Exclusive: Numerous Brokers Experience Serious Delays Due to MT4 Server Vulnerability

Friday, 24/10/2014 | 10:02 GMT by Victor Golovtchenko
  • An attack on PrimeXM’s MT4 Server by an individual client caused more than 20 of the firm's brokerages a substantial disruption of their services last Wednesday, which happened to be one of the most volatile days of the year.
Exclusive: Numerous Brokers Experience Serious Delays Due to MT4 Server Vulnerability
server_room

According to information obtained exclusively by Forex Magnates, an attack by a single user of one of the brokers connected to PrimeXM last Wednesday (15th of October) resulted in the company’s MT4 server suffering severely, with customers of more than 20 brokerages connected to the server experiencing delays between 10 and 15 seconds.

The event could be revealing a potentially disruptive structural weakness in the MT4 Trading Platform which resulted in several brokerages delivering very poor service to their customers last Wednesday. Coincidentally (or not) the disruption happened during the four most actively traded hours on the foreign exchange market in October and possibly throughout the year so far.

With one single client exploiting this vulnerability singlehandedly, all of PrimeXM’s customers were affected materially with some reporting longer delays, frozen quotes and all of this when the EUR/USD staged its biggest single day rally in more than a year. Once the issue was identified, PrimeXM disabled the account from where the attack was coming from and proper client service was restored to the brokerages and their clients.

Forex Magnates reached out to PrimeXM and MetaQuotes to get more information officially. As of the time of publication MetaQuotes has yet to reply.

Update:

Official information provided by PrimeXM reveals that the attack caused execution delays for clients between 5 to 30 seconds; frozen quotes inside the MT4 terminal and MT4 manager from 5 to 30 seconds; inability of the MT4 service to synchronize data via the Watchdog service; memory fluctuations of the MT4 service in the range of 300MB / second.

According to PrimeXM, steps taken to identify the issue ranged from removing all third party plugins, an in depth investigation of the network infrastructure, failing over the MT4 service to different hardware as well as different physical locations. The latter could not be done following standard procedure due to the attack's disruptive impact on the ability of the MT4 server to synchronize data via the Watchdog service.

The above steps failed to restore normal service until further investigations revealed frequent reconnect attempts of this specific MT4 terminal. Once this account was disabled all symptoms disappeared and proper service was restored.

PrimeXM has shared with MetaQuotes and Forex Magnates specific details on how the attack was carried out, however, as it currently seems that such an attack could be initiated by any client terminal to any MT4 broker, Forex Magnates has been asked not to publish this information.

server_room

According to information obtained exclusively by Forex Magnates, an attack by a single user of one of the brokers connected to PrimeXM last Wednesday (15th of October) resulted in the company’s MT4 server suffering severely, with customers of more than 20 brokerages connected to the server experiencing delays between 10 and 15 seconds.

The event could be revealing a potentially disruptive structural weakness in the MT4 Trading Platform which resulted in several brokerages delivering very poor service to their customers last Wednesday. Coincidentally (or not) the disruption happened during the four most actively traded hours on the foreign exchange market in October and possibly throughout the year so far.

With one single client exploiting this vulnerability singlehandedly, all of PrimeXM’s customers were affected materially with some reporting longer delays, frozen quotes and all of this when the EUR/USD staged its biggest single day rally in more than a year. Once the issue was identified, PrimeXM disabled the account from where the attack was coming from and proper client service was restored to the brokerages and their clients.

Forex Magnates reached out to PrimeXM and MetaQuotes to get more information officially. As of the time of publication MetaQuotes has yet to reply.

Update:

Official information provided by PrimeXM reveals that the attack caused execution delays for clients between 5 to 30 seconds; frozen quotes inside the MT4 terminal and MT4 manager from 5 to 30 seconds; inability of the MT4 service to synchronize data via the Watchdog service; memory fluctuations of the MT4 service in the range of 300MB / second.

According to PrimeXM, steps taken to identify the issue ranged from removing all third party plugins, an in depth investigation of the network infrastructure, failing over the MT4 service to different hardware as well as different physical locations. The latter could not be done following standard procedure due to the attack's disruptive impact on the ability of the MT4 server to synchronize data via the Watchdog service.

The above steps failed to restore normal service until further investigations revealed frequent reconnect attempts of this specific MT4 terminal. Once this account was disabled all symptoms disappeared and proper service was restored.

PrimeXM has shared with MetaQuotes and Forex Magnates specific details on how the attack was carried out, however, as it currently seems that such an attack could be initiated by any client terminal to any MT4 broker, Forex Magnates has been asked not to publish this information.

About the Author: Victor Golovtchenko
Victor Golovtchenko
  • 3424 Articles
  • 27 Followers
About the Author: Victor Golovtchenko
Victor Golovtchenko: Key voice in crypto and FX, providing cutting-edge market analysis.
  • 3424 Articles
  • 27 Followers

More from the Author

Retail FX

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}