Jump to content
DayZ Forums
ersan

DayZ.ST - $30/mo for 50 Slot US/EU Servers - FTP - DayZ 1.8.0.3 - Epoch 1.0.3.1 - Instant Setup - Custom Panel - Live Map Tool

By ersan, in Mod Servers & Private Hives

Recommended Posts

robaroo    6

robaroo
Posted (edited)

I feel your pain ersan. A small company experiencing sudden growth goes through some growing pains. More so when you're being attacked by children with too much internet knowledge and not enough parenting. Or of course jealous competitors!

I have to say though, that I am a customer too and would greatly appreciate better communication when things go awry.

Please could you give some thought to something like a BCC customer email list for when problems arise? It's a bit painful myself to have to trawl forums and Twitter to find support information when these things get attacked and I don't know why my server/service has been affected. My personal opinion is that it looks far better to customers and prospective customers if the communication is pushed rather than pulled during troubling times.

Respect for what you're going through and doing about it though.

DayzDoc

Tried the following link??

http://widget01.mibb...t&channel=#dayz

Seriously folks. Im going into my 2nd month now with this host (3 servers) and can honestly say the lads doin the best he can considering the circumstances. I have never been more than a few clicks away from the needed info when the shit hits the fan. (Sometimes he sleeps.....fook, yeah i know WTF €%#€"!#"%) otherwise you will find the info you need in the above link. Click, login, ask and theres usually a few people about that can tell you whats goin on.

Edited by Robaroo

Share this post

Link to post
Share on other sites

ersan    219

ersan
Posted (edited)

So it was definitely the person who our host gave our passwords to yesterday - they downloaded files off of one of the servers they had access to and used them to exploit one of our databases.

We are attempting to repair the problem now - the backup we had was from last night so anyone who has signed up since then *may* end up with a different port than they had before - and if you moved servers since then you'll still be on the old one. We'll recover, as we always do - I'll have more information soon. Most servers are not offline right now by the way, just the website.

Actual dayz server databases are unaffected at the moment so don't worry about players coming back etc.

Edited by ersan191

Share this post

Link to post
Share on other sites

FF Prophet    4

FF Prophet
Posted

Hello Ersan,

I wrote you an emails (our server: 159.253.131.97:2312), first on 1st December about suddenly inaccessible FTP for uploading custom mission file that you had so kindly provided to us.

Still no reaction from you. I see there's so much to do to recover from attacks so in no way I am bagging you for that it is not working while it is not (for the moment) a standard service. I strongly appreciate that you have ever given it to us. But a small echo would be great and calms me down explaining what is wrong or that it is temporary unavaible (ftp access calls wrong login password). Now I don't know if you ever received the mails. It's 5 days since I sent the 1st one.

Any ETA on the announced regular FTP access?

Keep up the good efforts

Thank you so much

Share this post

Link to post
Share on other sites

WalkerDown (DayZ)    296

WalkerDown (DayZ)
Posted

Ersan you reset the servers DB password, but without enabling first the CP, neither communicating us the new pw. Now my local backups aren't working, neither my remote check scripts (anticheats.. etc.). Can you please enable back the CP so i can read the new pw, or at least email our pws via email? Thank you.

Share this post

Link to post
Share on other sites

jeremy_mccurdy@hotmail.com    19

jeremy_mccurdy@hotmail.com
Posted

I don't care how much time and effort has been put into this small server support company. I have been a customer for a couple months now, and it is very unprofessional to not notify clients of issues. Some of you might say, "he does as much as he can on twitter" Thats not my problem, I have paid for a service, that I am not receiving. I notified them of this issue 2 weeks ago, and they did not take me seriously. No emails, no way to contact ANY customer support. So now all of the clients are just "out" of the money they paid. Sorry, I know they have issues, but "I pay them" not the other way around.

My edit: I was to hasty on this post, but felt it decent to leave it up to show my mistake with this. I did not give this enough time and should have been more patient.

You notified two weeks ago him that people were going to DDoS his servers? How would you know? They post notifications of attacks usually within minutes of them happening. You can also contact their customer support any time at: admin@dayz.st

I don't get why people are bitching about a lack of communication. They inform users as soon as they possibly can, and then provide specific details about the attacks and the steps they are taking to prevent them in the future.

It isn't like Survival Servers where they screw something up and then take a day to tell you that they'll look into it.

Share this post

Link to post
Share on other sites

ersan    219

ersan
Posted (edited)

The control panel is back up, anyone who had the same RCon password as their control panel password will see a message with instructions on what to do before they can login to the control panel. I will post more information in a bit.

Anyone who had a server with matching RCon/login passwords will now have a scrambled RCon password also, but their server should be up.

Everyone's database password has also now been changed - you can get it by logging into the control panel and looking on the left side as always.

The compromised database had a list of the username, RCon password, database password, and a salted hash of the password (which is not a big deal). No other sensitive information was in the database. No e-mail addresses or subscription information or real names or anything like that was stored in the database.

We very seriously recommend everyone change their RCon password as soon as possible. If you use your RCon password and control panel username as a combination for your login anywhere (DayZ Forums, banking info, etc.) you should change that immediately as well. The RCon password is a plain text value and is not secure, there are likely even ways to reveal it through bugs in the ArmA2 server - do not use an important password for your RCon password ever, anywhere.

UPDATE:

Actually instead of relying on users to change their RCon password we are just going to scramble them all now. You can login to the control panel and change it, but we strongly recommend you do not use the same one as before.

Edited by ersan191
  • Like 1

Share this post

Link to post
Share on other sites

jeremy_mccurdy@hotmail.com    19

jeremy_mccurdy@hotmail.com
Posted

Gonna reiterate a question I posted before the big hacking hullabaloo:

I'm trying to place buildings using the 3D editor and the tool here: http://dayz.wofjwof.com/map.php , but it looks like the coordinates are WAY off. I'm running Panthera, and the items I tried to place were in the ocean to the north of the north airfield, but they ended up in the desert to the south. Do I need to use an offset on the coordinates before running the sql statement? If so, what is it?

Share this post

Link to post
Share on other sites

seaweeduk    97

seaweeduk
Posted (edited)

The control panel is back up, anyone who had the same RCon password as their control panel password will see a message with instructions on what to do before they can login to the control panel. I will post more information in a bit.

Anyone who had a server with matching RCon/login passwords will now have a scrambled RCon password also, but their server should be up.

Everyone's database password has also now been changed - you can get it by logging into the control panel and looking on the left side as always.

The compromised database had a list of the username, RCon password, database password, and a salted hash of the password (which is not a big deal). No other sensitive information was in the database. No e-mail addresses or subscription information or real names or anything like that was stored in the database.

We very seriously recommend everyone change their RCon password as soon as possible. If you use your RCon password and control panel username as a combination for your login anywhere (DayZ Forums, banking info, etc.) you should change that immediately as well. The RCon password is a plain text value and is not secure, there are likely even ways to reveal it through bugs in the ArmA2 server - do not use an important password for your RCon password ever, anywhere.

UPDATE:

Actually instead of relying on users to change their RCon password we are just going to scramble them all now. You can login to the control panel and change it, but we strongly recommend you do not use the same one as before.

Whilst you're tightening up security you should probably lose the plaintext passwords in the control panel query strings when you get the time.

Thanks for all the updates anyway dude hope you get the chance to catch up on sleep soon.

Edited by seaweed

Share this post

Link to post
Share on other sites

ersan    219

ersan
Posted (edited)

The control panel buttons are greyed out for me.

173.192.200.76 and 173.193.202.109 (two of our four Washington DC nodes) are down due to DDoS attack (one went down last night and one early this morning), we have some changes pending that will help the problem - I cannot guarantee that it will be fixed, DDoS attacks are a huge problem for anyone hosting any kind of server and they are very expensive and difficult to stop, in some cases it isn't possible - DayZ hosting has proven to be a magnet for these types of attacks. We also don't have an ETA on when they will be back online other than it will definitely be less than 12 hours. Once they are back the new changes will have been implemented and we'll see how things go. Sorry I don't have more information at the moment :(

Edited by ersan191

Share this post

Link to post
Share on other sites

jeremy_mccurdy@hotmail.com    19

jeremy_mccurdy@hotmail.com
Posted (edited)

173.192.200.76 and 173.193.202.109 (two of our four Washington DC nodes) are down due to DDoS attack (one went down last night and one early this morning), we have some changes pending that will help the problem - I cannot guarantee that it will be fixed, DDoS attacks are a huge problem for anyone hosting any kind of server and they are very expensive and difficult to stop, in some cases it isn't possible - DayZ hosting has proven to be a magnet for these types of attacks. We also don't have an ETA on when they will be back online other than it will definitely be less than 12 hours. Once they are back the new changes will have been implemented and we'll see how things go. Sorry I don't have more information at the moment :(

It's worth noting that when you hear about groups like Anonymous taking down large corporate sites in the news, it's most often done with a DDoS attack. Even large multinational corporations have trouble with them.

For more info:

https://en.wikipedia...service_attack.

Edited by GreatBigJerk

Share this post

Link to post
Share on other sites

ersan    219

ersan
Posted (edited)

Been talking to Prolexic and Black Lotus about getting DDoS protection but so far it seems to be too expensive and more worryingly it will affect players' pings.

Will keep at it, the other methods I'm looking into should be implemented when the two servers come back up in about 6 hours.

Edited by ersan191

Share this post

Link to post
Share on other sites

WalkerDown (DayZ)    296

WalkerDown (DayZ)
Posted

Been talking to Prolexic and Black Lotus about getting DDoS protection but so far it seems to be too expensive and more worryingly it will affect players' pings.

Will keep at it, the other methods I'm looking into should be implemented when the two servers come back up in about 6 hours.

A DDOS is a flood, you may alleviate the problem, but there's nothing you can do to stop it, if not with the collaboration of several ISP's involved (something that you cannot control anyway).

It is its simplicity that makes it impossible to stop: you can install any type of "filter" on your your water tube, but if someone sends you tons of s**t, there's nothing you can do, because blocking that s*it means blocking the clean water as well.

There's company with "infinite" amount of money out there, and they falls with a DDOS exactly like you, it's not a matter of money, but a solution doesn't exists.. i suggest you to not waste your money into buying those "protections".

Share this post

Link to post
Share on other sites

ersan    219

ersan
Posted

A DDOS is a flood, you may alleviate the problem, but there's nothing you can do to stop it, if not with the collaboration of several ISP's involved (something that you cannot control anyway).

It is its simplicity that makes it impossible to stop: you can install any type of "filter" on your your water tube, but if someone sends you tons of s**t, there's nothing you can do, because blocking that s*it means blocking the clean water as well.

There's company with "infinite" amount of money out there, and they falls with a DDOS exactly like you, it's not a matter of money, but a solution doesn't exists.. i suggest you to not waste your money into buying those "protections".

Prolexic has a very good reputation for mitigating floods, and they would be more than capable of handling the floods that we have been receiving. They are just too expensive and the ping problem is concerning.

Share this post

Link to post
Share on other sites

Bernardo (DayZ)    13

Bernardo (DayZ)
Posted (edited)

Gonna reiterate a question I posted before the big hacking hullabaloo:

I'm trying to place buildings using the 3D editor and the tool here: http://dayz.wofjwof.com/map.php , but it looks like the coordinates are WAY off. I'm running Panthera, and the items I tried to place were in the ocean to the north of the north airfield, but they ended up in the desert to the south. Do I need to use an offset on the coordinates before running the sql statement? If so, what is it?

The map tool has changed and isn't as good as it was, you can't add the starting ID now, so it now takes me absolutly ages to add bases instead of it taking about 5 minutes.

It was a fantastic tool and helped a great deal but not sure why it needed changing - if ain't broke don't fix it.

Edited by Bernardo

Share this post

Link to post
Share on other sites

TROOPERscrat    5

TROOPERscrat
Posted

and both server and dayz.st site are down again...

yer mine down again starting to get a bit worried now . . . . . . . . . .

Share this post

Link to post
Share on other sites

Petunia-Server    10

Petunia-Server
Posted (edited)

I am getting an error when I try to get to control panel:


mysql_pconnect(): No such file or directory in /sites/dayz.st/www/classes/db_mysql.class.phpCould not connect: No such file or directory

Edited by Petunia-Server

Share this post

Link to post
Share on other sites

ersan    219

ersan
Posted

No hack this time, just a database glitch - it's fixed now everything should start running again in a minute.

Share this post

Link to post
Share on other sites

Petunia-Server    10

Petunia-Server
Posted

No hack this time, just a database glitch - it's fixed now everything should start running again in a minute.

Hi, any idea why I get this when on the control panel: Online Players: Unknown

And also why I can't connect with Rcon, DaRT or Arma2 Rcon?

A bit worried :(

Thanks!

Share this post

Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Go To Topic Listing Mod Servers & Private Hives
×