Register for your free account! | Forgot your password?

You last visited: Today at 02:11

  • Please register to post and access all features, it's quick, easy and FREE!

 

hacker trouble ?

Reply
 
Old   #1
 
elite*gold: 40
Join Date: Feb 2008
Posts: 1,069
Received Thanks: 626
hacker trouble ?

Dear users
this is something strange

a guy with the playername "GameOverؼ" have found a way to bypass the npc server

does some one know how to protect the server that this screenshot does not happen anymore ??

You must register and activate your account in order to view images.

i already applied some more security (secret to prevent more abuse) , but it would be nice if some one know how he dit it so i can secure it more

he also could bypass botjail ( even when the system detected him and placed him in botjail)

also he succesfull could bypass the ban command (account) based on his location with cheatime enabled (screenshot is after he is banned, can not confirm if it is same account or fresh account that dit this )

before claiming it was the db , the db is locked to localhost only xD (and some more ip lock arrangements to prevent unauthorised acces )

it would be nice to get some comment to see if i need to secure other things then what i already dit

Thank you
Greetings From PowerChaos



PowerChaos is offline  
Old   #2
 
elite*gold: 0
Join Date: Apr 2012
Posts: 94
Received Thanks: 45
WTH.. why he need to do this?.. did he steal your database too?


nomercyskin1 is offline  
Old   #3
 
elite*gold: 40
Join Date: Feb 2008
Posts: 1,069
Received Thanks: 626
like i say before
he dit not got acces to anything (as it is locked on ip for security)

but he found a way to alter the game ( msg server or npc server) and he also made it possible to spawn our event bosses all at the same time and kill it in less then 45 seconds ( spawning 3 differend bosses from 3 differend days and hours)

the thing i am intrested is to know how he dit it (so i can secure/confirm ), and if other users also got this before ?

Greetings From PowerChaos
PowerChaos is offline  
Old   #4
 
elite*gold: 50
Join Date: Oct 2008
Posts: 554
Received Thanks: 1,096
Ok ... so I will not give clear solution but let me give some tips:

1) First of all this issue is old and known since many years...
Here is first official posted request for help with this kind of attack:
[IMPORTANT]TQ Entering in PServers and Using CODES with Normal Player ?

2) TIP: Person who is doing this is originally from China and NO it has no relations with any TQ - he just try to molest your server - soon you should receive some kind of message asking to give money to stop ...

3) Blocking Chinese IPs will help only partially as this person will start using other IPs...

4) How this is being done:
this person MUST create account on your server and login. As being logged to Msg server he will start sending own additional packets to server as he wish... yes he knows how to ...
TIP: If you know how and what to do - simply use packet sniffer and record everything ... and start learning what is happening ...

Solutions?
* for sure ban all China, Korea and similar countried totally!
* start control of registration to your server - email confirmation or even by hand confirmation newly created accounts should help for a while...
* Learn from packets whats he's doing so you will start putting into server blocks to prevent this from happening - if you dont know how to start from no one will help you sorry...
*(added) Blocking proxies and voulnarable IPs under firewalls might help little bit as well (but still not ultimate solution!)

P.S.
You will ask how to know who he is? Well this is easly to know - if you know what you are doing...

Sorry if I didnt give clear solution but these tips should help to start somwhere

Remember - Eveyrthing is possible to stop - just sometimes need time to do this.. If you know how to learn on ongoing problems and can always make solutions - you have nothing to be worry ...

good luck


SoulNecturn is offline  
Thanks
1 User
Old   #5
 
elite*gold: 40
Join Date: Feb 2008
Posts: 1,069
Received Thanks: 626
Thank you
the solution was nice xD
but atleast now i know more info about it and how i can solve it (for the part that i dit not solve yet xD )

so far this only happend one time so he wont ask money to stop (else he was still buzzy)
on other side , if he does it again then i can continue to improve the security and then i know if it worked what i dit or not

Thanks for the reply
it was helpfull

Greetings From PowerChaos
PowerChaos is offline  
Old   #6
 
elite*gold: 50
Join Date: Oct 2008
Posts: 554
Received Thanks: 1,096
you can expect to see him again ... in my case he was for few days returning ... more like every 3/6 or even 24 hours after previous try...
just be prepared for actions and be sure to record all packets for time being... (observe all new created accounts!)

Anyway I am sure you know how to do it ... and yeah I am sure you will handle this as I know you are smart in these stuff So just take it in calm and with fresh mind

cheers
SoulNecturn is offline  
Old   #7
 
elite*gold: 20
Join Date: Mar 2008
Posts: 1,395
Received Thanks: 625
we found a solution, i did not see him return for like weeks.
magewarior2 is offline  
Old   #8
 
elite*gold: 0
Join Date: Jul 2012
Posts: 69
Received Thanks: 48
Hey Demon Long time no see. Just FYI checked your site. It's vulnerable to XSS and SQL Inj bud. Might wanna fix those ^^
Timore[PM] is offline  
Thanks
1 User
Old   #9
 
elite*gold: 40
Join Date: Feb 2008
Posts: 1,069
Received Thanks: 626
Thanks for letting me know
i only wonder what kind of XSS has to do with php ( Cross Site Scipting ?) when i do not even use cookie's

also for the sql injects can you point me to where and what kind of injects ?
i sadly enouf do not have any knowledge/trouble with those before so got no idea how to solve them

only solution i know is serialising the sql data , but that part is done ( where needed ) and some other checks are implented to prevent abuse code ( where needed )

Greeting sFrom PowerChaos
PowerChaos is offline  
Old   #10
 
elite*gold: 0
Join Date: Feb 2013
Posts: 72
Received Thanks: 9
same situation .. he login to my server and insert / update all account with 1b Eudemon Point .
HauntedEudemon is offline  
Old   #11
 
elite*gold: 40
Join Date: Feb 2008
Posts: 1,069
Received Thanks: 626
Quote:
Originally Posted by HauntedEudemon View Post
same situation .. he login to my server and insert / update all account with 1b Eudemon Point .
i dint got trouble anymore from him so far xD
i can suggest to lock all ports that are not needed so they can not directly acces it
and also make sure that mysql is not available except for localhost

Greetings From PowerChaos
PowerChaos is offline  
Old   #12
 
elite*gold: 20
Join Date: Sep 2007
Posts: 1,767
Received Thanks: 1,692
If you use a powerful MySQL handling class in PHP you can be pretty certain that SQL injection won't occur, like PDO.


funhacker is offline  
Reply



« Previous Thread | Next Thread »



All times are GMT +1. The time now is 02:11.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2017 elitepvpers All Rights Reserved.