how to block ip adress ? my server got hacked

[doomswind]

dear

how to block ip adress ? my travianx server got hacked,(inject sql maybe)
he can change his population and source, help me please

 

[rectifier]

dear

how to block ip adress ? my travianx server got hacked,(inject sql maybe)
he can change his population and source, help me please

Hacker used ddos attack on your host

See that you host has ban ip ability

 

[Grifit]

It's really tuff thing about ddosing, if you have dedicated server, ill make the tautorial soon how to defend 80% of dos DDOS or slowloris dos attacks. Using APF for whole server + mod_evasive mod for apache and mod_qos(more for centos users) for apache aswell.

 

[rectifier]

It's really tuff thing about ddosing, if you have dedicated server, ill make the tautorial soon how to defend 80% of dos DDOS or slowloris dos attacks. Using APF for whole server + mod_evasive mod for apache and mod_qos(more for centos users) for apache aswell.

Thx my friend, It's my problem too

If you could make a good tutorial for this it will be useful, I'll try to make some other account in this site just to like your post

Btw thx

 

[Dzoki]

He didnt ddos him. Try reading, he made sql injection and now he can change everything in database.

 

[Grifit]

He didnt ddos him. Try reading, he made sql injection and now he can change everything in database.

WOW, no ideas to prevent from that... any suggestions? It never happend to me but, youll never know..

 

[Dzoki]

There are always ways to do that, I'm not that good to make it so.

 

[NarcisRO]

dzoki...i'm waiting your server..please restart it from 0

---------- Post added at 01:26 PM ---------- Previous post was at 01:26 PM ----------

you are the best dev ever!!

 

[advocaite]

oh narcis where is the love you said that about me too lol

and sql injection is a matter of sanitizing all get and post request anything that has input that is procsed by user into sql can be injected unless sanitized

 

[rectifier]

WOW, no ideas to prevent from that... any suggestions? It never happend to me but, youll never know..

But ddos attacks are allways is on my server

Maybe one of my friends do it btw don't know how to defend server from those attacks

Can't one of friends make a tutorial for it (Prevent from ddos attacks)

Grifit can you make it, Cause you said you'll make, If can't no problem

But if can it'll be good


------------------------------
Question from advocaite :

Advocaite i downloaded Travianx v4 now but it seems it damaged ?

Are you still working on it or expired ?
 

 

[itay2277]

My friend know how to make sql injectond defend,i'll ask him,you'll get that,not worry .

 

[rectifier]

My friend know how to make sql injectond defend,i'll ask him,you'll get that,not worry .

Thx    

 

[advocaite]

function clean($str) {
 $cleaned = strip_tags($str);
 $cleaned = htmlspecialchars(mysql_real_escape_string($cleaned));
 return $cleaned;}

add to db_mysql.php and then call it like this

$database->clean($_POST[sommething]);

 

[itay2277]

function clean($str) {
 $cleaned = strip_tags($str);
 $cleaned = htmlspecialchars(mysql_real_escape_string($cleaned));
 return $cleaned;}

add to db_mysql.php and then call it like this

$database->clean($_POST[sommething]);

Faster than my friend probably..

 

[rectifier]

function clean($str) {
 $cleaned = strip_tags($str);
 $cleaned = htmlspecialchars(mysql_real_escape_string($cleaned));
 return $cleaned;}

add to db_mysql.php and then call it like this

$database->clean($_POST[sommething]);

What is this Script doing ?, We must add first code to db_mysql.php and add second code to it again or ...
 

 

[SlimShady95]

/**
 * Copyright by Manuel Mannhardt < manuel_mannhardt@web.de >
 * Skype: manuel.mannhardt
 */
function escape_pg() {
 	  if($_POST) {
		    foreach($_POST AS $key => $value) {
            if(is_array($value)) {
			          foreach($value AS $key2 => $value2) {
                    $_POST[$key2][$key2] = htmlspecialchars(mysql_escape_string($value2));
                }
            } else {
                $_POST[$key] = htmlspecialchars(mysql_escape_string($value));
            }
		    }
	  }
	
	  if($_GET) {
		    foreach($_GET AS $key => $value) {
			      $_GET[$key] = htmlspecialchars(mysql_escape_string($value));
		    }
	  }
}

Use this function.
Write escape_pg(); in some file, you ever include, for example config.php or something like that, then you don´t hava to escape all posts or gets ever

Function copyright by me, Manuel Mannhardt

greets Slim

 

[rectifier]

Which one is better to use then ?

advocaite's or yours ?

 

[Dave]

Use the one of SlimShady95.
If you use cookies then you need to add $_COOKIE too.

 

[rectifier]

Use the one of SlimShady95.
If you use cookies then you need to add $_COOKIE too.

I don't know about this scripts (Those codes are new for me)

Can you say where must i exactly copy scripts (to db_MYSQL.php?) and where must i call that functions that i copied ?

In which part i must add $_COOKIE ?

Can anyone of you give me an intelligible tutorial ?

wow it's new for me

---------- Post added at 07:05 PM ---------- Previous post was at 05:26 PM ----------

OK, If there is no more guidance then np

 

[bob9994]

There is always going to be ways to get hacked. SQL inject on server more than ever. Even more on servers running travianX. Not because it is bad coding but because the script is not 100% and all the loops and stuff (I don't know what to call it) have not been closed. Meaning that there is always going to be somewhere that you can get SQL injected until the script is finished and people start focusing on not getting hacked and actually fix all the opening that allow SQL injection.