how they enriched our lives
We reflect upon who really counts,
As the fresh and bright new year arrives.
And when we ponder those who do,
we immediately think of you.
Thanks for being one of the reasons We'll have a Happy New Year! |
