Hacked again

**Creativity** · 09-05-09

Right basicly someone out there must be having a laugh because my server has been hacked twice in 1 week, both times it has been the dbo.Character affected and i know for a fact that my anti sql injection script is up to date, this leads me to believe that it is packets being sent to the server or something similar.Also each time i notice that the remember password at the login has been unticked.

I would REALLY appreciate any ideas on how i can fix this as its really starting to get annoying restoring the database soo much

Thanks in advance

**MentaL**

**Nova** · 09-05-09

Don't use a site. Forms only.

All sites are exploitable / Injectable.
Also, it's in the structure of gunz to get hacked. I'm affraid.

**Team Dragon** · 09-05-09

the tings is u better quit coz tho u manage to prevent em from sql injection, they still can hack u from the match server unless u have anti cheat to prevent dlll injection

**Creativity** · 09-05-09

Well i'm no quitter, so telling me i better quit isn't gona make me :p Plus im sure everyone here started coding etc once. and where would you be if you quit.
If it can be fixed ill fix it, just need a little pointer in the right direction :P

**Team Dragon** · 09-05-09

^_^ good luck then
Im way better code my own game ^_^

**Creativity** · 09-05-09

lmaoooo showoff

**Team Dragon** · 09-05-09

Originally Posted by Creativity

lmaoooo showoff

at least i have what it take,,i can tak u down again if u want creativity gunz LMAO!!!

**Guy** · 09-05-09

Originally Posted by Nova™

Don't use a site. Forms only.

All sites are exploitable / Injectable.
Also, it's in the structure of gunz to get hacked. I'm affraid.

You're wrong.

Escaping/sanitizing data is all that it takes to prevent XSS or SQL injection type exploits. Restricting uploaded files to only specific extensions/filetypes prevents shell scripts from wreaking chaos, etc.

If your server has all applied patches, a decent software/hardware firewall (NOD32 is wonderful at detecting common attack schemas, such as certain shellcode scripts, e.g. c99), and you run limited accounts as much as possible for daemon software (e.g.: Run match server with a limited MSSQL account, not permitted to delete/drop rows/tables, etc) then you should be pretty safe.

Originally Posted by Team Dragon

at least i have what it take,,i can tak u down again if u want creativity gunz LMAO!!!

Just another kiddie - I'd love to see what your fields of expertise are.

**Solaire** · 09-05-09

Use str_replace() in combination with '. www.php.net/str_replace.

**Looky** · 09-05-09

Don't use regpage, create accounts manually for the moment

**Guy** · 09-05-09

Originally Posted by Wizkidje

Use str_replace() in combination with '. www.php.net/str_replace.

Why not just use preg_replace, to fit multiple replacements in one function call, instead of 3 separate str_replace calls?

Hacked again

Thread Tools

Search Thread

Hacked again

Re: Hacked again

Re: Hacked again

Re: Hacked again

Re: Hacked again

Re: Hacked again

Re: Hacked again

Re: Hacked again

Re: Hacked again

Re: Hacked again

Re: Hacked again

Advertisement