Help For DB

11/24/2018 20:19 eiron2010#1
How do I know back door in DB
What is the correct way to delete back door
thanks
11/24/2018 21:01 Genoxid#2
you probably didnt fix the sql injection ingame (guild notice text sql injection) ;) And if you close the sql port no one can connect to your sql so its to 99,98% ingame !
11/24/2018 21:14 eiron2010#3
Do you mean when they are SQL closed no one can penetrate me
11/25/2018 00:04 .Aaron#4
Quote:
Originally Posted by Genoxid View Post
you probably didnt fix the sql injection ingame (guild notice text sql injection) ;) And if you close the sql port no one can connect to your sql so its to 99,98% ingame !

That's not true. If you blocked the mssql port (1433 by default), the SQL injection made by the fw npc will still work. This injection can be fixed either through the gameserver or through your filter.
If you block all connections to the mssql port, backdoors inside your database (i.e. backdoors made through the _Memo_Add procedure) would still work no matter if you blocked the mssql port or not.

@OT
There are a lot of procedures that you have to check to know if your database has "backdoors" or not. One of them is _Memo_Add. However, I wouldn't really advise you to use a database that's not developed by you. You better use the vsro 188 original database. Of course it will take you some time to add the stuff you want to it, but look at the bright side, you will at least learn more about database related stuff.
11/25/2018 00:05 Genoxid#5
Quote:
Originally Posted by .Aaron View Post
That's not true. If you blocked the mssql port (1433 by default), the SQL injection made by the fw npc will still work. This injection can be fixed either through the gameserver or through your filter.
If you block all connections to the mssql port, backdoors inside your database (i.e. backdoors made through the _Memo_Add procedure) would still work no matter if you blocked the mssql port or not.

@OT
There are a lot of procedures that you have to check to know if your database has "backdoors" or not. One of them is _Memo_Add. However, I wouldn't really advise you to use a database that's not developed by you. You better use the vsro 188 original database. Of course it will take you some time to add the stuff you want to it, but look at the bright side, you will at least learn more about database related stuff.
i think you understood me wrong i actually said when he close the sql port no one can connect to his database even they have a backdoor there but when the guild notice sql injection still works they can use querys to make gm account or items ;)
11/28/2018 09:04 MrCatGardens#6
Quote:
Originally Posted by Genoxid View Post
i think you understood me wrong i actually said when he close the sql port no one can connect to his database even they have a backdoor there but when the guild notice sql injection still works they can use querys to make gm account or items ;)
Thats why you wont open a server without any kind of filter.
btw, one more advice. Change your default sql-ports. from 1433 to sth like 45211 whatever. just to avoid any bruteforce on this port. same counts for the rdp-port. but before closing the old one, you should open the new one. otherwise... houston, we've got a problem... :bandit:
12/10/2018 00:05 IM HictoR#7
close ur sql port and use high filter