Metin2 Hacked

[Reno31]

Hello Community,

My metin2 server has been hacked by hacker and crashed channels i dont know what was problem maybe exploit help me pls

Syserr:
EscapeString: FATAL ERROR!! not enough buffer size (dstSize 25 srcSize 13 src: Anonymous)

DB:

Process: FDWATCH: peer null in event: ident 24

ch1 Syserr:
EscapeString: FATAL ERROR!! not enough buffer size (dstSize 25 srcSize 13 src: dsadas)

[/exit]

Original Beitrag ist von DarkFire aus einem anderen Forum.

Quote:

I know that it's an old topic but some people have this problem nowadays too. I saw that if the server has this error , in his source , in guild_manager.cpp are this lines :

Code:

static char __escape_name[GUILD_NAME_MAX_LEN * 2 + 1];
	DBManager::instance().EscapeString(__escape_name, sizeof(__escape_name), static_cast<const char *>(gcp.name), sizeof(gcp.name));

	std::auto_ptr<SQLMsg> pmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
				get_table_postfix(), __escape_name));

I haven't the error and in my source i haven't this lines ^_^ . I don't know if it is the corret method to repair the problem , so make a backup befor compiling
Sorry for my bad english

[Reno31]

a guy attack my server i dont know how he create guild and server crash...

I have this on my sources:

static char __escape_name[GUILD_NAME_MAX_LEN * 2 + 1];
DBManager::instance().EscapeString(__escape_name, sizeof(__escape_name), static_cast<const char *>(gcp.name),
sizeof(gcp.name));
std::auto_ptr<SQLMsg> pmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
get_table_postfix(), __escape_name));