|
You last visited: Today at 22:52
Advertisement
Fix for the Certification Server
Discussion on Fix for the Certification Server within the SRO Private Server forum part of the Silkroad Online category.
11/16/2011, 03:39
|
#31
|
elite*gold: 0
Join Date: Sep 2011
Posts: 642
Received Thanks: 193
|
Quote:
Originally Posted by jangan322
Perfection, InsaneSRo, ******, elitesro, atomix, salvation = 100% patched and secure.
so yeah... no one cares about this ****** hack anymore... good game!
|
For now...
|
|
|
11/16/2011, 03:46
|
#32
|
elite*gold: 0
Join Date: Apr 2008
Posts: 310
Received Thanks: 196
|
Quote:
Originally Posted by Amanda98
For now...
|
rofl, i would love to see you try and hack one of those servers.
|
|
|
11/16/2011, 03:56
|
#33
|
elite*gold: 0
Join Date: Aug 2010
Posts: 346
Received Thanks: 416
|
Quote:
Originally Posted by rushcrush
well not so important since all the ports changed to new numbers(the hacker wont know it ^^)
|
nmap - ip adress - port range. gf.
|
|
|
11/16/2011, 05:41
|
#34
|
elite*gold: 0
Join Date: Sep 2011
Posts: 857
Received Thanks: 184
|
Why he cant get port of server?
netstat -n
FTW
|
|
|
11/16/2011, 08:16
|
#35
|
elite*gold: 0
Join Date: Sep 2011
Posts: 642
Received Thanks: 193
|
Quote:
Originally Posted by jangan322
rofl, i would love to see you try and hack one of those servers.
|
Why pointing at me? Oriya is the one who u should worry about But my prediction is if Oriya could get hundred bucks by just messing your server database i don't think he would stop now.
|
|
|
11/16/2011, 11:49
|
#36
|
elite*gold: 0
Join Date: Feb 2008
Posts: 172
Received Thanks: 22
|
Reading threw all of these posts here is a idea if we can implement it on our servers. Why not just setup a validation packet that the server will allow the connection if it has this packet. And this packet is only included with the sro_client? But also for those of you that have servers up and you are the owners if you find out whos doing this, which you can by pulling logs im hoping you have logs bc if not then you are just dumb. But anyways if you own your own server and this happens to you then you can find out who is doing it and then sue them for lost of revenues and damagaes. Even though this is a illegal copy of the game they are hacking a server you are paying real money for. I know any servers hosted in the usa you can pursue this and the server host can hunt down whos doing it and file a case against them regardless what country they live in.
But back on topic here. Changing the ports wont work as someone said all they have to do is do a port scanner. I personally havent tested things to see where the problem lies in how secure everything is. But I went to college for networking engineer and there is a way to setup a validation packet on every single connection. The Us military does it with all of their logins to their network. To explain it a bit in more lamen terms though. Basically stating a validation packet meaning for database login set it up so only a ip can login to it. Like a certain town or city or a certain pc. if you limit who can login to your database or your main root of the server by a validation then you will knock out most of the hacks out there. Just a thought maybe this c++ coder could work on something like that for a fix. If I get time ill look at it and try to develop something like that and test it out and see if it works.
|
|
|
11/16/2011, 13:08
|
#37
|
elite*gold: 0
Join Date: Jun 2007
Posts: 718
Received Thanks: 378
|
Quote:
Originally Posted by benco
On waiting my thread validated by admins :
Sorry in advance for this proof exploit and for double post.
For shut up members who don't trust me this is a screenshot of EWsRO database I'm not a *******, I didn't touch his data. Please Admin of this server confirm my actions.
DB data exemple :
Connection with SMC :
If someone would want to check if his server is secured or he don't trust me, pm me tonight to prove you.
As I wrote I'm not a *******. It's for that I have never reveale or exploit this security hole.
|
B3nc0 has the solution to fix this problem! I spoke with him about the exloit .
If you want to resolve your problem the best solution it's to speak with him
|
|
|
11/16/2011, 13:17
|
#38
|
elite*gold: 0
Join Date: Jan 2010
Posts: 1,484
Received Thanks: 809
|
benco I agree with you that this fix doesn't solve all the problem but it fixes a very important one.
I just check their cert and you're right they are NOT secure but neither are a lot of other servers I checked. However the servers who use this fix are save and I can't use this exploit anymore.
But once again there are tons of other security measures which you should take to make your server secure. Just this fix doesn't solve everything and their might be more stuff wrong with the certification server.
|
|
|
11/16/2011, 13:42
|
#39
|
elite*gold: 0
Join Date: May 2007
Posts: 99
Received Thanks: 39
|
I knew this issue when I worked on a pserver project. I have talked about it to my friends but I didn't solve it do to a conflict with one memenber and I leaved project. But I'm not a cracker, I didn't reveale or exploited this issue.
Quote:
Originally Posted by gigola123
B3nc0 has the solution to fix this problem! I spoke with him about the exloit .
If you want to resolve your problem the best solution it's to speak with him
|
I'm currently experimenting an other hole issue. BUT if my hypothese is in the good way, this bug issue will not work.
For fixed server (like ClassOnline) admins :
Could you please contact me with PM forum and give me your new ports to trying my test ?
You help will fast my test than scanning port
|
|
|
11/16/2011, 13:46
|
#40
|
elite*gold: 0
Join Date: Nov 2011
Posts: 67
Received Thanks: 16
|
Quote:
Originally Posted by jangan322
Perfection, InsaneSRo, ******, elitesro, atomix, salvation = 100% patched and secure.
so yeah... no one cares about this ****** hack anymore... good game!
|
bro we need also many server safe 100% and many still need ur help.
|
|
|
11/16/2011, 14:17
|
#41
|
elite*gold: 100
Join Date: May 2010
Posts: 1,948
Received Thanks: 1,635
|
could you tell me the ports of this cert server?
|
|
|
11/16/2011, 14:24
|
#42
|
elite*gold: 0
Join Date: Jan 2010
Posts: 1,484
Received Thanks: 809
|
You define the port in the srNodeData.ini file.
The certification server is probably [entry1] but just to be sure that it's the certification server check if the node_id=1 a few lines below this node_id= you can find a field called port and there you can change the port.
|
|
|
11/16/2011, 14:28
|
#43
|
elite*gold: 0
Join Date: May 2007
Posts: 99
Received Thanks: 39
|
Quote:
Originally Posted by _Dev1l_
bro we need also many server safe 100% and many still need ur help.
|
Before making a server, please think about private life and security of your members
|
|
|
11/16/2011, 14:34
|
#44
|
Chat Killer In Duty
elite*gold: 5
Join Date: May 2008
Posts: 16,307
Received Thanks: 6,469
|
Quote:
Originally Posted by benco
Before making a server, please think about private life and security of your members
|
simple words
learn basic server security
Quote:
Firewalls
If you don’t plan to run one of these, get your server off the net! Whether it’s a home server or corporate, you should have at least one firewall that is decent. Make sure it has the ability to block specific IPs/ranges, and also specific ports and applications. Basically, a firewall on a unsecured Windows 2000 installation can secure it well. You can make sure all ports are blocked, in exception of the server ones. For example, if all you are running is a HTTP server, you should only allow traffic to connect on port 80. Also, you will run into situations where someone is illegally trying to gain access to your server – with your firewall, you can simply block that IP address.
|
|
|
|
11/16/2011, 15:26
|
#45
|
elite*gold: 0
Join Date: Feb 2008
Posts: 339
Received Thanks: 72
|
Firewalls will not help you avoid this.. let's say tested and worked (got hacked)...
|
|
|
|
|
Similar Threads
|
[Release] EliteSro - Certification Server[Untouched]
09/26/2021 - SRO Private Server - 22 Replies
Link:
esro cert.rar (51,35 KB) - uploaded.to
Screen:
http://img17.imageshack.us/img17/8427/nonamegh.jp g
@Comments: All about security esro bro ;), secure your god damn server next time better.
|
i get an error when i try to compile my Custom Certification Server
03/23/2018 - SRO Private Server - 20 Replies
as the title said after finish my cfg
i get that error
http://img836.imageshack.us/img836/2971/44069292. png
would any one help
please don't post useless posts :) thank you
|
[Release] Fixed Certification Server
03/05/2014 - SRO PServer Guides & Releases - 13 Replies
This is a fix for the security hole inside the custom certification of drew.
I won't explain the details of this bug yet since other people could take advantage of the servers who aren't aware of this yet. But it is a really simple solution.
There might be a problem for some people since there are a lot of modified certification servers out there but I based this one on the originial cert server of drew which means that there should be an entry in the srNodeType.ini called "Certification...
|
problem with certification server
04/25/2010 - SRO Private Server - 18 Replies
Hi guys!
I have a problem with the certification server in server files.
It can detect only the globalmanager..:S
the another servers aren't certificated.....
and I dont know why....can someone help me,please?
|
All times are GMT +2. The time now is 22:52.
|
|