I can't keep our server up for long before it crashes. It's been stable up until Saturday evening and nothing has changed server-side to account for the crashes. This post seems to suggest that a server crasher is in the wild and being used to bring down servers.
There are four serious bugs in LFS server. Two of them allowing remote code execution (and remote crashing the server), the other two allowing crashing the server. The bug was reported 5th Aug, and since 14 Aug the proof of koncept has become available for script kiddies. I'm not going to give you any links, search for yourself, if interested. My recommendation is to set passwords on your servers, until it will be fixed. The server still can be crashed, but the attacker has to know the password. All of our public Actual Linux servers were crashed systematically. It seems to me, that all threads here at forum about this bug has been closed or deleted.
Yes, they can, i meant that a server can be crashed without the crasher needing to even have an S2 License - it's so early in the connection that tbh i don't think a password could stop it but i'd like to be proved wrong.
You're right, the atacker don't need the S2 account. If the server is protected by a password, then the attacker needs to know it (at least for published proof of concept). Both demo and S2 severs can be crashed. Please don't ask for details here.
I've simply added in a script into my InSim Application that realises its lost connection.
It then attempts to reconnect 3 times (with a 20 second gap), if it fails to connect the application then reloads the LFS.exe with the correct configuration file - then reconnects to the InSim protocol.
I know its not a "fix", but its atleast a part time solution!