01-18-2006, 09:32 PM
Hello
Here is my best guess and what is happening, someone is coming into the server and runing a script and then leaving because I have kicked everyone from the server so its empty and the cpu still hangs and the ping is 800+. What the exploit is doing is it is making the cpu's process hang at 50% (dual cpu, 50 would be using one cpu max). The only way to fix it is reset the server itself which is not an option to reset every 5min when this individual can just easily come back in. Another theory is it is being done remotely but no log's on the box itself show this, it is NOT a dos attack and everything shows up fine. No logs on the server show up as somebody doing something, I am not sure if logs can detect every specific command and client types in console but nothing has showed up. This box is dual xeon 3.2's with 2gigs of memory runing windows server 2003 (latest patches..ect). My provider has never seen anything like this before and he is 100% this is an exploit of some sort as it is being directed to my server only and no other clients on the machine are experiencing this. Here is what we have tryd out thus far.
1. Reinstall just the basic css source dedicated files, after about 20min the individual came back and it started happening again.
2. Moved everything to a new IP, after about a day it started happening again.
3. Moved it to a third IP(amd machine) after about 2 days it started happening again.
My prodiver along with servercentral have looked at the graph and logs and NOTHING has shown up.
So this cannot be pinned to one single person because there is no evidence or anything that shows who is doing this.
My honest opinion is this must be some new exploit that came with the last major update and this must be connected with the problem people are having with there cpu utilizing 100% cpu.
I cannot run my server anymore (ranked 3rd in the US) which is a shame because so much time and money and been placed into it.
I spoke with other top server's and they have experienced the same issues.
If there is anything els I can do to help resolve this issue then by all mean's tell me.
Thank you
Here is my best guess and what is happening, someone is coming into the server and runing a script and then leaving because I have kicked everyone from the server so its empty and the cpu still hangs and the ping is 800+. What the exploit is doing is it is making the cpu's process hang at 50% (dual cpu, 50 would be using one cpu max). The only way to fix it is reset the server itself which is not an option to reset every 5min when this individual can just easily come back in. Another theory is it is being done remotely but no log's on the box itself show this, it is NOT a dos attack and everything shows up fine. No logs on the server show up as somebody doing something, I am not sure if logs can detect every specific command and client types in console but nothing has showed up. This box is dual xeon 3.2's with 2gigs of memory runing windows server 2003 (latest patches..ect). My provider has never seen anything like this before and he is 100% this is an exploit of some sort as it is being directed to my server only and no other clients on the machine are experiencing this. Here is what we have tryd out thus far.
1. Reinstall just the basic css source dedicated files, after about 20min the individual came back and it started happening again.
2. Moved everything to a new IP, after about a day it started happening again.
3. Moved it to a third IP(amd machine) after about 2 days it started happening again.
My prodiver along with servercentral have looked at the graph and logs and NOTHING has shown up.
So this cannot be pinned to one single person because there is no evidence or anything that shows who is doing this.
My honest opinion is this must be some new exploit that came with the last major update and this must be connected with the problem people are having with there cpu utilizing 100% cpu.
I cannot run my server anymore (ranked 3rd in the US) which is a shame because so much time and money and been placed into it.
I spoke with other top server's and they have experienced the same issues.
If there is anything els I can do to help resolve this issue then by all mean's tell me.
Thank you