Some kind of Hackers on your server (arcturus server)

[harry12]

i remember this stat hack before, bretts proxy is it? use on prose before..

we've made our server up and fix the error with a help of payed dev,
we also manage to fix the server freeze.

well these days our server run for almost 2weeks and peeked maximum of 100+ players online
but theres unknown hacker that can edit stats and zulies. SQL injection maybe? so how we can sure that our files, mssql database are secured? we already even setup ddos protection tho
i saw this on our logs files, using zcools release alliance rose view character reports



probably he troll on the server. look at hes username and emaill add
btw we use hijacob server files, asked him about 12hrs ago waiting for reply and asking if hes file are secure.

[MentaL]

[Kingdom Rose]

You might need to look for the protection in osrose forums you might find the sql query to fix this

[hijakob]

I've heard about these things earlier.

I'm sorry this is happening and you're being attacked by a virgin who's life must be empty and feeling sorry for him to be terrified by a pinoy server that casts its shadow on his small nuts.

Sadly I have no ideas how he proceeds.

If anyone knows how this works, I will do my best to help you sort this out.

Your website isn't secure regarding SQL injections you should have that fixed.

And even if he does hack from InGame, you can setup an email verification check, that will prevent him from making accounts as he uses shit email adresses.

I just hope for you his life doesn't sucks enough for him to make 200 email adresses.

I never said my files were hackerproof. I just said they were working. And they are.

Now what we have to do is to point out how what he's doing works, and we'll be able to fix it.

Just remember I'm supporting you.


Hij.

[ihaki]

This guy is french

[zcool1956]

At one time ICON had addressed this and his suggestion was to take the sql files and rename them to something else.

Example: seven_ORA = partytime

SHO = mygame

Then have the ODBC point to your new sql file names. The reason for this is everyone knows the names of the sql files.

This is only one small way to try and stop sql injection but there are more advanced way's of doing which I do not have the knowledge of...But if a person that is just learning how to hack or a kid that is doing this for the hell of it or is mad at you for some reason this might stop them.

[ihaki]

Ofc, change your db names to random ones.

[hijakob]

Told them in the first place that DB names had to be changed. But it seems they did not take that advice seriously.

The kid responsible of this used SQL injections. He used their website (RoseCP) wich is known to have that security leak.

There are only few ways to fix this.

1) You have enough PHP/MSSQL knowledge to make your own filter to avoid these kind of injections or you know someone that can do it for you.

2) You go for a totally new website but this one requieres even more knowledge.

In both cases, you will have to change your DB names for more security, you can even apply some more triggers inside your databases to prevent injections.


Hij.

[ihaki]

Php isn't that hard to learn, i suggest you to do that, it's fun and your website will be all yours ;)

[fawkeslinux]

Yup SQL injection.. Vuln. try Scan with Vulnerability scanner to your site.. to know were they possible to get in 2 ur DB
hacker also pwn to our server but i delete his access acc. but still can access bcoz he make a backdoor to our server.. to maintain access. i also agree to harry that rose kiorochi site have a vulnerability or someone reedit it to orig author and upload and make a vuln. to easily get in to DB hahaha..


sorry for my bad english.