Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > Dekaron > Dekaron Private Server
You last visited: Today at 10:12

  • Please register to post and access all features, it's quick, easy and FREE!

 

Xamp Security Someone understand well Xamp?

Reply
 
Old   #1
 
elite*gold: 0
Join Date: May 2012
Posts: 253
Received Thanks: 132
Unhappy Xamp Security Someone understand well Xamp?

Xamp Security Someone understand well Xamp?
for security for people no hack Data Base dekaron
I have change all pw and root but how people can continue hacker after change all pw and root id
if someone understand and can help thankyou!



Action10 is offline  
Old   #2
 
elite*gold: 0
Join Date: May 2014
Posts: 71
Received Thanks: 17
Just change xamp port ! or make API


DK- is offline  
Old   #3
 
elite*gold: LOCKED
Join Date: Oct 2016
Posts: 286
Received Thanks: 76
Xampp is not the best idea in win, if you use atleast linux to host it, well than the modules will be more secure. At the begining what i can say is remove webdav folder, deny connections to it because if you just delete the folder an easy shell can mkdir again, and edit some modules and protect them with htacess. This applys to your htdocs but i use much linux to host webserver that i almost forgot how windows is quite unstable for that porpuse.
Underfisk is offline  
Old   #4
 
elite*gold: 0
Join Date: May 2012
Posts: 253
Received Thanks: 132
what is good for windows server 2012?


Action10 is offline  
Old   #5
 
elite*gold: LOCKED
Join Date: Oct 2016
Posts: 286
Received Thanks: 76
Well you can use Appserver but also you can use xampp but you'll need to disable some modules and protect your htdocs at max. Well i kinda recommend to use a vm machine with linux for just webhost but that's not necessary if you wanna go with winsv12.
Just delete webdav and his access, protect your htdocs (use htaccess rules) and also disable some unecessary modules.
You can google more about it
Underfisk is offline  
Thanks
1 User
Old   #6
 
elite*gold: 0
Join Date: Jul 2015
Posts: 405
Received Thanks: 115
thats why i stop using xampp long time ago.

Action10 maybe here you find something
[DEV]Dekaron is offline  
Thanks
1 User
Old   #7
 
elite*gold: 0
Join Date: May 2012
Posts: 253
Received Thanks: 132
thankyou!
i have change all id pw xamp but people continued hacking now i will try this!
Action10 is offline  
Old   #8
 
elite*gold: 0
Join Date: Jul 2015
Posts: 405
Received Thanks: 115
you're welcome Action10 but i suggest using nginx i think one of best web server i ever see.
[DEV]Dekaron is offline  
Old   #9
 
elite*gold: 0
Join Date: Jun 2013
Posts: 371
Received Thanks: 168
First.

Deleted Webdav folder from c:/xampp
Deleted PhpMyAdmin Folder from c:/xampp and use Navicat for Manage your databases.


Two:
Use cloudflare dns for more secure again ddos attack in the domain.. Only in the domain :P
Farius~ is offline  
Old   #10
 
elite*gold: 0
Join Date: May 2012
Posts: 253
Received Thanks: 132
i've do this!
Deleted Webdav folder from c:/xampp
i rename PhpMyAdmin Folder from c:/xampp
and fix again all pw DB Sql and MySql Xamp
and people continue hacking db

You must register and activate your account in order to view images.

i'm using this page register

Quote:
<?php

// fill in your mssql info here
$mssql = array(
'host' => "127.0.0.1",
'user' => "sa",
'pass' => ""
);

echo "<center>";

if($_POST['activ'] == '1') {

$con = mssql_connect($mssql['host'],$mssql['user'],$mssql['pass']);

$result1 = mssql_query("SELECT * FROM account.dbo.USER_PROFILE WHERE user_id = '".$_POST['accname']."'",$con);


$row1 = mssql_num_rows($result1);


$dk_time=strftime("%y%m%d%H%M%S");
list($usec1, $sec1) = explode(" ",microtime());
$dk_user_no=$dk_time.substr($usec1,2,2);


if(empty($_POST['accname']) || empty($_POST['accpass1']) || empty($_POST['accpass2'])|| empty($_POST['accname']) || empty($_POST['accmail'])) {
echo "<br>You didnt fill in all fields<a href='javascript:history.back()'>Go Back</a>";
} elseif($row1 > '0' || $row2 > '0') {
echo "<br>This Account name already exists.<a href='javascript:history.back()'>Go Back</a>";
} elseif($row3 > '0') {
echo "<br>This E-Mail is already in use.<a href='javascript:history.back()'>Go Back</a>";
} elseif($_POST['accpass1'] != $_POST['accpass2']) {
echo "<br>The passwords did not match<a href='javascript:history.back()'>Go Back</a>";
} elseif($_POST['accpass1'] == $_POST['accname']) {
echo "<br>Account name and password are the same.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $_POST['accname'])) {
echo "<br>Enter a account name only with 0-9 , a-z and A-Z.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^[0-9a-zA-Z]{3,15}$/i", $_POST['accpass1'])) {
echo "<br>Enter a password only with 0-9 , a-z and A-Z.<a href='javascript:history.back()'>Go Back</a>";
} elseif(!preg_match("/^\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*$/i",$_POST['accmail'])) {
echo "<br>Your e-Mail is not correct.<a href='javascript:history.back()'>Go Back</a>";
} elseif(strlen($_POST['accname']) < 3 || strlen($_POST['accname']) > 15) {
echo "<br>The Accountname must at least 3 indications long and may maximally 15 indications long.<a href='javascript:history.back()'>Go Back</a>";
} elseif(strlen($_POST['accpass1']) < 3 || strlen($_POST['accpass1']) > 15) {
echo "<br>The Password must at least 3 indications long and may maximally 15 indications long.<a href='javascript:history.back()'>Go Back</a>";
} else {

$accpass = md5($_POST['accpass1']);

mssql_query("INSERT INTO account.dbo.USER_PROFILE (user_no,user_id,user_pwd,resident_no,user_type,lo gin_flag,login_tag,ipt_time,login_time,logout_time ,user_ip_addr,server_id) VALUES ('$dk_user_no','".$_POST['accname']."','".$accpass."','801011000000','1','0','Y','".$ date."',null,null,null,'000')",$con);


echo "<center><b><u>The account was successfully created. Have fun !</b></u></center><br><br>";
echo "<center>Here is your login info again:</center>";
echo "<center>Your account name is: <b>".$_POST['accname']."</b></center>";
echo "<center>Your password is: <b>".$_POST['accpass1']."</b></center>";
echo "DO NOT LOOSE THIS INFO, YOU MAY WRITE IS DOWN AND HIDE IT";
}

} else {

$con = mssql_connect($mssql['host'],$mssql['user'],$mssql['pass']);
$result1 = mssql_query("SELECT * FROM account.dbo.USER_PROFILE",$con);
$row1 = mssql_num_rows($result1);

echo "<center><b><u>This time we have ".$row1." Registed Accounts on our Server<br>Join us.</b></u></center><br>";
echo "<form action='".$_SEVER['PHP_SELF']."' method='POST'>";
echo "<center><table>";
echo "<tr><td colspan='2' align='center'><b><u>Your Account Info</u></b></td></tr>";
echo "<tr><td>Account Name</td><td><input type='text' name='accname' maxlength='12'></td></tr>";
echo "<tr><td>Password</td><td><input type='password' name='accpass1' maxlength='12'></td></tr>";
echo "<tr><td>Again pass.</td><td><input type='password' name='accpass2' maxlength='12'></td></tr>";
echo "<tr><td>&nbsp;</td><td>&nbsp;</td></tr>";
echo "<tr><td colspan='2' align='center'><b><u>Other account info</u></b></td></tr>";
echo "<tr><td>Email</td><td><input type='text' name='accmail' maxlength='50'></td></tr>";
echo "<tr><td>&nbsp;</td><td>&nbsp;</td></tr>";
echo "<tr><td colspan='2' align='center'>
<input type='hidden' name='activ' value='1'>
<input type='submit' value='Create Account'></td></tr>";
echo "</table></center>";
echo "</form>";

}

echo "</center>";

?>
Action10 is offline  
Thanks
1 User
Old   #11
 
elite*gold: 0
Join Date: Nov 2007
Posts: 6
Received Thanks: 0
It is awesome with that kinda input in the database
tno1 is offline  
Old   #12
 
elite*gold: LOCKED
Join Date: Oct 2016
Posts: 286
Received Thanks: 76
Please use a captcha script its more secure because someone can easily create a input script and randomly insert multiple accounts and its not a big deal.
Btw its not necessary use navicat for manage phpmyadmin, simply use another login details and as i said disable some modules and protect it.
Underfisk is offline  
Old   #13
 
elite*gold: 0
Join Date: Jun 2013
Posts: 371
Received Thanks: 168
Quote:
Originally Posted by Underfisk View Post
Please use a captcha script its more secure because someone can easily create a input script and randomly insert multiple accounts and its not a big deal.
Btw its not necessary use navicat for manage phpmyadmin, simply use another login details and as i said disable some modules and protect it.
Navicat is better than phpmyadmin and u can connect to sql server and mysql already help him, he not have anti gm hack, he uses sql server express and not have sql server agent for made jobs.
Farius~ is offline  
Old   #14
 
elite*gold: LOCKED
Join Date: Oct 2016
Posts: 286
Received Thanks: 76
Well i guess you're shooting in the dark saying that navicat is better but well i'll not discuss about that with you. Anyway if it helped him, it's nice to hear.
Underfisk is offline  
Old   #15
 
elite*gold: 0
Join Date: Jun 2013
Posts: 371
Received Thanks: 168
Quote:
Originally Posted by tno1 View Post
It is awesome with that kinda input in the database
By people like you the dekaron community on private servers is in the ****.
Believing they know everything and ******* those who strive to have a server.


Farius~ is offline  
Reply



« Previous Thread | Next Thread »

Similar Threads
Someone understand something about ''D3D'' in Pascal ?
So I want to create a menu in Perfect World windows , but I do not know where to start , I saw somethings about D3D but , I don't found noone teach...
2 Replies - PW Hacks, Bots, Cheats, Exploits
someone who can understand chinese
i need someone who can understand chinese please .. am trying to get something translated and google translation isnt good enough please pm me or...
0 Replies - Off Topic
Someone understand C# and Java code?
Someone understand C# and Java code?
12 Replies - Dekaron Private Server
Well Well Well
I see no server's for fun i mean 24'sSSSSSSS i can pay 20$ per moth only to play on it , many people will do that too cuz you can do all you whant...
3 Replies - 4Story
OK for the people that don't understand well
OK like iv said before many times now ' i'm editing the hole game 100% those armors is what im working off of ' and the max level 80 that was...
12 Replies - Shaiya



All times are GMT +2. The time now is 10:12.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2017 elitepvpers All Rights Reserved.