hacker trouble ?

PowerChaos · 02/24/2014, 18:17

Dear users
this is something strange

a guy with the playername "GameOverؼ" have found a way to bypass the npc server

does some one know how to protect the server that this screenshot does not happen anymore ??

i already applied some more security (secret to prevent more abuse) , but it would be nice if some one know how he dit it so i can secure it more

he also could bypass botjail ( even when the system detected him and placed him in botjail)

also he succesfull could bypass the ban command (account) based on his location with cheatime enabled (screenshot is after he is banned, can not confirm if it is same account or fresh account that dit this )

before claiming it was the db , the db is locked to localhost only xD (and some more ip lock arrangements to prevent unauthorised acces )

it would be nice to get some comment to see if i need to secure other things then what i already dit

Thank you
Greetings From PowerChaos

nomercyskin1 · 02/24/2014, 20:36

WTH.. why he need to do this?.. did he steal your database too?

PowerChaos · 02/24/2014, 20:50

like i say before
he dit not got acces to anything (as it is locked on ip for security)

but he found a way to alter the game ( msg server or npc server) and he also made it possible to spawn our event bosses all at the same time and kill it in less then 45 seconds ( spawning 3 differend bosses from 3 differend days and hours)

the thing i am intrested is to know how he dit it (so i can secure/confirm ), and if other users also got this before ?

Greetings From PowerChaos

SoulNecturn · 02/24/2014, 22:38

Ok ... so I will not give clear solution but let me give some tips:

1) First of all this issue is old and known since many years...
Here is first official posted request for help with this kind of attack:

2) TIP: Person who is doing this is originally from China and NO it has no relations with any TQ - he just try to molest your server - soon you should receive some kind of message asking to give money to stop ...

3) Blocking Chinese IPs will help only partially as this person will start using other IPs...

4) How this is being done:
this person MUST create account on your server and login. As being logged to Msg server he will start sending own additional packets to server as he wish... yes he knows how to ...
TIP: If you know how and what to do - simply use packet sniffer and record everything ... and start learning what is happening ...

Solutions?
* for sure ban all China, Korea and similar countried totally!
* start control of registration to your server - email confirmation or even by hand confirmation newly created accounts should help for a while...
* Learn from packets whats he's doing so you will start putting into server blocks to prevent this from happening - if you dont know how to start from no one will help you sorry...
*(added) Blocking proxies and voulnarable IPs under firewalls might help little bit as well (but still not ultimate solution!)

P.S.
You will ask how to know who he is? Well this is easly to know - if you know what you are doing...

Sorry if I didnt give clear solution but these tips should help to start somwhere

Remember - Eveyrthing is possible to stop - just sometimes need time to do this.. If you know how to learn on ongoing problems and can always make solutions - you have nothing to be worry ...

good luck

PowerChaos · 02/24/2014, 23:02

Thank you
the solution was nice xD
but atleast now i know more info about it and how i can solve it (for the part that i dit not solve yet xD )

so far this only happend one time so he wont ask money to stop (else he was still buzzy)
on other side , if he does it again then i can continue to improve the security and then i know if it worked what i dit or not

Thanks for the reply
it was helpfull

Greetings From PowerChaos

SoulNecturn · 02/24/2014, 23:14

you can expect to see him again ... in my case he was for few days returning ... more like every 3/6 or even 24 hours after previous try...
just be prepared for actions and be sure to record all packets for time being... (observe all new created accounts!)

Anyway I am sure you know how to do it ... and yeah I am sure you will handle this as I know you are smart in these stuff

So just take it in calm and with fresh mind

cheers

magewarior2 · 03/20/2014, 22:56

we found a solution, i did not see him return for like weeks.

Timore[PM] · 03/21/2014, 15:21

Hey Demon Long time no see. Just FYI checked your site. It's vulnerable to XSS and SQL Inj bud. Might wanna fix those ^^

PowerChaos · 03/27/2014, 01:24

Thanks for letting me know
i only wonder what kind of XSS has to do with php ( Cross Site Scipting ?) when i do not even use cookie's

also for the sql injects can you point me to where and what kind of injects ?
i sadly enouf do not have any knowledge/trouble with those before so got no idea how to solve them

only solution i know is serialising the sql data , but that part is done ( where needed ) and some other checks are implented to prevent abuse code ( where needed )

Greeting sFrom PowerChaos

HauntedEudemon · 03/27/2014, 03:52

same situation .. he login to my server and insert / update all account with 1b Eudemon Point .

PowerChaos · 03/27/2014, 04:15

Quote:

Originally Posted by HauntedEudemon

same situation .. he login to my server and insert / update all account with 1b Eudemon Point .

i dint got trouble anymore from him so far xD
i can suggest to lock all ports that are not needed so they can not directly acces it
and also make sure that mysql is not available except for localhost

Greetings From PowerChaos

funhacker · 03/30/2014, 10:05

If you use a powerful MySQL handling class in PHP you can be pretty certain that SQL injection won't occur, like PDO.