| Pages: 1 2 3 4 5 6 [7] 8 9 10 11 12 13 14 15 .. 15 :: one page |
|
|
| Author |
Thread Statistics | Show CCP posts - 16 post(s) |
Mashie Saldana
Minmatar
Hooligans Of War
Insurgency
   |
Posted - 2007.10.20 02:57:00 -
[181]
 Originally by: Cadela Fria
Who originally fabricated the false chatlog is something entirely different..have no idea who did it.
In other words
Originally by: False
<&Sharkbait> one of the db admins got hit with keylogger
<&Sharkbait> used an authorized account to shift spawn tables by one row
<&Sharkbait> meta 6 gear was being dropped from standard spawns of the affected npc group
<&Sharkbait> maintenance pruning returned 6539 officer items on one account, so the servers were shut down, forums are integrated and are also shut down
<&Sharkbait> not that long, we have full weekly backups
<&Sharkbait> unfortunately tracing all damage done manually is impossible, we have no tools designed to read transactions when the db itself is skewed
<&Sharkbait> yes, no billing or account status was affected, thats part of the billing dept
This ^^^^ is totally fake. Sharkbait NEVER said any of this.
Whoever wrote it is clueless about meta levels though:
6 = Storyline/COSMOS
11-14 = Officer
Jita fix: The distributed market hub
|
Stephanie power
|
Posted - 2007.10.20 03:03:00 -
[182]
Originally by: KalEl Trask
I'm sorry,
This kind of downtime is unexcusable.
I work in an IT support department with over 2000 servers online.
We have to account for any type of downtime over SLA (Service Level Agreement.)
I have 3 characters ($45/month) that I pay for on this service.
The idea that the forum/customer support servers are on the same cluster as the game/databse servers is absolutely/totally absurd!!
This is a complete F@@@up on the companies support line.
There is no reason that the account/credit information is not kept on a completely independant system!!
There should be one way flow with the database/character information.
Is this account active? (Yes/No)
Simple firewall rules should make this happen.
In the environment I support, our client's expect our uptime to be 100% except for the monthly MS sucurity patch reboots!!.
I support the second largest network next to the Department of Defense in the US.)
We are expected to account and compensate for any additional downtime.
This is one of the few MMORGP games that actually schedules consistent downtime/maintenance. Which from an IT standpoint I thins is completely acceptable and applauded.
Unfortunately it seems the downtime/emergency maintenance on this network is an ongoing/recurring issue.
Take for example (3 characters * 9 hours downtime = 18 hours)
When am I going to start getting reimbursed for this additional time?
Time to either start compensating the players for all of the unscheduled downtime or start implementing some real network redundancy!!
I invented the world and everything in it but no one expects me to ensure all the things people say are sensible.
lolocopter
|
Luigi Thirty
Caldari
19th Star Logistics
|
Posted - 2007.10.20 03:03:00 -
[183]
You know skills don't train when they pull the plug on the SQL server, right? So a queue wouldn't do ****.
----
DOMINIX IS INVINCIBLE:(((( |
Master Print
|
Posted - 2007.10.20 03:17:00 -
[184]
Hey Guys
I have posted about this before. When things go wrong its important that the customers be kept up to date. Typicaly this has been done through the forums. I dont think that its the best way.
It would be nice to have a service status page, totaly seperate from the forums. Where only CCP can post the current status of the eve servers and any forth coming maintanace/extended downtime.
Given the way the forums always get spammed when there is a problem, Im not sorry they somtimes drop offline. However, I would like to know what is going on. I would also like a realistic estimate of when the server will be fixed and up again.
MP
|
Ominus Decre
The Older Gamers
R0ADKILL
|
Posted - 2007.10.20 03:28:00 -
[185]
Originally by: CCP Wrangler[/quote
I believe there are plans to separate the forums from the server, but that's somewhere in the future. We have however learned from this and will put up a system where we can broadcast messages in similar cases as this. We of course hope we wont have to do that for quite some time, if ever.
does this mean we'll no longer see pictures of Oveur wearing pink lipstick and hugging on a blowup doll during patches?
If so, that would be the pits... :(
Perversion:  |
Yoshihito
|
Posted - 2007.10.20 04:02:00 -
[186]
I myself don't mind if the server has downtime. Of course I get a little frustrated that it happens so suddenly but I have other things to occupy myself until the server comes back up. Whether that be playing FFXI, sleeping or going to work so I can bring home the money to pay for these habits.
I do however mind that people can get screwed out of valuable skill training time because of something like this. I know I'm probably going to get flamed, but at least hear me out. You're probably thinking, they gave you a five minute warning you can easily set a long skill to train, I agree with that. But there are instances where people get screwed and the little unexpected five minute warning isn't going to help.
Here are some examples:
1. Someone just completed a rather lengthy skill to train and set a new skill that they got in result to that long one. They set that to train and go off and do something like take a shower, go to the store real quick, some little chores around the house, etc... While they are away from the screen an un-announced server downtime pops up with a 5 minute warning. This person just got screwed out of skill training time.
2. Someone has a long skill set to train and it happens to complete during this unscheduled downtime. They are sleeping, at work, at school, etc... They come home only to find that they can't log in and set a new skill and are therefore screwed out of several hours worth of skill training.
Those are two very normal and innocent examples of how us paying players get screwed out of something we work hard for. Yes, it's only a game, but we pay money out of our pocket to enjoy it and as such, we should at least get the courtesy of having some type of skill queue system implemented. CCP, if it wasn't for us handing out money to you, you wouldn't have a job. Or at least a game that was making you a lot of money.
There's always the problem of ISK farmers who sell their ISK to make a real life profit. I can see how it could make them more effective, but at the same time it also puts more power into the normal players hands. There are also ways around making it too unfair. Possibly making it so you can only set it to train the next level of the skill you are currently training, or only able to set one other skill to train after it. You could even take this into traditional EVE fashion and design skill sets that allow you build skill queue skills that require other skill prerequisites. Let's say Learning Level 5 as an example.
Anyways, as paying customers we deserve something because without us, you'd have nothing. Give the players what they want/need to an extent and they keep fattening your wallets and winning you awards for an already stellar game. Believe me, regardless of whether a skill queue is implemented or not I will still play, but I can't speak for everyone and I can tell you that people have quit playing over it. I have friends who can't stand the fact that you are limited to only one skill at a time or you can't set the skills you want to train in advance.
Well, that's just my two cents on the matter. Have fun people and enjoy the game.
|
Unbeliever Kresmoreen
Sniggerdly
Pandemic Legion
|
Posted - 2007.10.20 04:26:00 -
[187]
Originally by: KalEl Trask
I'm a hugely egocentric douchebag with a superiority complex.
Fair enough.
|
Skyr
ECP Rogues
The Reckoning.
|
Posted - 2007.10.20 04:28:00 -
[188]
I work as a senior programmer at a place that processes medical claims and we are expected to be up 99.99995 of time. To facilitate this, we have monstrous UPS feeding whole building power grid with juice, and generators kicking in when the power outage is out for more than preset amount of seconds.
Our network is triple redundant with all the whistles. Even though the third route would be slow, we would still be up.
NOBODY at our work is permitted to receive mail/browse internet or LOAD any crap on their internal network machines... the email/crap machines are for that.
Should any kind of outage occur for any reasons, we have customer support notifying clients immediately of such incident, and some of them pay as low as $20 per month for all their claims...
it seems like CCP's plan is to keep us in permanent DT stage with days without any service and ANY communication whatsoever.
Thanks.
|
Unbeliever Kresmoreen
Sniggerdly
Pandemic Legion
|
Posted - 2007.10.20 04:30:00 -
[189]
Originally by: Skyr
I work as a senior programmer at a place that processes medical claims and we are expected to be up 99.99995 of time. To facilitate this, we have monstrous UPS feeding whole building power grid with juice, and generators kicking in when the power outage is out for more than preset amount of seconds.
Our network is triple redundant with all the whistles. Even though the third route would be slow, we would still be up.
NOBODY at our work is permitted to receive mail/browse internet or LOAD any crap on their internal network machines... the email/crap machines are for that.
Should any kind of outage occur for any reasons, we have customer support notifying clients immediately of such incident, and some of them pay as low as $20 per month for all their claims...
it seems like CCP's plan is to keep us in permanent DT stage with days without any service and ANY communication whatsoever.
Thanks.
End yourself.
|
Rhaven
Praetorian BlackGuard
PURGE.
|
Posted - 2007.10.20 04:31:00 -
[190]
Originally by: Kayna Eelai
Originally by: ISD Rauth Kivaro
As a security wonk in my real life:
In a security breach situation, it's pretty much standard practice to shut down and say absolutely nothing until you're totally certain you have the situation in hand. Any leak of information can potentially magnify the problem.
It may seem draconian but when you have as much at stake as there is here, it's logical.
1) if you're such a security wonk, how comes your system was not secure enough?
2) I doubt that it's a "much standard practice" to shut down. it depends much on situation, what company you are and what customers you have.
as we've seen in this post, there is many people they don't really give a flying crap about customer service or how many hours they were left without the service they pay for and/or without communication... but other companies might think different and prefer to stay online to give service and have a expert security team hotfixing the problem.
one of my companies customer is one of spains biggest insurance firm. if they have a security breach i am pretty sure they would not dare take the system offline and have all their offices and customers without "system" or without "info". they will take the risk, keep running, their expert team "counter-hacking" and hotfixing, and afterwards they'll take all responsabilities that have to apply. be it leaked information, lost data (which due hot-backup is easy to recover anyways) and fire whoever they have to fire.
so... i don't think it's a "general strategy" to turn off.
Read the EULA carefully. You are paying to use their game and thier servers. You dont like it to bad.
|
|
|
Dred'Pirate Jesus
Amarr
Ministry of War
|
Posted - 2007.10.20 04:33:00 -
[191]
Originally by: Skyr
it seems like CCP's plan is to keep us in permanent DT stage with days without any service and ANY communication whatsoever.
Thanks.
Why would they want to do that? And more importantly when has a downtime ever exceeded a few hours?
Days? lol..
Originally by: David Hackworth
ò If you find yourself in a fair fight, you didn't plan your mission properly.
|
Natalie Jax
|
Posted - 2007.10.20 04:35:00 -
[192]
LMFAO ... some of y'all are unbelievable.
Good job CCP. Identity theft has ruined more lives than some people think. This is just a game. A work-day of downtime is so insignificant compared to the possibility of even one person's account being compromized it's not even funny.
If I see one more ****** post about their vaunted job and how they do things is so superior I'll likely have to sue CCP for hosting a forum that pushed me to the point of vomiting. Get over yourself. Unless you host an MMO stfu. I can easily come up with ten analogies that directly relate my own field to CCP's business. However, I'm intelligent enough to realize that none of it is a proper comparison because I don't know the true measure of the infastructure.
Just because you have a driver's license doesn't make you a fricken transportation engineer.
|
sableye
principle of motion
Interstellar Alcohol Conglomerate
|
Posted - 2007.10.20 04:35:00 -
[193]
Originally by: Luigi Thirty
You know skills don't train when they pull the plug on the SQL server, right? So a queue wouldn't do ****.
this is not true, my skills trained remember its all just a time stamp and until you click abort training or change skill it does not actually update the skills points.
I do agree though if skill queue existed it would depend on how it was implemented wether it would work during downtime of not
Join The Fight With Promo Today |
Kazuma Saruwatari
|
Posted - 2007.10.20 04:44:00 -
[194]
Great job CCP. Now whoever perpetuated the unauthorized hack into the DB, hit him with a supoena for damages caused, let alone breaking international (and if UK laws are applicable, local) anti-cybercrime laws.
Also, whoever was the DB guy who got his account hacked, please make sure that all the systems he touches/ed are clean and free of other such sneaky little loopholes.
If that isnt possible, even I would have to let the DB guy go because of security reasons, or shift him to a position that does not involve database editing.
CCP, play the paranoid game now. You'll only benefit from it at this point. Dont be afraid to hit any and all suspects with the maximum allowed punishment. Iron Fist(tm) time, and you know it.
-
Odd Pod Out, a blog of EVE Online |
Skyr
ECP Rogues
The Reckoning.
|
Posted - 2007.10.20 04:52:00 -
[195]
Originally by: Dred'Pirate Jesus
Originally by: Skyr
it seems like CCP's plan is to keep us in permanent DT stage with days without any service and ANY communication whatsoever.
Thanks.
Why would they want to do that? And more importantly when has a downtime ever exceeded a few hours?
Days? lol..
if you add 1h for last 4 years, I think my 'days' apply. REcently CCP was plagued with hours over hours of unannounced DT.
|
Vorok
Silver Aria
|
Posted - 2007.10.20 05:05:00 -
[196]
Edited by: Vorok on 20/10/2007 05:05:59
Let's look at the real victim here: Dark Shikari. Since he is directly connected to the forums via a neural interface, his VERY ESSENCE is constantly browsing them. He was at serious risk of mental scarring or even death when the connection was severed while he was still inside. CCP is facing the risk of a potentially crippling law suit as a result of their negligent actions. I urge Dark Shikari to consider immediately retain legal counsel. Pick me I'll take only 10% of the settlement!
|
Iracham
Gallente
|
Posted - 2007.10.20 05:06:00 -
[197]
Originally by: Skyr
I work as a senior programmer at a place that processes medical claims and we are expected to be up 99.99995 of time. To facilitate this, we have monstrous UPS feeding whole building power grid with juice, and generators kicking in when the power outage is out for more than preset amount of seconds.
Our network is triple redundant with all the whistles. Even though the third route would be slow, we would still be up.
NOBODY at our work is permitted to receive mail/browse internet or LOAD any crap on their internal network machines... the email/crap machines are for that.
Should any kind of outage occur for any reasons, we have customer support notifying clients immediately of such incident, and some of them pay as low as $20 per month for all their claims...
it seems like CCP's plan is to keep us in permanent DT stage with days without any service and ANY communication whatsoever.
Thanks.
I'm sure that medical billing records share an equal place of importance with internet spaceships and imaginary money.
|
princess katie
|
Posted - 2007.10.20 05:10:00 -
[198]
I suggest we forget about the excuses that CCP are bound to make, what ever they are and ask them this; what about the lost Skill time for all those that skills either finnished as they were not informed of the need for long skill training or the ones that had their skill training complete mid way through the excuse and were not able to put another one on.
Specialy as part of the advertising and thus part of the fee is aimed at a offline training ability.
|
Lavalle
|
Posted - 2007.10.20 05:16:00 -
[199]
I work with computers. I work in a data center. I'm a senior programmer for X-Company. My company has a five time redundant server for every dozen consoles. I pay good money for my 7 accounts. I got screwed out of training time and require compensation. /sarcasm
If all you have to do is complain about down time on a game...well, It's not my place to comment on you as a person. Please, just listen to yourself say these words out loud: 'I got screwed out of skill points in an online video game. My character's Heavy Missile Launcher skill needs to be training to level 5!' Seriously. You sound ridiculous.
Good stuff, CCP. Way to take decisive action. Though I think a small, secondary website with a redirect would be neat for PR in this case. But hey, keep doing what you do and rock on.
|
XoPhyte
Black Nova Corp
Band of Brothers
|
Posted - 2007.10.20 05:21:00 -
[200]
Originally by: Nhilist
Originally by: elider
CCP you want me to belive that:
-An EVE-Online player connects from his little laptop and hacks your firewall
-Then he magically knows the internal structure of your networks and finds the database server
-Then because he is such a genius , he is able to hack the security of the database server too...
- Then he is able to figure out in some minutes the structure of such a complex database so he finds his wallet entry and puts there some ISK
Just LOL!!! I bet most of your programmers are not able to do that from his desk in CCP office and you want us to belive someone did that from home without any knowledge of internal network arhitecture or database structure?
One that really belives this .....must have seen too many bad Hollywood movies
shut up.
select * from sys.objects where type = N'U' is really hard. . .
Bastard, beat me to it!
Oh, and the fact that because these forums connect to the same SQL server & database that it *could* have been a SQL injection in which you dont need to know the internal network at all, only the database structure which has already been published, and you wouldn't have to get past the firewall at all, since the firewall is already allowing port 80 (http) access to these forums, and these forums have access to the backend SQL servers.
Though I would seriously doubt (and hope) that CCP is using an ID for forums with only DB_READER access to a few tables in the database (though again I would suspect its a different database).
Regardless the standard port for SQL is 1433, it's not very difficult to scan it down on the network if in fact you are connected via some method to the internal network. Getting a userID with DB_WRITER access though would be a bit more complex, but again I suspect that the hacker would either utilize an existing piece of code which has RW access to the database, or came across it in a piece of code (which is a scary thought).
Anyway, there are a billion methods in which to hack a server, but judging by your complete lack of comprehension elider, I wouldn't expect you to understand any of them.
|
|
|
Vorok
Silver Aria
|
Posted - 2007.10.20 05:32:00 -
[201]
Originally by: XoPhyte
Originally by: Nhilist
Originally by: elider
-baseless assumptions about hacking or computer security-
shut up.
select * from sys.objects where type = N'U' is really hard. . .
Bastard, beat me to it!
Oh, and the fact that because these forums connect to the same SQL server & database that it *could* have been a SQL injection in which you dont need to know the internal network at all, only the database structure which has already been published, and you wouldn't have to get past the firewall at all, since the firewall is already allowing port 80 (http) access to these forums, and these forums have access to the backend SQL servers.
Though I would seriously doubt (and hope) that CCP is using an ID for forums with only DB_READER access to a few tables in the database (though again I would suspect its a different database).
Regardless the standard port for SQL is 1433, it's not very difficult to scan it down on the network if in fact you are connected via some method to the internal network. Getting a userID with DB_WRITER access though would be a bit more complex, but again I suspect that the hacker would either utilize an existing piece of code which has RW access to the database, or came across it in a piece of code (which is a scary thought).
Anyway, there are a billion methods in which to hack a server, but judging by your complete lack of comprehension elider, I wouldn't expect you to understand any of them.
I feel that the following is an appropriate contribution to this discussion: http://xkcd.com/327/
|
XoPhyte
Black Nova Corp
Band of Brothers
|
Posted - 2007.10.20 05:40:00 -
[202]
Originally by: Vorok
Originally by: XoPhyte
Originally by: Nhilist
Originally by: elider
-baseless assumptions about hacking or computer security-
shut up.
select * from sys.objects where type = N'U' is really hard. . .
Bastard, beat me to it!
Oh, and the fact that because these forums connect to the same SQL server & database that it *could* have been a SQL injection in which you dont need to know the internal network at all, only the database structure which has already been published, and you wouldn't have to get past the firewall at all, since the firewall is already allowing port 80 (http) access to these forums, and these forums have access to the backend SQL servers.
Though I would seriously doubt (and hope) that CCP is using an ID for forums with only DB_READER access to a few tables in the database (though again I would suspect its a different database).
Regardless the standard port for SQL is 1433, it's not very difficult to scan it down on the network if in fact you are connected via some method to the internal network. Getting a userID with DB_WRITER access though would be a bit more complex, but again I suspect that the hacker would either utilize an existing piece of code which has RW access to the database, or came across it in a piece of code (which is a scary thought).
Anyway, there are a billion methods in which to hack a server, but judging by your complete lack of comprehension elider, I wouldn't expect you to understand any of them.
I feel that the following is an appropriate contribution to this discussion: http://xkcd.com/327/
Lol, thats great!
|
Serlev
|
Posted - 2007.10.20 05:42:00 -
[203]
Good job CCP
|
Tai Wan
|
Posted - 2007.10.20 05:58:00 -
[204]
Thank you for your interesting find and the action taken to stop this. By the sounds of it the security breach allowed the intruders to get in and make changes to their accounts. Could you advice what your actions were on the accounts that use the exploit. The next issue is more serious relating to the breach itself. If it is a vulnerability created by the MS SQL dbase then are you reporting it throught the proper channels or is the breach not related to MS SQL product. Grateful if you can tell us more if possible.
The eve community has waited for a long time to get access, and lost valuable training skill time was wondering if there plans to compensate the inconvenience.
|
Jerme
|
Posted - 2007.10.20 06:00:00 -
[205]
Originally by: Kayna Eelai
i am a paying customer and i can't believe you had us sitting in the complete dark FOR HOURS with zero information. we had t oaccess 3rd party places to get (unconfirmed) bits and pieces of information. things only started to light up a bit when everyone went to eve radio to get some more info.
very bad towards your customers. worse than blizzard, and that means a lot.
Someone should learn to read the terms of service how is that your right as a paying customer.
If CCP has to take down the server at any time for any reason they don't have to tell you why just because you pay them a monthly fee.
Nothing gives any player the right to be that self righteous
|
Rhaven
Praetorian BlackGuard
PURGE.
|
Posted - 2007.10.20 06:12:00 -
[206]
section 12 of the EULA says it all.....
12. NO WARRANTIES
The Software, System, Game and all Game Content, and all other services and material provided in connection therewith, are provided "AS IS," with all faults, and without warranty of any kind. You assume all risk of use and all risk associated with accessing the System and playing the Game.
CCP disclaims all warranties, whether express or implied, including without limitation the warranties of merchantability, fitness for particular purpose and non-infringement. There is no warranty against interference with your enjoyment of the Game. CCP does not warrant that the operation of the System or your access to the System, or that your use of the Software, will be uninterrupted or error-free, nor that the System or Software will be compatible with your hardware and software.
While CCP attempts to have the System available at most times, CCP does not guarantee that the System will always be available, or that the System will not become unavailable during Game play. The System may become unavailable for a number of reasons, including without limitation during the performance of maintenance to the System, for the implementation of new software, for emergency situations and due to equipment or telecommunications failures.
|
COMBAT64
|
Posted - 2007.10.20 06:16:00 -
[207]
The point is. EVE is working again (thx to CCP), so go have some fun killing things to relief your stress |
captainmidnight
|
Posted - 2007.10.20 06:22:00 -
[208]
Originally by: Neth'Rae
Edited by: Neth''Rae on 19/10/2007 22:54:12
Ok, but still..
Why are the forums and TQ on the same database?
You took the words right out of my mouth, especially if they're doing this "50-man-year-long" rebuild of the engine. I'm not a conspiracy theorist, or anything, but, considering that we pay their salaries, they are accountable to us for downtime... and DOUBLY so when security breaches have occurred. Either way, I'm glad the thing was resolved quickly, but (to be honest), in other instances (of unscheduled downtime), I have been troubled by a lack of communication from CCP. Especially like the problems from last month (which happened during a good portion of my days off from real life) during which I could get NOTHING about what was happening with the game. If you want to stamp out rumors, move the boards to a different (and secure) server. If you've spent the equivalent of 50 YEARS trying to roll out the new engine, moving the boards to a separate server can't be ***that*** hard.
Either way, cheers, ladies and germs!
CM
imho.
|
Nolin Riis
Gallente
Placid Reborn
|
Posted - 2007.10.20 06:26:00 -
[209]
Yes, but let's all keep in mind the positives of this shutdown! Think of the marriages saved today by our intrepid staff.
Never a threat, but always a thorn in the side. |
Jenny Spitfire
Caldari
|
Posted - 2007.10.20 06:30:00 -
[210]
I think you guys should be thankful CCP turned off their whole infrastructure. The last thing you want is someone else download your billing details.
The downtime wasn't that long.
---------
Technica impendi Caldari generis. Pax Caldaria!
Kali is for KArebearLIng.
I 100% agree with Avon.
Female EVE gamers? Mail Zajo or visit WGOE.Public in-game. |
|
|
|
|
| |
|
| Pages: 1 2 3 4 5 6 [7] 8 9 10 11 12 13 14 15 .. 15 :: one page |
| First page | Previous page | Next page | Last page |