ServerHack!

azzrael · Post by **azzrael** » Thu Apr 19, 2007 7:55 am

Hi folk's!

last night i had this hack on my server. Server went totally slow and then it just stoped!
i will copy-paste data from java.log in and GS and LS .
i have all the security things set to true..

anyone knows it?Sollutions?

2007.04.18 18:52:50,000 WARNING 11 net.sf.l2j.gameserver.PacketHandler Unknown Packet:6a
2007.04.18 18:52:50,046 WARNING 11 net.sf.l2j.gameserver.PacketHandler 0000: 01 00 00 00 02 00 00 00 ........

2007.04.18 18:53:14,203 WARNING 11 net.sf.l2j.gameserver.PacketHandler Unknown Packet:6a
2007.04.18 18:53:14,203 WARNING 11 net.sf.l2j.gameserver.PacketHandler 0000: 01 00 00 00 02 00 00 00 ........

2007.04.18 18:54:37,140 SEVERE 11 net.sf.l2j.gameserver.SelectorThread
2007.04.18 18:54:37,218 INFO 11 net.sf.l2j.gameserver.SelectorThread
2007.04.18 19:05:46,125 WARNING 16 net.sf.l2j.gameserver.clientpackets.DummyPacket DummyPacket 52 (Length = 0) recieved.
2007.04.18 19:06:16,250 SEVERE 11 net.sf.l2j.gameserver.SelectorThread
2007.04.18 19:08:18,671 INFO 11 net.sf.l2j.gameserver.SelectorThread

18.4.2007 18:54:37 net.sf.l2j.gameserver.SelectorThread parse
SEVERE:
java.lang.OutOfMemoryError: Requested array size exceeds VM limit
18.4.2007 18:54:37 net.sf.l2j.gameserver.SelectorThread readData
INFO:
java.lang.OutOfMemoryError: Requested array size exceeds VM limit
18.4.2007 19:06:16 net.sf.l2j.gameserver.SelectorThread parse
SEVERE:
java.lang.OutOfMemoryError: Requested array size exceeds VM limit
18.4.2007 19:08:18 net.sf.l2j.gameserver.SelectorThread readData
INFO:
java.lang.OutOfMemoryError: Requested array size exceeds VM limit

my suggestion is to get all the banned ip's from hackers that you guys have and share them. that would cover a bit of security for the ones who don't want hackers ..
tnx

snakesk · Post by **snakesk** » Thu Apr 19, 2007 8:27 am

I tink somebody played with Haplex and he modified a packet to add a item but wasn't the corect one, after that he send multiple packet to your server and flooded (that will be the explication, I think) I had similar experiences with player like this and stanger errors in server log file but the server never stopped. BTW how much ram do you have ?
Sorry for my english.

LEVATHAN · Post by **LEVATHAN** » Thu Apr 19, 2007 8:57 am

The servers stopped cause of your low memory.

Check your Virtual Memory.
Check the way your gameserver.bat start your server. How much ram ?
1024 ? 768 ? 512 ?

Check it.

Except this you need better protection from hlapex.
Cause with hlapex a guy can always full your memory and stop your server.

azzrael · Post by **azzrael** » Thu Apr 19, 2007 10:22 am

well, for now i have 1024 ram on server but im upgrading it to 2gb comming weekend. more people, more ram requierments..

-i mot sure i'm reading from right place:
GameServer Started, free memory 245 Mb out of 508 Mb

virtual memory is set to:
*System managed size
Recommended/Currently allocated: 1534 MB

For best hlapex protections i just search on forums?any suggestions?

tnx again

snakesk · Post by **snakesk** » Thu Apr 19, 2007 4:01 pm

That's because you don't have set up the correct amount of memory. Right now you are using 512Mb of RAM but you have 1024Mb of RAM installed on your server. You must edit GameServer_loop file and change from :
/usr/java/jdk1.5.0_07/bin/java -Xms512m -Xmx512m -cp bsf.jar:bsh-2.0b4.jar:commons-logging-1.1.jar:javolution.jar:jython.jar:c3p0-0.9.1.jar:mysql-connector-java-5.0.4-bin.jar:l2jserver.jar net.sf.l2j.gameserver.GameServer > log/stdout.log 2>&1

to

/usr/java/jdk1.5.0_07/bin/java -Xms1024m -Xmx1024m -cp bsf.jar:bsh-2.0b4.jar:commons-logging-1.1.jar:javolution.jar:jython.jar:c3p0-0.9.1.jar:mysql-connector-java-5.0.4-bin.jar:l2jserver.jar net.sf.l2j.gameserver.GameServer > log/stdout.log 2>&1

And for Hlapex I don't know any protection.They flood your server so the best way to solve this is to find who is it.

azzrael · Post by **azzrael** » Fri Apr 20, 2007 7:51 am

snakesk wrote:That's because you don't have set up the correct amount of memory. Right now you are using 512Mb of RAM but you have 1024Mb of RAM installed on your server. You must edit GameServer_loop file and change from :
/usr/java/jdk1.5.0_07/bin/java -Xms512m -Xmx512m -cp bsf.jar:bsh-2.0b4.jar:commons-logging-1.1.jar:javolution.jar:jython.jar:c3p0-0.9.1.jar:mysql-connector-java-5.0.4-bin.jar:l2jserver.jar net.sf.l2j.gameserver.GameServer > log/stdout.log 2>&1

to

/usr/java/jdk1.5.0_07/bin/java -Xms1024m -Xmx1024m -cp bsf.jar:bsh-2.0b4.jar:commons-logging-1.1.jar:javolution.jar:jython.jar:c3p0-0.9.1.jar:mysql-connector-java-5.0.4-bin.jar:l2jserver.jar net.sf.l2j.gameserver.GameServer > log/stdout.log 2>&1

And for Hlapex I don't know any protection.They flood your server so the best way to solve this is to find who is it.

and for win$ server the syntaks would be?

snakesk · Post by **snakesk** » Fri Apr 20, 2007 10:01 am

Chanege thid in you startGameServer.bat :

FROM

java -Xmx512m -cp bsf.jar;bsh-2.0b4.jar;commons-logging-1.1.jar;javolution.jar;c3p0-0.9.1.jar;mysql-connector-java-5.0.4-bin.jar;l2jserver.jar;jython.jar net.sf.l2j.gameserver.GameServer

TO

java -Xmx1024m -cp bsf.jar;bsh-2.0b4.jar;commons-logging-1.1.jar;javolution.jar;c3p0-0.9.1.jar;mysql-connector-java-5.0.4-bin.jar;l2jserver.jar;jython.jar net.sf.l2j.gameserver.GameServer

That if you have 1024Mb of RAM if you have upgraded to 2048Mb of RAM you shoud change to that.

Post by **Fulminus** » Fri Apr 20, 2007 2:43 pm

This is a core issue.
Actually, it is a known issue. Some packets sent to the server require arrays of certain sizes to be created. An example of this might be sending a tradelist. Normally, these arrays are bounded by limitations of the client windows.
However, people using packet editting tools, such as hlapex, can send packets that request from the server to create a much larger array. Sometimes, the requested array size is larger than any reasonable hardware specs. Generally speaking, this is fairly harmless. The server will eventually throw an OutOfMemory exception, then clean up the mess and continue working normally. However, the mere fact that the server temporarily reaches its memory limitations and then cleans up can cause lags.
I believe the core team is looking into it and they will be adding a more strict check on the maximum allowed array size.

azzrael · Post by **azzrael** » Tue Apr 24, 2007 9:33 pm

tnx a lot for all your answers!Very helpfull.
You are all doing a great job!

Post by **msknight** » Wed Apr 25, 2007 8:06 am

fulminus wrote:I believe the core team is looking into it and they will be adding a more strict check on the maximum allowed array size.

Hi Fulminus,

Great explanation! Thanks! Is this meaning that there will be a limit to the amount of items available for sale in shops, etc if they introduce the checks?

Michelle.

Post by **Fulminus** » Wed Apr 25, 2007 9:00 pm

The checks have been introduced and commited along with the Interlude support

No, there is no worry about limitations with the shops. The way the code "limits" packets is by permitting a maximum array size that is no larger than the largest inventory allowed in your server. In other words, the code looks at your server config and checks what inventory size you selected for GM, Dwarf, and No-Dwarf. The largest of these three inventories sets the limit for the largest array created by packet requests

This makes the limit completely harmless for trades since attempting to buy more than you can carry would cause the trade to be declined anyway. At the same time, it provides the necessary safety to the server to avoid those "out of memory" errors. Well...that is as long as you don't configure your inventories to be 1000000000000000000000 items long