|
You last visited: Today at 16:32
Advertisement
[Few-Steps] To FiX your Server Security !
Discussion on [Few-Steps] To FiX your Server Security ! within the SRO Private Server forum part of the Silkroad Online category.
01/27/2012, 19:35
|
#16
|
Chat Killer In Duty
elite*gold: 5 
Join Date: May 2008
Posts: 16,397
Received Thanks: 6,509
|
Quote:
Originally Posted by LastThief
Ask yourself my friend
you said it's vb btw for your info vb doesn't use ; at the end of statement
btw added on my sig
|
you stole one of my quotes (Wery pro)
and guys, please, we got the point about his Nyan#(in fact is a funny name for it) but it has to stop
please guys, lets return to topic, or mods gonna close this
|
|
|
|
01/27/2012, 19:50
|
#17
|
elite*gold: 7
Join Date: May 2010
Posts: 2,115
Received Thanks: 2,374
|
Thread Updated :
The Most Important Part ,
If you use 2 dedi servers or more for 2 agents or more ,
So you are open farmmanager Ports ,
Oky after mints of hacking farmmanager security i find out that by small access to farmmanager from it's ports you could shutdown the SR_GameServer , shard and agent too
Also you could let the farmmanager send packets to GS which will make overflaw also could gives packets to shard and agents but GS is the mostly easy to take overflaw from stupid wrong packets send from FarmManager
Solve :
1 - Open TCP Port only for farmmanager in your Firewall
2 - block TCP and UDP ports for farmmanager in your firewall except to 1 ip this ip = ur other machine ip .
I think it's very clear now ,
Hope i help  ,
Quote:
|
Also thanks to the guy who help me with his dedi servers > That guy isn't memeber at Epvp .
|
|
|
|
|
|
01/27/2012, 20:03
|
#18
|
elite*gold: 0
Join Date: Feb 2010
Posts: 2,278
Received Thanks: 445
|
Quote:
Originally Posted by Dr.Abdelfattah
Thread Updated :
The Most Important Part ,
If you use 2 dedi servers or more for 2 agents or more ,
So you are open farmmanager Ports ,
Oky after mints of hacking farmmanager security i find out that by small access to farmmanager from it's ports you could shutdown the SR_GameServer , shard and agent too
Also you could let the farmmanager send packets to GS which will make overflaw also could gives packets to shard and agents but GS is the mostly easy to take overflaw from stupid wrong packets send from FarmManager
Solve :
1 - Open TCP Port only for farmmanager in your Firewall
2 - block TCP and UDP ports for farmmanager in your firewall except to 1 ip this ip = ur other machine ip .
I think it's very clear now ,
Hope i help , |
so this would happen if using 2 dedi s right?
but 1 dedi s no?
|
|
|
|
|
01/27/2012, 20:05
|
#19
|
elite*gold: 7
Join Date: May 2010
Posts: 2,115
Received Thanks: 2,374
|
Quote:
Originally Posted by rushcrush
so this would happen if using 2 dedi s right?
but 1 dedi s no?
|
ya but u also must close ports of farmmanager if u use 1 dedi ..
|
|
|
|
|
01/27/2012, 22:06
|
#20
|
elite*gold: 0
Join Date: May 2008
Posts: 41
Received Thanks: 22
|
Changing DB names is an excellent security measure, but I dont know which stored procedures that it effects?
|
|
|
|
|
01/27/2012, 22:08
|
#21
|
|
Chat Killer In Duty
elite*gold: 5
Join Date: May 2008
Posts: 16,397
Received Thanks: 6,509
|
Quote:
Originally Posted by hypnato
Changing DB names is an excellent security measure, but I dont know which stored procedures that it effects?
|
stored procedures are linked to the db in which they are, no matter the name
|
|
|
|
|
01/27/2012, 22:16
|
#22
|
elite*gold: 0
Join Date: Jan 2010
Posts: 1,484
Received Thanks: 809
|
Basicly a full guide to secure the server is download "nmap" scan your server for open ports.
- Get a firewall which can allow connections from a certain ip.
- Block ALL the ports of the iis, sql server ect ect just everything open at nmap and only allow the gateway download and agent and probably the ftp for crest stuff.
- Multiple servers well just allow the 2nd server to the ports of farmanager, agent, gameserver, shard, iis and sql server.
last thing you need are some brains nice most of the hacking stuff is too **** easy to prevent.
|
|
|
|
|
01/27/2012, 22:16
|
#23
|
elite*gold: 7
Join Date: May 2010
Posts: 2,115
Received Thanks: 2,374
|
Quote:
Originally Posted by PortalDark
stored procedures are linked to the db in which they are, no matter the name
|
You forgot that shard db call account db to take the silk amount for every player ,
Anyway here few steps but need to use ur mind
Now select all stored procedures , and drop as create , Now search for SRO_VT_ACCOUNT , find out all names of stored procedures which got SRO_VT_ACCOUNT and then change in them the account db name as u need but u need first to change ur account db name , and don't forgot there's some stored procedures got 2 times SRO_VT_ACCOUNT .
^
^
Quote:
Originally Posted by hypnato
Changing DB names is an excellent security measure, but I dont know which stored procedures that it effects?
|
Quote:
Originally Posted by kevin_owner
Basicly a full guide to secure the server is download "nmap" scan your server for open ports.
- Get a firewall which can allow connections from a certain ip.
- Block ALL the ports of the iis, sql server ect ect just everything open at nmap and only allow the gateway download and agent and probably the ftp for crest stuff.
- Multiple servers well just allow the 2nd server to the ports of farmanager, agent, gameserver, shard, iis and sql server.
last thing you need are some brains nice most of the hacking stuff is too damn easy to prevent.
|
You are right , But Most of people haven't Imagination Defaults !!!
|
|
|
|
|
01/28/2012, 08:26
|
#24
|
elite*gold: 0
Join Date: May 2011
Posts: 490
Received Thanks: 149
|
in my server.cfg port of farmmanager like the port of download server what i do?
|
|
|
|
|
01/28/2012, 16:00
|
#25
|
elite*gold: 7
Join Date: May 2010
Posts: 2,115
Received Thanks: 2,374
|
Quote:
Originally Posted by hamada619
in my server.cfg port of farmmanager like the port of download server what i do?
|
That's not farmmanager port , find out the port in srNodeData.ini ...
|
|
|
|
|
03/04/2012, 10:42
|
#26
|
elite*gold: 0
Join Date: Feb 2012
Posts: 30
Received Thanks: 0
|
fixed
|
|
|
|
 |
|
Similar Threads
|
[Guide][Security] Securing Your Server * 1x Game Server *
02/22/2017 - SRO PServer Guides & Releases - 18 Replies
Summary:
Alright, i know i haven't been around here releasing lately, been very distracted and have been resenting the ******** community, sorry i am back now and i will be writing some seriously amazing guides here! Noob friendly guides and other things too!
Objective
* We going to be managing the TCP connections and blocking the following ports -> 32000, 15880, 15882, 15885, 15883, 8080, 1433, 3306 <-
* Set mssql to local
* Set odbc to local
Result
|
[Guide][Security] Securing Your Server * 1x Game Server *
12/11/2011 - SRO Private Server - 9 Replies
Summary:
Alright, i know i haven't been around here releasing lately, been very distracted and have been resenting the ******** community, sorry i am back now and i will be writing some seriously amazing guides here! Noob friendly guides and other things too!
Objective
* We going to be managing the TCP connections and blocking the following ports -> 32000, 15880, 15882, 15885, 15883, 8080, 1433, 3306 <-
* Set mssql to local
* Set odbc to local
Result
|
Security Server
10/22/2010 - Metin2 Private Server - 2 Replies
bitte helft mir .. wie man einen Sicherheits-Server zu erstellen metin2 nicht kontrollieren meinem Server nicht, um eine Verbindung meine navicatul tun, was er will die GM-MNU machen
HELP Security server .. how to crate security server a Metin2 1 hacker to connect to my database and do gm .. I do not know exactly what he did.
and Crashed server
|
[HELP]Better Security for dk server
03/10/2010 - Dekaron Private Server - 13 Replies
hey guys this is my first post asking for help, and yes ive used the search alot. your not gonna see this alot from me because im trying to learn like the old dev's...but wanna try and avoid SQL injects and get an adminpanel working..for ipbanning. ive tried OSDS but ive been sql injected through that before thats why im asking for just alittle bit of help this time. if anyone has any tips for me to help make a better secure server then please by all means help me out just alittle bit.
props...
|
THQ v1.0 - Steps by steps instruction on how getting the hack to work
10/24/2009 - Dragonica Hacks, Bots, Cheats & Exploits - 41 Replies
I don't know if this is the right place to post it or not but can anybody who got the hack to work after v1.0 patch, please post it in here so we don't have a clutter of thread asking how to get to work...
People reporting that their hack still work
sexx, FamousOnion
Please give us info
OS
Server
|
All times are GMT +1. The time now is 16:33.
|
|
![[Few-Steps] To FiX your Server Security !](https://www.elitepvpers.com/forum/iconimages/sro-private-server/few-steps-fix-your-server-security_ltr.gif){kind=small}
