New ShardManager exploit has appeared

Page 1 of 2 1 2
02/27/2013 14:13 mettyou#1
Hello,

Starting from 2 days ago, our shardmanager starts to get some kind of new attack. It displays in shardmanager window "Exception occured in Shard Update" thousand of times and thousand of dmp files are created in vsro directory since msg count of shardmanager reaches 100-120 k. After that, shardmanager is locked and no one can enter the game before it is restarted. Does anyone have an idea on what can be done ?

Thank you for any help.
02/27/2013 14:43 GoneUp#2
Is the port of the shard open?
02/27/2013 14:46 鳳凰城#3
Quote:
Originally Posted by mettyou View Post
Hello,

Starting from 2 days ago, our shardmanager starts to get some kind of new attack. It displays in shardmanager window "Exception occured in Shard Update" thousand of times and thousand of dmp files are created in vsro directory since msg count of shardmanager reaches 100-120 k. After that, shardmanager is locked and no one can enter the game before it is restarted. Does anyone have an idea on what can be done ?

Thank you for any help.
Actually , disabling dmps by olly dbg is a good choice. ( Never tested it on Shard manager , did with gameserver )
02/27/2013 14:47 mettyou#4
No, only gateway and agentserver ports are open to public as it must be

Quote:
Originally Posted by Phoenix 1337 View Post
Actually , disabling dmps by olly dbg is a good choice. ( Never tested it on Shard manager , did with gameserver )
Do you have any idea on disabling dmps with shardmanager, it is different from gameserver. Changing name of the .dll which is used to create dmps is a choice I think and did that.
02/27/2013 14:56 LastThief*#5
Face it or not sro is dead
02/27/2013 15:03 mettyou#6
Quote:
Originally Posted by LastThief* View Post
Face it or not sro is dead
What do you mean?
02/27/2013 15:22 Nezekan#7
Which server are you running?

You can try to disable the creation of dump files, whether it will fix the exploit is an unanswered question. The error message is free for interpretation however
02/27/2013 15:55 mettyou#8
Quote:
Originally Posted by Nezekan View Post
Which server are you running?

You can try to disable the creation of dump files, whether it will fix the exploit is an unanswered question. The error message is free for interpretation however
We use vsro 1.188 files. I tried to disable dump files for shardmanager but still not success. Have an idea on how to do it?
02/27/2013 16:00 鳳凰城#9
Quote:
Originally Posted by mettyou View Post
We use vsro 1.188 files. I tried to disable dump files for shardmanager but still not success. Have an idea on how to do it?
I will play some in ollydbg to figure it out , Till then , you could ask an expert in ollydbg.
02/27/2013 17:13 sarkoplata#10
[New Shard Manager Exploit] has arrived in ?
You better play sro instead of working on it lol
02/27/2013 19:21 mettyou#11
Quote:
Originally Posted by sarkoplata View Post
[New Shard Manager Exploit] has arrived in ?
You better play sro instead of working on it lol
Thank you for your advice, but you had better keep it for your own and not comment if you dont have any idea on what we are talking about.
02/27/2013 21:27 sarkoplata#12
Quote:
Originally Posted by mettyou View Post
Thank you for your advice, but you had better keep it for your own and not comment if you dont have any idea on what we are talking about.
This is a forum and everyone can say their thoughts freely bla bla... sorry if my comment did not include your fix. Bye
02/28/2013 18:18 Iwa13#13
joysro ? :D
03/02/2013 21:53 InZiDeR#14
Write a proxy for your managers and servers that filter out those packets.
03/04/2013 15:21 mettyou#15
Quote:
Originally Posted by Iwa13 View Post
joysro ? :D
??

Quote:
Originally Posted by InZiDeR View Post
Write a proxy for your managers and servers that filter out those packets.
Thank you for the answer, we already have a proxy for that but it is complicated to find out the packages which cause the problem.
Page 1 of 2 1 2