| www.ClassicTW.com https://mail.black-squirrel.com/ |
|
| B.O.T.E. Issues https://mail.black-squirrel.com/viewtopic.php?f=14&t=19898 |
Page 1 of 1 |
| Author: | Runaway Proton [ Sat Oct 13, 2007 10:15 am ] |
| Post subject: | |
Trust me, I'm well aware of the lag issue. I've spent the last two nights trying to figure out the cause, getting myself into dutch cause I'd promised the wife help with other issues. This is what I know. SG and his corp was kind enough to work with me to determine if his scripts were causing the issue. I'm not saying they are not part of the problem, but they are not all of it. SG had his corp turn off all scripts, and they played dead issuing no commands while the lag was in progress. The CPU remained pegged. Then for some reason once when he restarted them the lag stopped. There is an icrease in cpu load when he runs them, but it's not pegging it, and he's run them far longer than the lag issue has existed. I've also reset TWGS after the lag, and it works for a while, and starts up agaon, reguardless of script usage. So I'm ruling out C1 scripts as the total cause for the lag. (contributing factor maybe) Now, I'm no expert, but I do know my software firewall keeps throwing alerts at me because someone is trying to access my system from a range of ports. This bothers me cause if my software firewall is alerting me to the issues, it means my hardware firewall has been breached. I deny one request, it moves to another port that I'm quite sure is not in use by me. I set the firewall to deny all, but the lag continues. Then at 7:30am EST this morning, all cpu spikes ceased. It looks like the attack is over, at least for now. Two things are going to happen here. IF this happens again tonight (Third night in a row it will be) then I'm going to susspend the game. I'm going to move the game to the Tournament server. If this happens I'll announce when the game will reopen in this thread. The game address will change ports to 2002. telnet:\\telnet.runawayproton.com:2002 After I move it, I'll suspend all remaining games on my regular machine and hit it hard for spyware and viruses. When I'm sure this has been cleared, I'll bring up regular games on my regular server, but I'll leave the BOTE game on the tournament server. I trust the tournament machine is stable, but it's untested at this time. Wish me luck!! Sorry for the issues, but I'm trying to get it resolved. |
|
| Author: | Singularity [ Sat Oct 13, 2007 10:52 am ] |
| Post subject: | |
That NLclient program I talked about w/ you the other day has a history of doing this. Have you tried just shutting it off? What firewall do you use? And what are the alerts exactly? |
|
| Author: | Runaway Proton [ Sat Oct 13, 2007 11:05 am ] |
| Post subject: | |
Singularity wrote: That NLclient program I talked about w/ you the other day has a history of doing this. Have you tried just shutting it off? I tried,.. for some reason it kept coming back up. I shut it down permanently this morning, but after the spikes had already stopped. Singularity wrote: What firewal do you use? Well, was using the NL firewall, but before that had relied soely on the routers built in firewall. I have a Netopia modem/router and the firewall is turned on, and supposed to be a good one. I'm building a m0n0wall firewall, but not finished yet. My intent was to keep TWGS in the DMZ on the firewall, but now I'm questioning that thought. Singularity wrote: And what are the alerts exactly? I tried to cut/paste one of them, but that window won't do so. Basicly it's showing someone is tryint to access my computer via address/port The ports keep changing, but the whois from the attempt keeps showing IANA but I doubt they would be trying to access my machine, so I think it's masked. Sorry I'm not a hacking athority, if you tell me what I SHOULD look for, I'll note it next time. Thanks for your help by the way Sing. |
|
| Author: | Runaway Proton [ Sat Oct 13, 2007 3:52 pm ] |
| Post subject: | |
Well, just heard from another sysop, happened to him also last night. Some bot hitting the site for 600+ attempts an hour, and spiking the cpu as well. Sounds identical. Maybe we can find a way to shut this down I hope. |
|
| Author: | Big D [ Sat Oct 13, 2007 4:05 pm ] |
| Post subject: | |
Runaway Proton wrote: Well, just heard from another sysop, happened to him also last night. Some bot hitting the site for 600+ attempts an hour, and spiking the cpu as well. Sounds identical. Maybe we can find a way to shut this down I hope. Before you go to too much trouble, try this RP. Get everyone offline, archive the game, delete the entire game directory, and re import it. Many times it is a node problem that won't repair itself until the game is completely replaced. This happens especially if you have used tedit to delete a player of observer while he was online but it can happen for no reason also. Sometimes when a player is killed and tries to log back on before that node is free. Anyway, I would say that is it twgs that is causing the max CPU. It has a bad history of that concerning nodes. |
|
| Author: | Runaway Proton [ Sat Oct 13, 2007 6:36 pm ] |
| Post subject: | |
OK, called my ISP, not much help, they suggested I call back monday to have my Static IP address changed. For now, I've moved the game to the Tournament Server. Change port settings for BOTE game only to 2002 instead of 23. All other games will remain at port 23. Game will reopen at this new address at 6pm EST. Hope this solves the issues for now. I hope the Tournament box is trustworthy, but it's untested yet, please let me know of any issues. telnet://telnet.runawayproton.com:2002 Let this be a lesson to all you sysops. NEVER EVER post your direct IP address on this or any other board as I did. I should have ICQ'd it to teams rather than post it when I had my issues. |
|
| Author: | Runaway Proton [ Sat Oct 13, 2007 7:48 pm ] |
| Post subject: | |
Monday I'm going to call my ISP and request they change my IP address (I have a static address). Unfortunatly this will mean yet another interuption when they change it, then I'll have to change the redirect to the new IP address. (I'm NOT posting the direct IP here on EIS again if you tune to the telnet.runawayproton.com address as soon as the redirect is complete, you will get in. |
|
| Author: | Singularity [ Sat Oct 13, 2007 8:38 pm ] |
| Post subject: | |
Just write down the error next time one occurs. Realize that this could be very natural. There are a lot of requests that happen under the surface that we're not meant to see. If it is an attack we can't know until we see a full message. Try kerio or comodo firewall, they both work very well. As bigD said, this could be a corrupt node issue too. |
|
| Author: | Big D [ Sat Oct 13, 2007 10:29 pm ] |
| Post subject: | |
Runaway Proton wrote: Monday I'm going to call my ISP and request they change my IP address (I have a static address). Unfortunatly this will mean yet another interuption when they change it, then I'll have to change the redirect to the new IP address. (I'm NOT posting the direct IP here on EIS again if you tune to the telnet.runawayproton.com address as soon as the redirect is complete, you will get in. That's not going to keep players from gettting your real IP addy. Your real addy is displayed on the twgs screen whenver someone logs into your twgs. Even if it scrolls by too fast for some to see, it's as simple as tracing their rouite to find out what your real IP is. Other than firewalls helping, there's not much you can do about people finding your pc. You just need to protect all nodes but the node you are using for the twgs to be safe. Remember, port 80 is used a lot for cookie transfer, so it will have some activity if you want your browser to work right. |
|
| Author: | Runaway Proton [ Sat Oct 13, 2007 11:05 pm ] |
| Post subject: | |
I never use that computer to browse or download. I brought it up without the bote game now that it's moved and I'll see what happens. I know the IP can be found, and maybe I'm just paronoid, but I just hate to see what's going on here. Now that the game is moved, I can watch it a little closer and feel free to mess around with settings a bit. If it happens again, I'll run HiJack and see what's running. Thanks to ALL for your help. |
|
| Author: | Cerne [ Sat Oct 20, 2007 12:50 pm ] |
| Post subject: | |
Anyone can ping your servername and ping resolves to the ip address. Cerne |
|
| Page 1 of 1 | All times are UTC - 5 hours |
| Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |
|