Issues

Post all House of Hermskii {HOH} Website and Forum related content here!
Post Reply
User avatar
Hermskii
Site Admin
Posts: 8500
Joined: Sun Jul 10, 2005 9:56 pm
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
NoMoreSpam: Silver
Location: Houston, Texas
Contact:

Issues

Post by Hermskii » Fri May 10, 2013 1:33 am

Dr. Flay pointed out a server of mine was down. It is worse than that. 3 are down. Random files are missing. I can't tell what happened yet and don't have time till this weekend to figure it out. I'd suspect I got hacked but why leave one untouched of the 4? Mt batch files are spinning by too fast to read. Control break indicates my UCC files may have again been determined to be viruses and may have been removed. This time more files are gone though. I'll repair these servers tomorrow night if possible. Thanks for the heads up Dr. Flay!
~Peace~

Hermskii

User avatar
Kelly
Posts: 131
Joined: Sat Dec 01, 2012 2:29 am
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
NoMoreSpam: Silver
Location: Coos Bay, Oregon

Re: Issues

Post by Kelly » Fri May 10, 2013 8:11 am

Not necessarily James. One of the darker and less discussed aspects of the UEngine is it's ability to not only write to files but to delete/replace them. One of the first 'bugs' that young coders encounter is UT's weird knack for replacing the ut.ini with an older (you thought unsaved) copy if problems compiling happen.

Now I've seen this expand out and happen to other files in my installation. This generally happens when the installation is old and starts getting crashy. When the engine recovers from a crash it can improperly delete random files. I've seen this myself several times and it's why I always cringe when I read someone post "My installation is still running strong from 2004!"...Yep, it's all good until you get crashing over some issue then you run the risk of serious loss of data.

I replace my core files once a year now religiously.
When everyone you ever known is headed for a headstone
I don’t wanna give the end away but we’re gonna die one day

User avatar
Nelsona
Posts: 998
Joined: Sun Mar 06, 2011 11:45 am
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
Location: Still at Keyboard
Contact:

Re: Issues

Post by Nelsona » Fri May 10, 2013 4:28 pm

Totally agree. A server need some refresh. 2 weeks ago I noticed bad acces to drives, combining UT logs with other data. Eh... I have backups in multiple places. I did a revision to partitions and I reinstalled OS - in next moments, I did all updates, I basically secured PC as described by Dr. Flay (I'm totally gratefull) at Hook's place and now that PC used for UT servers runs fine.

In exchange, something disturbed me so bad and I'm very confused - maybe is off topic but I'll try to be in proper point. Triggered by different things described in a test-security site which claimed Zone-Alarm as being a great Firewall very rated, I'm almost to change my opinion and to change my attitude. A few days ago when I turned on PC in a morning a window has been poped up from Zone-Alarm saying to not forget mom's birthday which is coming soon. LOOOL - where are stored these informations and how were collected:
1) How that crap knows that I have a mother ?;
2) If I have a mother how knows when is her birthday?;
Something is not cool at all, private informations seems to be collected without permissions. Maybe is time to have a break in Web surfing and to change more things - these are so nasty for me especially after a few scans reporting 0 threats. I intend to do a small research related to this subject (maybe I have to do a HDD scan for different strings stored in unused sectors). Keep eyes opened, people. These data lost drives me to believe other things - also M$ released continously security updates last time...

User avatar
EvilGrins
Posts: 2653
Joined: Thu Jun 30, 2011 8:50 pm
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
NoMoreSpam: Silver
Location: Palo Alto, CA
Contact:

Re: Issues

Post by EvilGrins » Fri May 10, 2013 8:46 pm

Noticed this sorta issue a stretch back, when I was young and foolish (now i'm old and foolish) of ut files that disappeared. At the time I was hosting LAN games so it didn't seem likely the files were being ganked by someone else.

Keep in mind, ut is a lot like magic. If it can screw you over, it will.

Do you know what files are missing? I'd think they'd be easily replaceable.
Nelsona wrote:A few days ago when I turned on PC in a morning a window has been poped up from Zone-Alarm saying to not forget mom's birthday which is coming soon. LOOOL - where are stored these informations and how were collected:
1) How that crap knows that I have a mother ?;
2) If I have a mother how knows when is her birthday?;
Call it a hunch, but maybe your mom entered that info somewhere so it would remind you?

Never underestimate a crafty mother!

User avatar
Nelsona
Posts: 998
Joined: Sun Mar 06, 2011 11:45 am
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
Location: Still at Keyboard
Contact:

Re: Issues

Post by Nelsona » Sat May 11, 2013 12:54 am

Good points and jokes, but let me give a few details then ... for more scarry things.

My mother is an old woman living in other place not here with me (old house where I grown), rarely is using a PC to check news - and has even other Internet provider. I haven't ever typed any personal data of any of my parents in any of my PC-s. Also chating VIA IM apps is rare (we speak at phone when is necessary), I often chating with other people. So, question again ... is not looking like a spyware this rated so called Firewall ? I'm waiting answers from Dr. Flay, I'm curious about such occurences.

I put it in hoping to get help when I noticed a few file issues but nothing was better than a fresh install securing PC manually and also restoring UT server from backup - I did not trusted any more those files left - I even destroyed partition.

User avatar
Dr.Flay
Posts: 268
Joined: Sun Apr 07, 2013 6:35 am
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
NoMoreSpam: Silver
Location: Kernow, UK
Contact:

Re: Issues

Post by Dr.Flay » Sat May 11, 2013 6:10 am

First off, no thoughts to the culprit (but I have been up all night and can't think)
So, just observations and pointers.

Personally I never liked Zone Alarm.
There is too much emphasis on a funky GUI.
Programs that use big shiny graphics to fill the GUI, put me right off, as they tend to be aimed at beginners.
The birthday thing. Possibly they are using Facebook (or other social site).
Does not make sense for your firewall to notify you of calender events.
Did you use your email when you downloaded or installed it?
..Are you sure it was not another program ?

Process Explorer is very useful if you want to see if a task has launched sub-tasks, or look for resources running as threads.
It also allows you to see what connections on what ports are being used by a task.
http://technet.microsoft.com/sysinternals/bb896653
(BTW. This is a standard install on any PC I ever use for more than 5 minutes)

When it comes to my personal choice in firewall, I say get the best business-grade router, or hardware firewall you can afford.
2nd-hand bargains are common, as ISPs give away new routers when people upgrade or change their accounts.

When it comes to software firewalls, Commodo has always been a contender.
I guess due to their AV experience, their firewall also makes good use of their virus intrusion detection.
Having a quick look around, it still seems one of the best options.
http://personalfirewall.comodo.com
http://www.techsupportalert.com/best-free-firewall.htm

BTW. What is the AV installed on the server ?
If it one with a high false-positive detection ratio, then maybe it could be the culprit.
Image
chaoticdreams.org - @TheChaosMod - Web IRChat - [url=irc://irc.quakenet.org/chaoticdreams]IRChat[/url]

User avatar
Hermskii
Site Admin
Posts: 8500
Joined: Sun Jul 10, 2005 9:56 pm
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
NoMoreSpam: Silver
Location: Houston, Texas
Contact:

Re: Issues

Post by Hermskii » Sat May 11, 2013 8:54 am

It WAS AVG. Now it is another brand. I still haven't looked to see what is missing thus I have not tried to repair. I took AVG off it so fast that I forgot to see what it had in the quarantine. What ever was missing is gone for good now.

I did not know nor never heard before that UT starts dropping files here and there but it certainly makes sense. I recall forever ago having a discussion with Kelly about single install I had made once that went bad for no single good reason. He explained back then that just because I have a copy it didn't mean the copy was perfect.

To that is devastating because I wanted to think that if I copied a copy of a file 1 million times that the final copy would be exactly as the original. Wrong. Bummer.

Thanks all. Hopefully I'll play around with the servers today and figure them out. Another question please: Kelly mentioned replacing core files. Please explain further. I'm assuming that means to get certain files off the CD and replace ones in my installation with them. Which files exactly? How often?

I tried to install comodo dragon software firewall and av and it totally jacked my computer. Even after uninstall, if I go to a non working web page, comodo tells me it blocked me from going there though comodo isn't on my PC at all anymore ( I thought)
~Peace~

Hermskii

User avatar
Kelly
Posts: 131
Joined: Sat Dec 01, 2012 2:29 am
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
NoMoreSpam: Silver
Location: Coos Bay, Oregon

Re: Issues

Post by Kelly » Sat May 11, 2013 9:11 am

Herm, the easiest way is to do an in-place reinstall and here's how I do it. I'll get my GOTY cd and make a fresh install to some new place on my box (C:tempserver for example). I'll then patch this up to 436 and install the bonus packs. Once all that is done (be sure not to add any mods, etc. just what I said) then fire the installation up and play a brief minute of DM then quit. This sets up all the graphic, server, cpu data.

Now folder-by-folder copy the core files (skip any ini files, you only copy .u and .int from system folder but *all* the files from textures, music, maps, sounds) over to your existing installation you want to refresh. Be sure to overwrite everything because they will match and windows will want to skip.

That's it, your system is now 'new' and you won't have problems like deleted files. I do this once a year like I said. Takes about 20 minutes start-to-finish.
When everyone you ever known is headed for a headstone
I don’t wanna give the end away but we’re gonna die one day

User avatar
Hermskii
Site Admin
Posts: 8500
Joined: Sun Jul 10, 2005 9:56 pm
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
NoMoreSpam: Silver
Location: Houston, Texas
Contact:

Re: Issues

Post by Hermskii » Sat May 11, 2013 11:16 am

Awesomeness. I will give that a go.

I have fixed the severs. No hack was involved. 2 servers were missing their UCC.exe files and I server was missing its start-up-batch file.

I replaced all from a recent back and fired up each one 1 at a time and they are all on line now!
~Peace~

Hermskii

User avatar
Nelsona
Posts: 998
Joined: Sun Mar 06, 2011 11:45 am
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
Location: Still at Keyboard
Contact:

Re: Issues

Post by Nelsona » Sat May 11, 2013 1:52 pm

This is good ... because evil spirits seems to haunt the world in these moments...
susp.JPG
Now I don't know what happened.
You do not have the required permissions to view the files attached to this post.

User avatar
EvilGrins
Posts: 2653
Joined: Thu Jun 30, 2011 8:50 pm
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
NoMoreSpam: Silver
Location: Palo Alto, CA
Contact:

Re: Issues

Post by EvilGrins » Sat May 11, 2013 2:09 pm

Weird, never had that problem with AVG... although i check the Virus Vault part of it before emptying it.

User avatar
Dr.Flay
Posts: 268
Joined: Sun Apr 07, 2013 6:35 am
What is the middle number? (one, TWO, three): 2
ExtraAntiSpam: Blue
extraextraantispam: Yes
NoMoreSpam: Silver
Location: Kernow, UK
Contact:

Re: Issues

Post by Dr.Flay » Sat May 11, 2013 10:20 pm

You can get Comodo firewall on it's own. I should have suggested that.

The redirection/blocking of websites, is because it has swapped the DNS lookup in the "TCP/IP" section on your network device, routing via their DNS servers.
A few of the AV companies run DNS lookups so they can control the IP access.
I believe Comodo firewall lets you configure this via its own interface.

NOTE: ISPs that block/redirect, tend to do this more often for sites the RIAA have a problem with, than malware.
It is possible the AV companies may also block sites you want to access.

:idea: Just open the properties of the ethernet, and change it back to default "Automatic", or use "DNSBench" to find the fastest.
DNSBench will show you which servers redirect/block, and if you enable "Test for DNSSEC Authentication" it will show you more info after running the tests.
https://www.grc.com/dns/benchmark.htm

I use 2 secure ones that respond quickest from my location (I do not use ones that block/redirect)
TCP.png
Google have the fastest from my location, and are very easy to remember. eg. 8.8.8.8

:idea: Some of the functionality/security you gain from using an AV DNS lookup, you can do yourself with a HOSTS file.
The advantage of using a HOSTS file, is that you can manually add or remove IPs and domains.
http://my.opera.com/dr-flay/blog/how-to-block-sites
:idea: You can also use this method to block problem people in your ban-list, so they are completely blocked at the hardware level. No access via any port on any software.

Re choice of AV package.
I use the VB100 site as 1 of my guides to the top software, as their quarterly chart is presented in the simplest form.
Key to use You want whatever is in the furthest top-right corner :wink:
Image
http://www.virusbtn.com/vb100/latest_comparative/index

Avira is constantly better than all other free, and most of the paid for programs. After testing, I found it to be very configurable, and low on CPU usage.
You can for example stop the AV slowing the PC as much, by setting it to only scan when writing files.
If your PC is already clean, you only need to check files arriving or being created on it.

Avira has the ability to monitor the contents of the "Program Files" folder, and will undo any changes to files.
This includes you deleting or renaming a file with full admin-rights. It just goes back to the way it was.
This behaviour may help stop UT eating itself like a starved zombie, but I am not sure as it must allow software to work normally. eg. updating or using an installer.
it may help to block binaries from being changed, but that itself could cause problems.
You do not have the required permissions to view the files attached to this post.
Image
chaoticdreams.org - @TheChaosMod - Web IRChat - [url=irc://irc.quakenet.org/chaoticdreams]IRChat[/url]

Post Reply