[Help] Db problem

10/01/2013 17:30 Gamer ##1

Hello Everyone , I m [ADM] of Shaiya Earth . Today someone setted to 4-5 ppl 27000 stat points . I have this server since 7 months and never happend this . User/Pass from Db is change + cripted in filles , this is configured 100% good but i don't know how this person can add 27000 stat points to more ppl . Anyone can help me ? I need some help please

10/01/2013 17:39 nubness#2

Check logs to see if it wasn't a GM character setting stats from in game.

10/01/2013 17:50 Gamer ##3

Nope, is not a GM account

10/01/2013 18:35 nubness#4

How sure can you be ? Did you check your logs or not ? I doubt you did, so you should do it.

Also, in the SQL Server configuration manager, disable external connections, this way you can only connect from the localhost, which is the server itself. That's if you really believe someone got access to your SQL Server databases.

You should talk here instead of sending me PMs, this is the purpose of the forums.

10/02/2013 14:24 Gamer ##5

still not solved

10/02/2013 16:49 littleJon#6

So if you as you say SQL injection excludes then it must be an GM

shows changing status Gm commands:

Code:

Use PS_GameLog
Select UserId, Charname, MapID, ActionTime, Actiontype, Text1, Text2 as TargetName, Text3 as Value
From ActionLog
where Actiontype = '180' and Text1 like '%SetStatus%'
Order By ActionTime desc

if there is nothing to find then maybe your root is hacked (change Root PW)

10/02/2013 17:41 Gamer ##7

Nope , Last change was 3 months ago with command in game

But Why he can change only Stat points , he can't ban/unban or other things only Set status

10/02/2013 19:35 nick4ever#8

I think you should recheck your website or something that from web can access to PS_GameData. Or use SQL Profiler to track it. I assume that you have SQL injection that I have experienced before

10/02/2013 21:41 Gamer ##9

Can u help me with this ? my skype : admin_crank

10/04/2013 08:41 nick4ever#10

@Gamer # : Try this
1. Reset stat point for all players in your server.
2. Shutdown your web or your pages that connect to PS_GameData directly
(Wait for days to assure that the problem comes from your web)

If your web is the cause, you need to move your query to store procedure of use SQL Profiler to track infects

Hope this helps

10/06/2013 11:15 Gamer ##11

Now i see no more stat points added , i removed panel from host but now is hard to work without panel

10/06/2013 13:06 nubness#12

It's hard because you don't know SQL, but you can stay like that for a while, maybe a better admin panel will be released soon.

10/06/2013 17:43 nick4ever#13

I have never use admin page, I wrote myself an Java socket application on desktop and android mobile. So I dont really need Admin panel. Try to work around with SQL

10/13/2013 06:48 Autrux#14

#closed