A hacker on my server.

[Linear88]

There's a hacker on my server and I did some tests on it.

First of all, I'm using the MPOG web and I've removed some exploits in it and changed some stuff.

The hacker isn't exploiting it. I did some tests.

He keeps picking the admin accounts with UGrade 252, 254, 255 and changing the passwords to the first row of the Login table (A user's password).

When an admin was on the server, I was chatting with him on msn and stuff and when he went back he was disconnected and tried to relog, but Gunz returned with a message, invalid password.

I then checked the db and had found out that the account passwords that the hacker changed only affected the admin accounts.

I believe he is using Kore.

Can someone help me? It's urgent.

EDIT: The moment he logs in, the Last IP is picked randomly from the DB, which makes it impossible to ban him. And each time I ban the IP he uses from the DB (another user's IP), he comes back, with the same password exploit.

[MentaL]

[Tman151]

Simple. Find out his IP, (and preferably his MAC address), and disallow any connections from his IP/MAC address to the website, and your server. Not to sure if it would work, I am to tired. XD

Or, fuck with him back.
Find his IP, send floods to his internet. (I can't think of the name, so I chose floods. :P)

[Linear88]

Simple. Find out his IP, (and preferably his MAC address), and disallow any connections from his IP/MAC address to the website, and your server. Not to sure if it would work, I am to tired. XD

Or, fuck with him back.
Find his IP, send floods to his internet. (I can't think of the name, so I chose floods. :P)

No, the moment he logs in, the Last IP is picked randomly from the DB, which makes it impossible.

[lxchadxl]

shutdown your website till you find a better way to secure ur db and ask all new members to add u on msn so u can manually add them to ur db :x lol

[Tman151]

Did ProjectX finally discover that SQL injection isn't hacking. :O
Joking....

I have never heard about the "IP randomly picked" thing.

[Linear88]

I have never heard about the "IP randomly picked" thing.

It's like, he used someone elses IP.

But most of the time, he does that. There's sometimes when he doesn't.

[Solaire]

No, the moment he logs in, the Last IP is picked randomly from the DB, which makes it impossible.

No it doesn't. GunZ updates the LastIP as soon as a login attempt is commited. Even if the password is incorrect.

Anyhow, just execute

UPDATE Account SET UGradeID = 0 WHERE UGradeID >= 252 AND UGradeID != 253

[Linear88]

shutdown your website till you find a better way to secure ur db and ask all new members to add u on msn so u can manually add them to ur db :x lol

Not a good idea..

New members can simply register via the website.

[Solaire]

Oh if you're using MPOG web, it's probably still exploitable. (Overreaded that part)

[Azet]

Its Sql Injection I think...

[wesman2232]

Oh if you're using MPOG web, it's probably still exploitable. (Overreaded that part)

yes still a lot of bugs to be fixed :D

[Linear88]

yes still a lot of bugs to be fixed :D

Could you name me some?

I imported some functions from the DarkGunz MPOG.

Only the player ranking, ventrilo and the my items thing. Nothing more.

EDIT: Found that he came back. Exploited an admin's account - only a single one.

Shut off the apache.

[wesman2232]

fix anti-sql injection (if you ever seen any of the posts by gWX0 then you should know it sucks xD),
then go though the login scripts and see if there is any bugs. Cause like you said he keeps logging in to do it so I would go from there.

Then make sure you fixed the bug in the forgot password script.

I can't name any for sure but if you fix any please contact me :D

[Linear88]

fix anti-sql injection (if you ever seen any of the posts by gWX0 then you should know it sucks xD),
then go though the login scripts and see if there is any bugs. Cause like you said he keeps logging in to do it so I would go from there.

Then make sure you fixed the bug in the forgot password script.

I can't name any for sure but if you fix any please contact me :D

It's impossible for me to fix the anti-sql function and replace it to Coldfx's, because on the registration page, it would remove the @ symbol for the email, making it impossible to register.

I'll check the login scripts.

The forgot password script has been fixed long ago by replacing the Step 3 thing.

I'll update you guys.