| Pages: 1 [2] :: one page |
| Author |
Thread Statistics | Show CCP posts - 1 post(s) |
Nehver
   |
Posted - 2003.08.19 19:43:00 -
[31]
Last hop for me gives a 30% PL loss.
................
Jeg ville aldrig spise fŐremave og t°rrede fisk, det skal man bo pŐ en ° i Atlanten for at vµre sk°r nok til at g°re. |
Marquise
|
Posted - 2003.08.19 19:45:00 -
[32]
I did indeed find a potential network problem, and also highlighted the server packet loss... in my pingplotter post
Don't mean to spam the link, I just thought that seeing as this is a sticky, maybe the devs/intelligent net people will see it ;)
Marquise
"In the end it all came down to one wonderfully simple principle: that happiness and vanity are incompatible."
|
Roba
|
Posted - 2003.08.19 20:01:00 -
[33]
Dudes. I am running win 98 on this machine so neither of these worms are responsible for the mad CTD's this morning. Only way they could be responsible is if they had gotten onto the EVE servers. Windows 98 SE is not venerable to welchia or msblaster. I ran the removal tools anyway and came back clean.
Now then. Windows server 2003 is vunerable. Wonder what CCP is running EVE on.
|
Gravedancer
|
Posted - 2003.08.19 20:55:00 -
[34]
[quoteOT: Did u know that EVE is designed to run on a 33.6 Kbps modem.
-= Whatever happened to that design? =-
Actually I ran it on a 56k modem for a couple weeks after I moved and it ran in many ways better than it does on my cable modem at the old house or the new one.
|
t00r
|
Posted - 2003.08.19 21:11:00 -
[35]
well arnt u the lucky one. |
annoing
|
Posted - 2003.08.19 21:27:00 -
[36]
Edited by: annoing on 19/08/2003 21:28:12
I live 50 miles from the server...but im joining via new york. Im getting 50% Pl at server as well as Pl at Thameside routers.
Well i wont be playing tonite, shall keep an eye on 'news' tomorrow. shall leave eve until its sorted. I have faith the ccp will sort it out. 
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
The Inquisition
Long live the Inquisition
Long live the Emperor
Long live Amarr!
>>>>>>>>>>>>>>>>>>>>>>>>>>>>> |
Redundancy
|
Posted - 2003.08.19 22:08:00 -
[37]
Edited by: Redundancy on 19/08/2003 23:15:08
Edit: On second thoughts, posting speculation on a subject I don't know that much about is a bad idea. Suffice to say I'm sure that CCP are trying to solve the problem, and will post an explanation when they can.
Redundancy |
Milk
|
Posted - 2003.08.19 22:59:00 -
[38]
Ran both cirus check came clean. Ran two other MMORPGS and they worked fine.
CCP i think you got a problem... I suggest you look into it further rather than blame these viruses or the internet iteself.
________________________________________________
You know whats good for you.
|
Jean Starwind
|
Posted - 2003.08.20 01:05:00 -
[39]
Lets stop helping CCP pass the buck onto the ISP, microsoft, ati, nividia! Esspecially when they admit that the server nodes are causing the CTD's and they are working on a fix!
The blaster was activated on the 16th so its not the prob for Eve (it syn floods windowsupdate.com) and the new copy cat uses the same exploit so it wont get in if ur patch for blaster!
Frankly everything everyone is posting about ping, and traceroutes, all a bunch of crap which means nothing.. it will still be that way seeemingly bad when they fix the problem
also. new worm uses ICMP ping to find new host to infect, if anyone ahs a firewall/router like mine it has its icmp port in stealth mode which means it doesnt respond to the ping and therefore doesnt appear to exsist
Big pimpin |
agrizla
|
Posted - 2003.08.20 01:11:00 -
[40]
Edited by: agrizla on 20/08/2003 01:13:12
 Quote:
Quote:
As a network admin, I have dealt with this biatch of a virus for the last few days patching and updating clients and servers the last few weeks,,,
Quote:
that url shoulda been
www.windowsupdate.com
A *real* network admin who has been dealing with this 'virus' would know that www.windowsupdate.com was a target of the worm and has been disabled by microsoft for a number of days now..
the correct URL is http://windowsupdate.microsoft.com/
BTW, In-game Polaris has verified that CCP realizes this is a server-side problem and they're apparently working to fix it... Shame on the Polaris members here on the forum contributing to the FUD about "viruses" causing all these CTDs
Umm no. MS redirected it to behind the Akamai Linux servers. It's still Win 2k3 servers that you connect to before all the Linux guys start shouting
On Polaris : never ever believe what they say. Certainly try out what they suggest if you are an average user who really doesn't understand all this "DirectX/drivers/network" stuff. Just make damn sure you create a system restore point in WinXP before you do. For those of you that are shocked by the "never ever believe what they say" statement well lets put it this way - you deal with tech problems all day and then you maybe come back and deal with more (unpaid)? The majority of Polaris staff don't have any technical ability that you couldn't "train" a 7 year old to have. One or two are quite dedicated in terms of bugfinding (if a little unused to methodically finding them) - but that's OK. One - and only one has the personal skills to moderate in an effective manner. The rest - well I have no clue how they got chosen, not having been in beta. They do like closing down threads though and have cost CCP well in excess of 50 accounts (from my small perusal of the forums).
Edit - I'll add the *click* shall I guys?
|
Slithereen
|
Posted - 2003.08.20 01:15:00 -
[41]
EVE runs on SQL Server. That means you have to run it on Windows NT/2000/XP/XP Pro, etc,. That to my book, makes EVE vulnerable to the worms in the server side.
_______________________________________________
"Is it me or the bad guys just getting totally pathetic?"---Clover, Totally Spies,
"Hope is wasted on the Hopeless."---Mandy, The Grim Adventures of Billy and Mandy.
"Stars are holes in the sky from which the light of the Infinite shine through."---Confucius.
|
DigitalCommunist
|
Posted - 2003.08.20 01:32:00 -
[42]
I run a ****ty netgear hub that doesnt have any ip forwarding like a router and such, so most direct connections fail anyways.. with that knowledge in mind, I have never been hacked or infected by a virus since I put it up (lol, ****ty = good).
But then I ran the w32.blaster fixer and found out I was infected, cleaning it out right now. Seemed to have been infected by a temporary internet file.
must admit, it made me pretty horny for a few min 
_____________________________________
Perpetually driven, your end is our beginning.
"Can I be a consultant for EVE II?" - WhiteDwarf |
DigitalCommunist
|
Posted - 2003.08.20 01:51:00 -
[43]
nm... no blaster worm..
going limp.. har.. 
_____________________________________
Perpetually driven, your end is our beginning.
"Can I be a consultant for EVE II?" - WhiteDwarf |
Skelator
|
Posted - 2003.08.20 02:21:00 -
[44]
Quote:
The default settings on most firewalls to my knowledge won't stop the rpc exploit through port 135.
Your Absolutely right it comes through a Port opened for VPN and this is how it passes itself to the Workstations
They have us Surrounded again.. the Poor Bastards |
Skelator
|
Posted - 2003.08.20 02:24:00 -
[45]
Edited by: Skelator on 20/08/2003 02:25:08
Quote:
Well, I followed the advice of agrizla and closed all incoming ports 0-1024.
I just ran both tools.
Port 25 and Port 110 are for Email.
Port 80 is for Html etc etc etc
Why not use Zone-Alarm Freebie everyone if you cant afford the PRO and shutdown Port 135 if your not doing any type of VPN
They have us Surrounded again.. the Poor Bastards |
corporal hicks
|
Posted - 2003.08.20 08:18:00 -
[46]
Guys the ctd's were bad last night but all this blame on ccp for the problem is unwarrented with the amount of different versions of this virus. The simple fact is half the internet is crap from this virus and it's versions.
The point is everyone is suffering because of this and laying the blame on ccp for this has no basis. They said there is a problem with the cluster but that does not mean the problem is caused by them all it means is there is one.
Wait for more info before making judgement. Half the internet companies are changing security setups and are causing unknown problems at moment. We should all wait for some hard evidence before making judgement.
My 2 cents worth.
" Stay Frosty "
|
Lord Cochrane
|
Posted - 2003.08.20 09:37:00 -
[47]
I know it's petty, but it is a worm which is causing the problem, not a virus - sad I know! Anyway, basically the two main ones wild at the moment attempt DOS on various sites and the other one is a mass mailing one, both of these together will increase dramatically the amount of traffic experienced via the internet. Hence the lag...
What I'd like to know is are there any people who have experienced big lag or CTD (prob due to lost or corrupt packets), who don't live in big cities?
Anyway, it's simple enough, keep patched, don't keep email addresses in your Email client (how difficult is it to remember any way?), don't open any attachment when you can't be 100% sure, and update firewalls and antivirus products daily/weekly.
I could also mention loads of stuff about by default you should disable ports and only open when required, disable any services which you don't use etc.., but that's far to sad and anyway, I've now got write a loads of reports explaining how an email attachment can spoof email addresses... my, what fun!!!
|
Jeffery Sinclair
|
Posted - 2003.08.20 12:27:00 -
[48]
All,
Sure, I can buy the worm causeing lag problems atm. However I have ran this game just fine since beta 5 without any major problems. Sure, I would have a ctd or reboot every once in a while. Now they happen all the time...if I enter combat I can count on a REBOOT, mining near a bunch of drones and I can count on a REBOOT. Unfortunately since the last patch it has gotten worse. I now CTD gating or docking/undocking.
All of the real problems for me started after I patched to 1113. After 1113 I would reboot based on the situations listed above. I could duplicate this at will. Now, I dont REBOOT, I just CTD. Which is better in my opinion but still not a functional game atm. After all since the market is so screwed up you really cant make a profit doing trade runs. And I cant mine or fight so I am not sure what is left to do in the game.
And before anyone starts singing the upgrade/update song I am current with everything and my hardware far exceeds the minimum reqs for the POS. 
|
Scragg
|
Posted - 2003.08.20 15:34:00 -
[49]
Keep your system patched with current updates! Microsoft makes it so easy just scedule it in the middle of the night on a week day and leave your PC on that night.
I know folks don't trust MS to release good patches but I've never had any major issues with any of their critical updates.
Scan your entire system every few days with a good virus sacanner and keep your av progroam updated.
I had updated my AV at work for the entire network on Aug 8th. I got an email from symantec saying if I did not have the Aug 11th update Norton would not detect the blaster worm! So I'd say, update your antivirus 2 or 3 times per week and do a complete system scan at least once a week.
Get Zone alarm or a similar program for EACH home computer you have. The low end cable/dsl sharing router/firewall switches are nice but they won't tell you if an infected machine is happily trying to propigate itself to the rest of the world from your network. Even the free version of Zone Alarm works great so theres no excuse not to use it.
You can get Zone Alarm Plus from Zone Labs Free:
http://www.zonelabs.com
You can download a trial version of Symantec Antivirus Free:
http://nct.digitalriver.com/0001/
And MS does not charge to keep Windows XP updated: Just hit the Windows Update Icon on your PC or hit run and type in wupdmgr
Read about the Latest threats and get free removal and repair tools from Symantic if you are infected:
http://securityresponse.symantec.com/
There are a lot of people out there willing to spend the time and effort to screw up your computer and the internet. If you own a computer attached to the internet it is your personal responsibility to do everyting you can to stop them and keep your systems from spreading malicious code. If your to lazy or dumb to do this, please discconet your stuff from the internet and keep from being part of the problem.
Scragg, Tyrell Corporation
Vice-Director Military Operations |
Gan Howorth
|
Posted - 2003.08.20 16:11:00 -
[50]
I work for a ginormous company...yes l pwns u allz  and our networks were awful last night.
Please also see this following link from the BBC: http://news.bbc.co.uk/1/hi/technology/3164861.stm
Nuff said really. I've posted the first part of it below but much more is on the link.
World wakes up to another virus
Be careful of clicking on suspicious e-mails
A deluge of Windows viruses is causing huge problems for computer users around the world.
As consumers and companies were clearing up after the MSBlast and the Welchi worms has come a fast-spreading variant of the Sobig virus.
Sobig F and Welchi are putting a huge amount of strain on network traffic and are slowing corporate systems, security experts said.
Anti-virus firm MessageLabs said it had stopped nearly 307,000 copies of the virus since Tuesday and the BBC has received thousands of infected e-mails.
.......
Note that l was the first to mention the Sobig virus. Is it possible to big myself up much more? Unlikely.
|
Kendo Nagis
|
Posted - 2003.08.20 17:05:00 -
[51]
Here's another email one to lookout for, here's the info from symantec:
W32.Dumaru@mm is a mass-mailing worm that drops an IRC Trojan onto the infected machine. The worm gathers email addresses from certain file types and uses its own SMTP engine to email itself.
The email has the following characteristics:
From: "Microsoft" <[email protected]>
Subject: Use this patch immediately !
Message: Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
Attachment: patch.exe
This threat is written in the Microsoft C++ programming language and is
compressed with UPX.
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX
For additional information, visit the following Internet address:
http://securityresponse.symantec.com/avcenter/venc/data/[email protected]
__________________________
"Death before dishonour, so long as it doesnĆt cost too much." |
Robomonkey
|
Posted - 2003.08.21 15:51:00 -
[52]
I notice a couple of people saying the detection tool found and deleted the virus.
I haven't read the whole thread but I hope you're all aware that running the fix tool alone only removes the virus, it DOES NOT protect you from getting the virus again.
to do this you need to apply the Microsoft hotfixes:-
Blaster:-http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-026.asp
Welcha:-http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-007.asp
and...if you have a virus scanner update the DAT files.
Like I said I didn't read the whole thread, so somebody may have already noted this.
Robo
|
Bad Harlequin
|
Posted - 2003.08.22 12:31:00 -
[53]
Edited by: Bad Harlequin on 22/08/2003 12:34:27
Quote:
Quote:
The default settings on most firewalls to my knowledge won't stop the rpc exploit through port 135.
Your Absolutely right it comes through a Port opened for VPN and this is how it passes itself to the Workstations
If your firewall defaults to ANY open ports get a new one. Sheesh.
Ports are for when a remote site initiates something. You don't need, frex, port 80 opened to browse the web - just if you were running a webserver.
EDIT: erm, part of my point was, someone above implied you need to have 110 and 25 open for email. NO YOU DON'T UNLESS you are running an email SERVER that people are meant to access from the OUTSIDE! please do not go running off to open 25 on your machines. There are enough open relays and open proxies as it is.
On that note, make sure you aren't running IIS, an email server, a proxy server, etc., unless you bloody well mean to, and if you do, that it can't be used from the outside.
You should start with everything closed, then open stuff you know you're using. Then see what's broke and find out what ELSE you're using .
If even 20% of the people in this game (who haven't already) do this, the next worm/exploit/Attack Of The Moron Brigade will spread that much slower.
Of note, welchia is designed to hunt and kill Blaster, then patch the previously-infected system against the vulnerability. Then kill itself in 2004 so it doesn't hang about uselessly.
This concept was discussed after Code Red - two different programmers that i know of came up with 2 variants, IIRC - but it was generally regarded as two things -
1) Far too dangerous to be used
2) inevitable.
it does, of course, spread as much as blaster, therefore chokes things up as much; and of course, windows being windows, it will still crash when it gets a malformed RPC instruction it doesn't like. Or is overtaxed on resources. Or the sky is blue.
Absolutely no one whatsoever is talking about the fact that we can now likely look forward to an ongoing war over the internet whenever a major worm or virus is released, and someone else writes a counterattack... Core Wars on a global scale...
You are in a maze of twisty little asteroids, all alike. |
Bad Harlequin
|
Posted - 2003.08.22 12:46:00 -
[54]
Quote:
Edited by: Redundancy on 19/08/2003 23:15:08
Edit: On second thoughts, posting speculation on a subject I don't know that much about is a bad idea.
I'm sorry. You'll have to turn in your forum membership now.
Seriously, tho, i don't know what you said before you edited - but the news item iirc about the virii never said ALL the CTDs were from the worm; but it should be parently obvious to anyone that it will be a bloody useless exercise in futility to try to troubleshoot EVE-related crashes when your system is being eaten alive by worms, yesno?
You are in a maze of twisty little asteroids, all alike. |
vyperpit
|
Posted - 2003.08.22 13:27:00 -
[55]
all i have been doing the last 3 days is sorting out the variants at my work i will say that stinger and the tools have not always worked so here is a manual fix to check for as well.
please make sure you have the windows secruirity fix on your pc. these fixe's are for the welchi/nachi versions of the virus.
1: goto start>Run, type "regedit" and click ok.
2: delete these registry keys if they are present. here is there locations.
HKEY_LOCAL_MACHONES\SYSTEM\CURRENTCONTROLSET\SERVICES\RPCTTFP
HKEY_LOCAL_MACHONES\SYSTEM\CURRENTCONTROLSET\SERVICES\RPCPATCH
HKEY_LOCAL_MACHONES\SYSTEM\CURRENTCONTROLSET\SERVICES\RPCTTFPD
3: once you have done this make sure you have the windows update patch on your pc and run it.
4: after the auto reboot from the patch delete the file's
c:\WINNT\System32\WINS\Dllhost.exe
c:\WINNT\System32\WINS\Svhost.exe
your pc has now been manually cleaned of these virus's.
hope this helps a few poeple.
----
Fair Fighting 
Quote stolen from Waagaa Ktlehr who borrowed it from ???
"If you end up in a fair fight, you planned it wrong." (Ehm yeah, or CCP ****ed with the scanner again..) |
Mitch Taylor
|
Posted - 2003.08.22 16:28:00 -
[56]
Cant be arsed looking through to check if its been said already but there are now TWO new viruses out, one named an one they still have not fully looked into. One is derived from welchia and the unnamed one is supposedly all new, yay. *waves flag in unenthiusiastic manner*
|
NastyLlama
|
Posted - 2003.08.23 11:48:00 -
[57]
How long before the internet is overloaded and dead.
10 years, 5 years
==================================================
I'M not a carebear, I'M a total coward, beware of cornerd carebares and cowards, we winge and cry like cornered pirates..........
|
Talon Raa
|
Posted - 2003.08.23 18:18:00 -
[58]
'lo. good discussion this :D
|
| |
|
| Pages: 1 [2] :: one page |
| First page | Previous page | Next page | Last page |