Cant connect

[Asmodai]

Ok so three days in a row i get disconnected and;

"cannot connect to server press any key to try again" message

 

This happens for about half an hour each time, but once a day? I am clueless

 

back on now

[Asmodai]

off again

[Asmodai]

on again...but off again

[sparhawk]

that happens to me once and a while

[Derin]

Since you can connect at times, we can assume that there is nothing wrong with the game. The problem seems to be the internet connection's stability.

 

Unless you can provide more specifics, just Play&Pray

[Asmodai]

OK, this is from my antivirus log.

 

First this happens

 

"Details: Attempted Intrusion "BD Insane 4.0" against your machine was detected and blocked.

Intruder: eternal-lands.network-studio.com(62.93.225.26)(2000).

Risk Level: High.

Protocol: TCP.

Attacked IP: REGINALD(81.158.232.28).

Attacked Port: 1084."

 

(ok so i gave my comp a stupid name for a laugh)

 

And this instantly follows

 

"Details: Intrusion detected and blocked. All communication with eternal-lands.network-studio.com(62.93.225.26) will be blocked for 30 minutes.

 

You can get detailed information about this attack at Symantec Security Response. "

 

 

 

 

EDIT: what i have read about BD insane 4.0;

 

Backdoor Insane 4.0 is a Trojan that opens up a backdoor program that, once installed on a system, permits unauthorized users to remotely extract passwords, manage files, manipulate display, etc. Insane typically runs over port 2000 via TCP.

 

So its just waiting for EL to run...grrrrr

Edited September 17, 2005 by Asmodai

[Learner]

OK, this is from my antivirus log.

 

First this happens

 

"Details: Attempted Intrusion "BD Insane 4.0" against your machine was detected and blocked.

Intruder: eternal-lands.network-studio.com(62.93.225.26)(2000).

Risk Level: High.

Protocol: TCP.

Attacked IP: REGINALD(81.158.232.28).

Attacked Port: 1084."

 

(ok so i gave my comp a stupid name for a laugh)

 

And this instantly follows

 

"Details: Intrusion detected and blocked. All communication with eternal-lands.network-studio.com(62.93.225.26) will be blocked for 30 minutes. 

 

You can get detailed information about this attack at Symantec Security Response. "

EDIT: what i have read about BD insane 4.0;

 

Backdoor Insane 4.0 is a Trojan that opens up a backdoor program that, once installed on a system, permits unauthorized users to remotely extract passwords, manage files, manipulate display, etc. Insane typically runs over port 2000 via TCP.

 

So its just waiting for EL to run...grrrrr

197740[/snapback]

No, the problem is that EL is on port 2000 and that Norton sometimes is triggering on the EL traffic and claiming that BD insane 4.0 is involved. This is a false alert on Norton's part and Entropy is contacting Norton to get this resolved.

[Nyxl]

Received the same report from my firewall a few minutes ago. As I stated in the other thread, I'm not connecting again until the Admins have given proper response... :-/

 

Right now, I'm running all scanners I have on my machine.

 

Edit : crosspost with Learner.

 

Anyway, I'm afraid Norton will be slow to answer Entropy. Very slow. They seem to be a bit behind their former standards nowadays.

Edited September 17, 2005 by Nyxl

[Learner]

Received the same report from my firewall a few minutes ago. As I stated in the other thread, I'm not connecting again until the Admins have given proper response... :-/

 

Right now, I'm running all scanners I have on my machine.

 

Edit : crosspost with Learner.

 

Anyway, I'm afraid Norton will be slow to answer Entropy. Very slow. They seem to be a bit behind their former standards nowadays.

197748[/snapback]

And I applaude you for your caution! I wish more people were concerned about the security of their machines.

[cedox]

Please report this to EL boards at the thread I linked above, then. If Bitdefender issued the same alert, then it may be more serious than currently assessed.

 

I had same message about same Trojan by Bitdefender online scanner earlier. It claimed the virus had come with EL (Can't remember how it was put) I didn't believe it had anything to do with EL so I just wiped out my system restore files, because trojan nested there and did a new scan. No more virus. Also deleted all EL files.

 

- Cedox

[Nyxl]

Considering there are two different protection softwares reacting to EL as to BD Insane 4.0, considering there seem to be trouble on the servers, I strongly advise the developement/administration team to investigate that Trojan issue carefully.

 

Those events occured in too tight a time-range to be sheer coincidence.

Edited September 17, 2005 by Nyxl

[ttlanhil]

as far as the trojan, did you get the client installer from the main site or mirror? (ents post on forums had main site)

at what time did you download it? (shortly before the update happened, or after?)

have you had virus reports for this at any other time or from any other program before?

edit: oh, and to make sure... windows or linux download?

 

if you are in a position to get a client from another source (not ent's posted build) then please try that (assuming you trust whoever you got it from... because it'll be used on main server, you can only get it from a recognised developer anyway). if somehow a trojan did get into the binaries on the website, one compiled and stored elsewhere will still be clean

if, however, you've ever had the same infection in other files, that's a more likely cause

Edited September 17, 2005 by ttlanhil

[cedox]

as far as the trojan, did you get the client installer from the main site or mirror? (ents post on forums had main site)

 

Main site

 

at what time did you download it? (shortly before the update happened, or after?)

 

Yesterday I think, can't remember exact time. Copied it just to check new objects in map maker.

 

have you had virus reports for this at any other time or from any other program before?

 

Yes, had several spyware stuff when I used bitcomet's inbuilt IE browser. But got rid of them half a year ago. After that none tha I know of. I don't have active scan on, only doing occasional online scanner checks.

 

oh, and to make sure... windows or linux download?

Yes, you guessed right.

 

It's very much possible it came with some other file. Although haven't been dling much stuff lately. Last virus check before this one was about a month ago.

 

- Cedox

[LadyWolf]

I use Mcaffee Internet Suite 2005 and have not had any problems with it detecting a virus within EL. I think Norton and that otherone are notorious for eronious reports.

 

I work for Dell and we get calls all the time about Norton saying that some of our Dell installed software contains this very same trojan.

[Nyxl]

Well...

 

Will someone tell me what's so different between former release and current version, as to network protocols, to have Norton react that way only after the update ? Up to now, I never had to complain about my firewall/antivirus, and Eternal Lands is about the most unsafe software I use on my computer (I blocked Internet Explorer a few weeks ago).

 

Thing is, if it's a false alert, I'm still not convinced the solution ought to come from Norton. Why would EL servers bring about such an alert now, and not on previous version ? I'm sorry, but I can't help being suspicious.

 

I do not scoff at what's been said so far, but there have been too many curious events for me not to get a bit edgy about this.

 

Mind you : there's an unexpected crash of the server earlier today, and soon after it's back online, I get those alerts ? Mmh... Sorry, but it sounds fishy to me.

 

 

TTlanhil, I run on a Win200Pro (sp4) station, with Norton 2004 ISP tightly configured; and I downloaded current release Windows client the very day Entropy disclosed the link (that is about two days before actual release of the server). I sincerely doubt it has something to do with the current issues. I run a check at least once per week (yes, I know I should do that daily) and never encountered such a "threat alert" before aforementioned events. As far as I know, my computer is clean and safe, and I intend it to stay that way.

 

So until I can be assured it's really a false security alert, and until it is solved server-side or client-side or both, I will refrain from playing. And I SHAN'T turn my firewall off just for a mmorpg, as good as it proved to be.

 

You (developers and players) most certainly can do without me for a while, and I can do without game too, so I guess it's ok.

 

If I sound harsh, please take no offense in the present post. I'm just very concerned about the safety of the community, and ITC security is becoming an important part of my everyday work, so I'm sceptical and paranoid. No hurt intended here.

[Arnieman]

I'm a WinXP Pro SP2 User, and got the download about as soon as it went up on the forum for the update. After reading this, I thought I'd check for any virus issues (I've already learned the hard way before about virii; you don't take them lightly if you value your machine).

 

After checking out my computer with AVG Free 7.0 (Virus Def. 9/16/2005, 11:30:00 AM), Ad-aware (fully updated as well), and HijackThis (a personal favorite of mine - I don't recommend this unless you make darn sure you know what you are doing), I've found nothing out of the ordinary.

 

Based on what I've found on my machine (or, rather, not found), I'd say the problem may be in the other utilities - or EL is now a virus and my program didn't catch it.