sql injections

[buzbee]

okay some people know me some dont

i am having some serious problems that just started occurring

obviously i have a descenyt db name cause people cant attack my db, but pewople are able to use the [';shutdown --] command in my registration script to stop my mssql service

any ideas why the anti-sql injection isnt working

i even installed a fresh copy of rosecp-ae and it still happens

[MentaL]

[daniel369]

if it's in your registration script , then just disable some words
like - "/" or "!@#$%^&(*)"
stuff like that
and i doubt it has to do with the website , cuz i've never heard about crushes using the web server o,O it's not related..
anyways , which files are you using?
and rechange you'r dbs
all of them , and download firewall/anti virus , depends on your computer/host
if it's not acrutus , just delete that command from your files
if it is , then your screwd

[buzbee]

icon and myself have been over this several times, we have tried several methods of stopping the injection
i use
peergaurdian
xampp
arcturus
dyeprey's rosecp-ae with the bugfix
and still get this small security hole
my db's are 100% secure

it is the ';shutdown-- command that people are using to stop my mssql service
it is in the file somewhere

everything else is fine, its just that dyeprey's cms isnt blocking the sql injections
even if i alter the sql injection with my db names i can still inject
dyepreys cms just isnt working and i dont know why

[daniel369]

ohh i c
the thing i'm using is really simple
get another host -.-
linux 1 ..
so there's 0% chance of closing your sql.
that what i did

[buzbee]

so what your saying is host my website on a linux server, and the rest on my win server?
doesnt really make much sense to me
i would rather have good anti sql injection method on my register script than another server to deal with

[daniel369]

umm , first of all , you can host your download link on the lin serv.
second , your site will move much faster , cuz the imgs and stuff like that on another host.
plus your game server will move faster , cuz no 1 downloads stuff , or watching imgs.

or just block content in your registeration script ..
the best way in my opinion is , ask from a profesional securty guy to secure your site..
but they kind of expensive so your choise

EDIT:
there's a program named:
"actunix web scaner"
download and scan your website
it finds 90% of all the site holes .
all the hackers uses it to get some holes in your site , after that they think about how can they use those holes.

[buzbee]

i have a nix box at my disposal and i have several other things at my disposal,
my concern is that i dont want to take the 2-5 hours to do the massive website transfer
my site and community grew faster than i thought it would,
without me trying to compete with the big name servers

but my server still isnt big enough to run off of 2 servers imo

i dont know but thanks for the replies daniel

[daniel369]

u don't have to transfer your sql..
just the site , and change your config.php or w/e your using to the remote ip of the server
instead of localhost
anyways , thats just a suggestion , you don't have to do it

if it wont work , you can easly change it back to the way it was
and BTW , remember to DELTE your xamp/appserv on your win serv
then , there will be no DDOS aviable , and sql shut downs