Hacker just change ALL usernames without going into the server

[UartigZone]

The title say it all..

A hacker change ALL usernames to Anymouse, Anonymouse1 and Captainghost ?

There is NOT any bug or exploit on the CMS, we are 3 people who have been looking in the CMS and all seems fine.

The hacker has doing this 4-5 times and we still don't know what and where the problem is?

The hacker came into the hotel, saying hello and then i saw he was typing a maybe command but there was nothing in cmdlog and chatlog and after that ALL usernames was changed ?

 

[RyanCrowderBarr]

what CMS and skin?

 

[Nicolajhansen97]

Have some problem, tried with so many cms.

 

[Wreckless]

The title say it all..

A hacker change ALL usernames to Anymouse, Anonymouse1 and Captainghost ?

There is NOT any bug or exploit on the CMS, we are 3 people who have been looking in the CMS and all seems fine.

The hacker has doing this 4-5 times and we still don't know what and where the problem is?

The hacker came into the hotel, saying hello and then i saw he was typing a maybe command but there was nothing in cmdlog and chatlog and after that ALL usernames was changed ?

What emulator are you using? If you say he maybe typing a "command" which is unlikely, but we've got to check all options also. Exploits can be in the emulator also.

 

[UartigZone]

What emulator are you using? If you say he maybe typing a "command" which is unlikely, but we've got to check all options also. Exploits can be in the emulator also.

Gold Tree Emulator 3.0
Can it be the emulator?

 

[Wreckless]

Gold Tree Emulator 3.0
Can it be the emulator?

It could be, by any chance, do you have "super" wired furni? I remember at one time in the past, there was a super "wired" added to Phoenix (GTE 3.0 is based off of Phoenix) that allowed you to update the database with an SQL from the Wired furni (was only supposed to be for Staff). I'm just curious if you have it on your hotel, maybe it got into this hacker's hands and they're just updating the database like that. Check the available commands for GTE 3.0; I also remember a command being coded a while back that would allow you to update the emulator directly from the Client. Remember, just because it's not in the cmdlogs does not mean a command isn't happening.

 

[The General]

How bout check your sql logs and webserver logs...

 

[TheBox]

It's a problem with your cms & hk security. I had the same issue and had to double check the coding.

 

[RyanCrowderBarr]

y u deleting all my posts wreckless... im trying to help him....

 

[UartigZone]

It could be, by any chance, do you have "super" wired furni? I remember at one time in the past, there was a super "wired" added to Phoenix (GTE 3.0 is based off of Phoenix) that allowed you to update the database with an SQL from the Wired furni (was only supposed to be for Staff). I'm just curious if you have it on your hotel, maybe it got into this hacker's hands and they're just updating the database like that. Check the available commands for GTE 3.0; I also remember a command being coded a while back that would allow you to update the emulator directly from the Client. Remember, just because it's not in the cmdlogs does not mean a command isn't happening.

I have both super wired for GTE and i will check it. I will write back in about 12 hours if the problem happen agian or if i find out of this.

It's a problem with your cms & hk security. I had the same issue and had to double check the coding.

I don't even have a HK and we have been 3 people who have been looking on all files on the server and everything looks fine.

How bout check your sql logs and webserver logs...

There is nothing...



The only fine i can see in the database is a wired before i delete the "items" table. I check the wired table:

extra1 has this: JPSQS
extra2 has this:76,77

Now the problem is i can't see what wired it is because i delete the items before i was looking in wired_items table..