rofl, i would love to see you try and hack one of those servers.
Why pointing at me? Oriya is the one who u should worry about But my prediction is if Oriya could get hundred bucks by just messing your server database i don't think he would stop now.
Reading threw all of these posts here is a idea if we can implement it on our servers. Why not just setup a validation packet that the server will allow the connection if it has this packet. And this packet is only included with the sro_client? But also for those of you that have servers up and you are the owners if you find out whos doing this, which you can by pulling logs im hoping you have logs bc if not then you are just dumb. But anyways if you own your own server and this happens to you then you can find out who is doing it and then sue them for lost of revenues and damagaes. Even though this is a illegal copy of the game they are hacking a server you are paying real money for. I know any servers hosted in the usa you can pursue this and the server host can hunt down whos doing it and file a case against them regardless what country they live in.
But back on topic here. Changing the ports wont work as someone said all they have to do is do a port scanner. I personally havent tested things to see where the problem lies in how secure everything is. But I went to college for networking engineer and there is a way to setup a validation packet on every single connection. The Us military does it with all of their logins to their network. To explain it a bit in more lamen terms though. Basically stating a validation packet meaning for database login set it up so only a ip can login to it. Like a certain town or city or a certain pc. if you limit who can login to your database or your main root of the server by a validation then you will knock out most of the hacks out there. Just a thought maybe this c++ coder could work on something like that for a fix. If I get time ill look at it and try to develop something like that and test it out and see if it works.
On waiting my thread validated by admins :
Sorry in advance for this proof exploit and for double post.
For shut up members who don't trust me this is a screenshot of EWsRO database I'm not a *******, I didn't touch his data. Please Admin of this server confirm my actions.
DB data exemple :
Connection with SMC :
If someone would want to check if his server is secured or he don't trust me, pm me tonight to prove you.
As I wrote I'm not a *******. It's for that I have never reveale or exploit this security hole.
B3nc0 has the solution to fix this problem! I spoke with him about the exloit .
If you want to resolve your problem the best solution it's to speak with him
benco I agree with you that this fix doesn't solve all the problem but it fixes a very important one.
I just check their cert and you're right they are NOT secure but neither are a lot of other servers I checked. However the servers who use this fix are save and I can't use this exploit anymore.
But once again there are tons of other security measures which you should take to make your server secure. Just this fix doesn't solve everything and their might be more stuff wrong with the certification server.
I knew this issue when I worked on a pserver project. I have talked about it to my friends but I didn't solve it do to a conflict with one memenber and I leaved project. But I'm not a cracker, I didn't reveale or exploited this issue.
Quote:
Originally Posted by gigola123
B3nc0 has the solution to fix this problem! I spoke with him about the exloit .
If you want to resolve your problem the best solution it's to speak with him
I'm currently experimenting an other hole issue. BUT if my hypothese is in the good way, this bug issue will not work.
For fixed server (like ClassOnline) admins :
Could you please contact me with PM forum and give me your new ports to trying my test ?
The certification server is probably [entry1] but just to be sure that it's the certification server check if the node_id=1 a few lines below this node_id= you can find a field called port and there you can change the port.
Before making a server, please think about private life and security of your members
simple words
learn basic server security
Quote:
Firewalls
If you don’t plan to run one of these, get your server off the net! Whether it’s a home server or corporate, you should have at least one firewall that is decent. Make sure it has the ability to block specific IPs/ranges, and also specific ports and applications. Basically, a firewall on a unsecured Windows 2000 installation can secure it well. You can make sure all ports are blocked, in exception of the server ones. For example, if all you are running is a HTTP server, you should only allow traffic to connect on port 80. Also, you will run into situations where someone is illegally trying to gain access to your server – with your firewall, you can simply block that IP address.
[Release] EliteSro - Certification Server[Untouched] 09/26/2021 - SRO Private Server - 22 Replies Link:
esro cert.rar (51,35 KB) - uploaded.to
Screen:
http://img17.imageshack.us/img17/8427/nonamegh.jp g
@Comments: All about security esro bro ;), secure your god damn server next time better.
i get an error when i try to compile my Custom Certification Server 03/23/2018 - SRO Private Server - 20 Replies as the title said after finish my cfg
i get that error
http://img836.imageshack.us/img836/2971/44069292. png
would any one help
please don't post useless posts :) thank you
[Release] Fixed Certification Server 03/05/2014 - SRO PServer Guides & Releases - 13 Replies This is a fix for the security hole inside the custom certification of drew.
I won't explain the details of this bug yet since other people could take advantage of the servers who aren't aware of this yet. But it is a really simple solution.
There might be a problem for some people since there are a lot of modified certification servers out there but I based this one on the originial cert server of drew which means that there should be an entry in the srNodeType.ini called "Certification...
problem with certification server 04/25/2010 - SRO Private Server - 18 Replies Hi guys!
I have a problem with the certification server in server files.
It can detect only the globalmanager..:S
the another servers aren't certificated.....
and I dont know why....can someone help me,please?
