For now...Quote:
Perfection, InsaneSRo, bloody, elitesro, atomix, salvation = 100% patched and secure.
so yeah... no one cares about this shitty hack anymore... good game!
:D
Fix for the Certification Server
11/16/2011 03:39
Amanda98#31
:D
11/16/2011 03:46
jangan322#32
rofl, i would love to see you try and hack one of those servers.Quote:
:D
11/16/2011 03:56
Miki Maus#33
nmap - ip adress - port range. gf.Quote:
11/16/2011 05:41
B3G0D0FW4R#34
Why he cant get port of server?
netstat -n
FTW
netstat -n
FTW
11/16/2011 08:16
Amanda98#35
Why pointing at me? Oriya is the one who u should worry about :D But my prediction is if Oriya could get hundred bucks by just messing your server database i don't think he would stop now.Quote:
11/16/2011 11:49
harddriver#36
Reading threw all of these posts here is a idea if we can implement it on our servers. Why not just setup a validation packet that the server will allow the connection if it has this packet. And this packet is only included with the sro_client? But also for those of you that have servers up and you are the owners if you find out whos doing this, which you can by pulling logs im hoping you have logs bc if not then you are just dumb. But anyways if you own your own server and this happens to you then you can find out who is doing it and then sue them for lost of revenues and damagaes. Even though this is a illegal copy of the game they are hacking a server you are paying real money for. I know any servers hosted in the usa you can pursue this and the server host can hunt down whos doing it and file a case against them regardless what country they live in.
But back on topic here. Changing the ports wont work as someone said all they have to do is do a port scanner. I personally havent tested things to see where the problem lies in how secure everything is. But I went to college for networking engineer and there is a way to setup a validation packet on every single connection. The Us military does it with all of their logins to their network. To explain it a bit in more lamen terms though. Basically stating a validation packet meaning for database login set it up so only a ip can login to it. Like a certain town or city or a certain pc. if you limit who can login to your database or your main root of the server by a validation then you will knock out most of the hacks out there. Just a thought maybe this c++ coder could work on something like that for a fix. If I get time ill look at it and try to develop something like that and test it out and see if it works.
But back on topic here. Changing the ports wont work as someone said all they have to do is do a port scanner. I personally havent tested things to see where the problem lies in how secure everything is. But I went to college for networking engineer and there is a way to setup a validation packet on every single connection. The Us military does it with all of their logins to their network. To explain it a bit in more lamen terms though. Basically stating a validation packet meaning for database login set it up so only a ip can login to it. Like a certain town or city or a certain pc. if you limit who can login to your database or your main root of the server by a validation then you will knock out most of the hacks out there. Just a thought maybe this c++ coder could work on something like that for a fix. If I get time ill look at it and try to develop something like that and test it out and see if it works.
11/16/2011 13:08
gigola123#37
B3nc0 has the solution to fix this problem! I spoke with him about the exloit .Quote:
Sorry in advance for this proof exploit and for double post.
For shut up members who don't trust me this is a screenshot of EWsRO database I'm not a bastard, I didn't touch his data. Please Admin of this server confirm my actions.
DB data exemple :
[Only registered and activated users can see links. Click Here To Register...]
Connection with SMC :
[Only registered and activated users can see links. Click Here To Register...]
If someone would want to check if his server is secured or he don't trust me, pm me tonight to prove you.
As I wrote I'm not a bastard. It's for that I have never reveale or exploit this security hole.
If you want to resolve your problem the best solution it's to speak with him ;)
11/16/2011 13:17
kevin_owner#38
benco I agree with you that this fix doesn't solve all the problem but it fixes a very important one.
I just check their cert and you're right they are NOT secure but neither are a lot of other servers I checked. However the servers who use this fix are save and I can't use this exploit anymore.
But once again there are tons of other security measures which you should take to make your server secure. Just this fix doesn't solve everything and their might be more stuff wrong with the certification server.
I just check their cert and you're right they are NOT secure but neither are a lot of other servers I checked. However the servers who use this fix are save and I can't use this exploit anymore.
But once again there are tons of other security measures which you should take to make your server secure. Just this fix doesn't solve everything and their might be more stuff wrong with the certification server.
11/16/2011 13:42
benco#39
I knew this issue when I worked on a pserver project. I have talked about it to my friends but I didn't solve it do to a conflict with one memenber and I leaved project. But I'm not a cracker, I didn't reveale or exploited this issue.
For fixed server (like ClassOnline) admins :
Could you please contact me with PM forum and give me your new ports to trying my test ?
You help will fast my test than scanning port
I'm currently experimenting an other hole issue. BUT if my hypothese is in the good way, this bug issue will not work.Quote:
If you want to resolve your problem the best solution it's to speak with him ;)
For fixed server (like ClassOnline) admins :
Could you please contact me with PM forum and give me your new ports to trying my test ?
You help will fast my test than scanning port
11/16/2011 13:46
_Dev1l_#40
bro we need also many server safe 100% and many still need ur help.Quote:
so yeah... no one cares about this shitty hack anymore... good game!
11/16/2011 14:17
Shane¸#41
could you tell me the ports of this cert server?
11/16/2011 14:24
kevin_owner#42
You define the port in the srNodeData.ini file.
The certification server is probably [entry1] but just to be sure that it's the certification server check if the node_id=1 a few lines below this node_id= you can find a field called port and there you can change the port.
The certification server is probably [entry1] but just to be sure that it's the certification server check if the node_id=1 a few lines below this node_id= you can find a field called port and there you can change the port.
11/16/2011 14:28
benco#43
Before making a server, please think about private life and security of your members ;)Quote:
11/16/2011 14:34
PortalDark#44
simple wordsQuote:
learn basic server security
[Only registered and activated users can see links. Click Here To Register...]
Quote:
Firewalls
If you don’t plan to run one of these, get your server off the net! Whether it’s a home server or corporate, you should have at least one firewall that is decent. Make sure it has the ability to block specific IPs/ranges, and also specific ports and applications. Basically, a firewall on a unsecured Windows 2000 installation can secure it well. You can make sure all ports are blocked, in exception of the server ones. For example, if all you are running is a HTTP server, you should only allow traffic to connect on port 80. Also, you will run into situations where someone is illegally trying to gain access to your server – with your firewall, you can simply block that IP address.
11/16/2011 15:26
pushipu#45
Firewalls will not help you avoid this.. let's say tested and worked (got hacked)...