|
You last visited: Today at 01:55
Advertisement
Cryptic/Exotic/Free/Olympus Shaiya
Discussion on Cryptic/Exotic/Free/Olympus Shaiya within the Shaiya Private Server forum part of the Shaiya category.
12/10/2014, 17:19
|
#1
|
elite*gold: 0
Join Date: Nov 2011
Posts: 340
Received Thanks: 405
|
Cryptic/Exotic/Free/Olympus Shaiya
Yes I post in shaiya-pserver-advertising, apparently those server got hacked -> SQL injection
[makesure that you save the database every 24 hours or 12 hours or less, till there a fix]
is it true for Cryptic? Olympus?
Is there other server to?
Do you know who doing that?
Is there a way to stop it?
|
|
|
12/10/2014, 17:25
|
#2
|
elite*gold: 0
Join Date: May 2013
Posts: 518
Received Thanks: 805
|
Shaiya's that recently got hacked, or still in recover, Rose Shaiya, Olympus, Spectral, Tempest, Cryptic, Heroes, Free, Sanctuary, Crown, Implosion,not sure what else, but i am going to alert everyone this is not any attack to do with sql injections by php via, nor is it server files, it is a dll injection made by one person that was sold to another Korean dude then given to his Russian friend to re-code so the script to stop it was declined to protect against this attack, this is a serious attack because you will not be able to stop it unless you figure out the source, stop it and find out who it is. They will not stop so start rapping your database's up and making sure that you save the database every 24 hours. or 12 hours if you do not want a huge roll back.
|
|
|
12/10/2014, 17:27
|
#3
|
elite*gold: 0
Join Date: Jul 2012
Posts: 618
Received Thanks: 1,399
|
Quote:
Originally Posted by JujiPoli
Yes I post in shaiya-pserver-advertising, apparently those server got hacked -> SQL injection
|
You said it yourself, you post in the shaiya advertising section.
What exactly are you advertising?
|
|
|
12/10/2014, 17:28
|
#4
|
elite*gold: 0
Join Date: May 2013
Posts: 518
Received Thanks: 805
|
Quote:
Originally Posted by Agony69
You said it yourself, you post in the shaiya advertising section.
What exactly are you advertising?
|
No, he is only alerting the owners for each server, because its going to get out of hand with the two people doing the attacks.
|
|
|
12/10/2014, 17:29
|
#5
|
elite*gold: 0
Join Date: Nov 2011
Posts: 340
Received Thanks: 405
|
Yes, im trying to prevent server that didn't got hacked yet, please make sure you have a recent back up!, sorry agony for post here but it important.
|
|
|
12/10/2014, 17:30
|
#6
|
elite*gold: 0
Join Date: May 2013
Posts: 518
Received Thanks: 805
|
Here's a code made by a friend that was the orignal protection to stop the attacks but after they recoded the attack it can't stop it now. To understand in a bit to how it works, it's made for 2008.
Code:
{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil\fcharset0 Calibri;}}
{\*\generator Msftedit 5.41.21.2510;}\viewkind4\uc1\pard\sa200\sl276\slmult1\lang9\f0\fs22 /****** Object: DdlTrigger [ddl_trig_database] Script Date: 01/11/2010 19:05:57 ******/\par
\par
SET ANSI_NULLS ON\par
\par
GO\par
\par
SET QUOTED_IDENTIFIER ON\par
\par
GO\par
\par
\par
\par
CREATE TRIGGER [ddl_trig_Prevent_Drop_Database]\par
\par
ON ALL SERVER\par
\par
FOR DROP_DATABASE\par
\par
AS\par
\par
\par
\par
--log attempt to drop database\par
\par
DECLARE @db VARCHAR(209)\par
\par
SET @db = (SELECT 'Database Dropped Attempted by ' + CONVERT(nvarchar(100), ORIGINAL_LOGIN()) +\par
\par
' executing command: '+ EVENTDATA().value('(/EVENT_INSTANCE/TSQLCommand/CommandText)[1]','VARCHAR(229)'))\par
\par
RAISERROR(@db, 16, 1)WITH LOG\par
\par
\par
\par
--prevent drop database\par
\par
ROLLBACK\par
\par
GO\par
\par
\par
\par
SET ANSI_NULLS OFF\par
\par
GO\par
\par
SET QUOTED_IDENTIFIER OFF\par
\par
GO\par
\par
\par
\par
--turn on trigger\par
\par
ENABLE TRIGGER [ddl_trig_Prevent_Drop_Database] ON ALL SERVER\par
\par
\par
\par
\par
\par
--test trigger\par
\par
CREATE DATABASE test1\par
\par
\par
\par
DROP DATABASE test1\par
\par
\par
\par
Msg 50000, Level 16, State 1, Procedure ddl_trig_Prevent_Drop_Database, Line 11\par
\par
Database Dropped Attempted by TestSQLUser executing command: DROP DATABASE test1\par
\par
Msg 3609, Level 16, State 2, Line 1\par
\par
The transaction ended in the trigger. The batch has been aborted.\par
\par
\par
\par
\par
\par
--turn off trigger\par
\par
DISABLE TRIGGER [ddl_trig_Prevent_Drop_Database] ON ALL SERVER\par
\par
GO\par
\par
\par
\par
\par
\par
/****** Object: DdlTrigger [ddl_trig_Prevent_Drop_Database] Script Date: 01/11/2010 19:22:28 ******/\par
\par
IF EXISTS (SELECT * FROM master.sys.server_triggers WHERE parent_class_desc = 'SERVER' AND name = N'ddl_trig_Prevent_Drop_Database')\par
\par
DROP TRIGGER [ddl_trig_Prevent_Drop_Database] ON ALL SERVER\par
\par
GO\par
\par
\par
\par
--cleanup current errorlog\par
\par
sp_cycle_errorlog\par
}
|
|
|
12/10/2014, 17:35
|
#7
|
elite*gold: 0
Join Date: Jul 2012
Posts: 618
Received Thanks: 1,399
|
Quote:
Originally Posted by Twilight360
No, he is only alerting the owners for each server, because its going to get out of hand with the two people doing the attacks.
|
Quote:
Originally Posted by JujiPoli
Yes, im trying to prevent server that didn't got hacked yet, please make sure you have a recent back up!, sorry agony for post here but it important.
|
No matter of your reasons there are rules that you must follow. This is Advertising section. Just imagine what would happen if everyone just made random topics and didn't respect rules. Chaos. Simply chaos.
#Requesting topic to be moved. > http://www.elitepvpers.com/forum/shaiya-private-server/
|
|
|
12/10/2014, 17:41
|
#8
|
elite*gold: 0
Join Date: May 2013
Posts: 518
Received Thanks: 805
|
Quote:
Originally Posted by Agony69
No matter of your reasons there are rules that you must follow. This is Advertising section. Just imagine what would happen if everyone just made random topics and didn't respect rules. Chaos. Simply chaos.
#Requesting topic to be moved. > http://www.elitepvpers.com/forum/shaiya-private-server/
|
Question. Mod yes or no?
No?
Wait for mod to decide if this is something to pin, so after it is stopped then they can remove it? Have you thought of it? Because guaranteed That sig they will hit it as well if your advertising a server that is up in 21 hours, they will keep it down or you can understand why we need this to be pin, or no server will be up since they are not being stopped yet, didn't know nubness is coming back to shaiya by the name "Shaiya Invasion or did i?"
|
|
|
12/10/2014, 18:18
|
#9
|
elite*gold: 1
Join Date: Dec 2010
Posts: 33,275
Received Thanks: 5,709
|
#pinned until there is a fix.
Just search for one.
|
|
|
12/10/2014, 18:18
|
#10
|
elite*gold: 0
Join Date: Oct 2005
Posts: 184
Received Thanks: 84
|
How does these "hacks" work? it sounds like its something you must have installed on the server before it would take effect and not be triggered by outside sources. I am by no means expert on this.
|
|
|
12/10/2014, 18:21
|
#11
|
elite*gold: 0
Join Date: Nov 2011
Posts: 340
Received Thanks: 405
|
I have some new, but im not a pro, they inject via login of our game.exe -> a .dll
|
|
|
12/10/2014, 18:48
|
#12
|
elite*gold: 50
Join Date: Sep 2011
Posts: 408
Received Thanks: 1,262
|
Thats an injection but not a .dll one, all you have to do is write the injection to UserID part and boom.
|
|
|
12/10/2014, 18:53
|
#13
|
elite*gold: 0
Join Date: Nov 2011
Posts: 340
Received Thanks: 405
|
Quote:
Originally Posted by JuuF
Thats an injection but not a .dll one, all you have to do is write the injection to UserID part and boom.
|
Well atm servers "boom" fastly, until there a fix we need to save data each time we can
|
|
|
12/10/2014, 19:00
|
#14
|
elite*gold: 0
Join Date: Oct 2005
Posts: 184
Received Thanks: 84
|
Quote:
Originally Posted by JuuF
Thats an injection but not a .dll one, all you have to do is write the injection to UserID part and boom.
|
hmm if it was really that simple im surpriced this hasnt happened earlier. would encrypting the game.exe fix it?
|
|
|
12/10/2014, 19:03
|
#15
|
elite*gold: 50
Join Date: Sep 2011
Posts: 408
Received Thanks: 1,262
|
Quote:
Originally Posted by Psycnosis
hmm if it was really that simple im surpriced this hasnt happened earlier. would encrypting the game.exe fix it?
|
That has nothing to do with game.exe the problem is on ps_login.exe and yea it is really that simple.
|
|
|
All times are GMT +2. The time now is 01:55.
|
|