Popular Post Paratus Posted February 12, 2017 Popular Post Report Share Posted February 12, 2017 The servers have been offline a lot lately, and I just wanted to update you on the current status. The servers were seemingly randomly restarting with blue screens of death. This was a tough one to track down and took us ages to find since the BSOD we were getting is typical of a hardware failure. We swapped out hardware, tested memory like nuts, replaced heatsinks and so on. Then we found it was only happening when Arma was running, even when other even more intensive applications (for testing) were active. Odd. Now we believe we've found the culprit. It seems as though it was caused by a douchebag. The douchebag was using a very recently found exploit in Windows which can cause memory corruption faults to fire remotely, so Windows thinks our memory is bad and shuts down. Now that we know of the issue we've begun to plug those holes. Microsoft is expected to patch it on Tuesday but since we know how it works we can combat it. In addition to all that fun we've been getting loads of DDoS attacks, too. Our website and Teamspeak have been getting it heavily but they should also be more hardened now. Thanks for your patience, everyone! Ghouh, Volunteer281, Troll and 63 others like this Link to comment
Crossfade Posted February 12, 2017 Report Share Posted February 12, 2017 (edited) Second also thanks for the update! Edited February 12, 2017 by CrossFade Blake. likes this Link to comment
Paratus Posted February 12, 2017 Author Report Share Posted February 12, 2017 fourth Twang, Matthew, Olivia and 10 others like this Link to comment
BioHazard Posted February 12, 2017 Report Share Posted February 12, 2017 (edited) Fourth? Fifth? Glad to hear this btw Edited February 12, 2017 by BioHazard Link to comment
Crossfade Posted February 12, 2017 Report Share Posted February 12, 2017 Just now, Paratus said: fourth Actually your first;) Link to comment
ToxiChilleR Posted February 12, 2017 Report Share Posted February 12, 2017 @Paratus Glad to hear this im getting on Tanoa right now. Thank you you just made my day. Link to comment
Thomas Posted February 12, 2017 Report Share Posted February 12, 2017 @Paratus Any idea why server 3 is locked to first person and hex's are broken ? George likes this Link to comment
Sergey Shoygu Posted February 12, 2017 Report Share Posted February 12, 2017 Love it lol I lost a shit tone of stuff cause of it but shit im happy now alexnerd122 likes this Link to comment
Blake Kingsin Posted February 12, 2017 Report Share Posted February 12, 2017 Give us money for the downtime or riot Le Ligma, Garcia and massi like this Link to comment
Paratus Posted February 12, 2017 Author Report Share Posted February 12, 2017 Just now, Thomas said: @Paratus Any idea why server 3 is locked to first person and hex's are broken ? Yep, one of the systems we totally reformatted, and then I forgot to copy a certain file so.. yeah. Oops. Sergey Shoygu likes this Link to comment
Thomas Posted February 12, 2017 Report Share Posted February 12, 2017 Just now, Paratus said: Yep, one of the systems we totally reformatted, and then I forgot to copy a certain file so.. yeah. Oops. Any idea if it will be quick to fix ? Link to comment
Sergey Shoygu Posted February 12, 2017 Report Share Posted February 12, 2017 Just now, Paratus said: Yep, one of the systems we totally reformatted, and then I forgot to copy a certain file so.. yeah. Oops. I crashed my jet cause of that first person ..... alexnerd122 likes this Link to comment
Paratus Posted February 12, 2017 Author Report Share Posted February 12, 2017 Just an FYI, you should expect to see more DDoS attacks than normal for a few days. When douchebags like this see you've defeating their exploit, they often retaliate with cheap DDoS attacks to flex their e-peens. Rafael, Sergey Shoygu, Olivia and 23 others like this Link to comment
Boris Posted February 12, 2017 Report Share Posted February 12, 2017 Wow, all along it was just someone trying to be a dick. Link to comment
Midamaru Posted February 12, 2017 Report Share Posted February 12, 2017 Jesus what is people's obsession to attacking the Asylum servers.. do you have any personal enemies Paratus? BlackShot, Olivia, Heidelberg and 1 other like this Link to comment
Bear 2.0 Posted February 12, 2017 Report Share Posted February 12, 2017 Thanks for the update! Link to comment
Jesse Posted February 12, 2017 Report Share Posted February 12, 2017 (edited) 22 minutes ago, Paratus said: Just an FYI, you should expect to see more DDoS attacks than normal for a few days. When douchebags like this see you've defeating their exploit, they often retaliate with cheap DDoS attacks to flex their e-peens. These all seem like excuses... You can just say the real reason is "We fucked up... moved servers to a poor hosting company. We are trying to figure out something and need to buy more time". Sorry just have trouble seeing the link between "Then we found it was only happening when Arma was running, even when other even more intensive applications (for testing) were active." and then all of a sudden its a Windows exploit? Wut. How's identity? Edited February 12, 2017 by Jesse Seán That Irish Guy and DS_Billy like this Link to comment
Phil. Posted February 12, 2017 Report Share Posted February 12, 2017 (edited) Bunch of dicks....Good job figuring it out! @Paratus Still not sure why people get their rocks off fucking up these servers. Edited February 12, 2017 by Phil. Blake., Twang and Sandra Bollock like this Link to comment
Legit Posted February 12, 2017 Report Share Posted February 12, 2017 (edited) 21st Edited February 12, 2017 by Legit Link to comment
Seán That Irish Guy Posted February 12, 2017 Report Share Posted February 12, 2017 12 minutes ago, Jesse said: These all seem like excuses... You can just say the real reason is "We fucked up... moved servers to a poor hosting company. We are trying to figure out something and need to buy more time". Sorry just have trouble seeing the link between "Then we found it was only happening when Arma was running, even when other even more intensive applications (for testing) were active." and then all of a sudden its a Windows exploit? Wut. How's identity? Garcia likes this Link to comment
massi Posted February 12, 2017 Report Share Posted February 12, 2017 53 minutes ago, Paratus said: Now we believe we've found the culprit. It seems as though it was caused by a douchebag. The douchebag was using a very recently found exploit in Windows which can cause memory corruption faults to fire remotely, so Windows thinks our memory is bad and shuts down. Now that we know of the issue we've begun to plug those holes. Microsoft is expected to patch it on Tuesday but since we know how it works we can combat it. Wow. That's some really impressive detective work. How'd you even figure that out? Posted on some other forums or what? Good job! Link to comment
Bikstok Posted February 12, 2017 Report Share Posted February 12, 2017 Since you presumably found a way to block it, here's the bug I'm assuming was exploited: http://www.computerworld.com/article/3165395/security/microsoft-likely-to-fix-windows-smb-denial-of-service-flaw-on-patch-tuesday.html massi likes this Link to comment
massi Posted February 12, 2017 Report Share Posted February 12, 2017 Was this posted by Paratus? https://github.com/lgandx/PoC/tree/master/SMBv3 Tree Connect Link to comment
ryan999 Posted February 12, 2017 Report Share Posted February 12, 2017 Ubuntu 16.04 LTS can run arma 3 servers. Jus'sayin'. But nah really -- good work @Paratus et. al., sleuthing these things is never fun/easy, especially when there's mounting pressure from donors/community. Cheers. Atlas1 likes this Link to comment
Bikstok Posted February 12, 2017 Report Share Posted February 12, 2017 Just now, massi said: Was this posted by Paratus? https://github.com/lgandx/PoC/tree/master/SMBv3 Tree Connect No that's the proof of concept released by the finder of the exploit. Usually they don't publicly release those, but he was annoyed that Microsoft was taking forever to hotfix it. The bug was initially reported to microsoft in September. massi and Olivia like this Link to comment
Heidelberg Posted February 12, 2017 Report Share Posted February 12, 2017 Great work, hopefully will increase overall server-stability and countering DDos attacks. Link to comment
George Posted February 12, 2017 Report Share Posted February 12, 2017 Thanks for the update! Link to comment
Sergey Shoygu Posted February 12, 2017 Report Share Posted February 12, 2017 Thanks a lot for this update alexnerd122 likes this Link to comment
brandonbriddy Posted February 12, 2017 Report Share Posted February 12, 2017 s3 needs fixing only can be in first person ... Link to comment
Huan Lee Posted February 12, 2017 Report Share Posted February 12, 2017 34th Jsalvia likes this Link to comment
Mitch (IFRIT) Posted February 12, 2017 Report Share Posted February 12, 2017 hakuna matata Link to comment
Zorrak Posted February 12, 2017 Report Share Posted February 12, 2017 1 hour ago, Jesse said: These all seem like excuses... You can just say the real reason is "We fucked up... moved servers to a poor hosting company. We are trying to figure out something and need to buy more time". Sorry just have trouble seeing the link between "Then we found it was only happening when Arma was running, even when other even more intensive applications (for testing) were active." and then all of a sudden its a Windows exploit? Wut. How's identity? Shade, Chrollo Lucifer and Kieran like this Link to comment
bobzen Posted February 12, 2017 Report Share Posted February 12, 2017 (edited) Can i have your ddos logs?, i might be able to find the source of the attack You could make a blacklist with regex and sort the ip's out that way Edited February 12, 2017 by bobzen Link to comment
Paratus Posted February 12, 2017 Author Report Share Posted February 12, 2017 1 hour ago, Jesse said: These all seem like excuses... You can just say the real reason is "We fucked up... moved servers to a poor hosting company. We are trying to figure out something and need to buy more time". Sorry just have trouble seeing the link between "Then we found it was only happening when Arma was running, even when other even more intensive applications (for testing) were active." and then all of a sudden its a Windows exploit? Wut. How's identity? I thought my description covered it, but when it's an attack and not a failure, it's in response to the servers being online. Do you expect someone to attack the servers when they don't see them running? Garcia, Buckwalter, BlackShot and 7 others like this Link to comment
Swade White Posted February 12, 2017 Report Share Posted February 12, 2017 Haych, Phil., .Sean and 13 others like this Link to comment
AgentPixel Posted February 12, 2017 Report Share Posted February 12, 2017 @Paratus Will there be a quick fix for the locked first person later on today? Link to comment
Paratus Posted February 12, 2017 Author Report Share Posted February 12, 2017 Just now, AgentPixel said: @Paratus Will there be a quick fix for the locked first person later on today? Yep, next hard restart should fix it. DJB, Thomas, Phil. and 1 other like this Link to comment
AgentPixel Posted February 12, 2017 Report Share Posted February 12, 2017 @Paratus Thanks. Link to comment
Recommended Posts