hackers attack

Quote:

---

Originally Posted by PapaSmurf

No problem - adres with map :)

http://english.yedang.co.kr/images/loc_p.jpg

---

Thank you.

Call them as i did it's more easier:)

so he will escape from this

Quote:

---

Originally Posted by laura555

Hey Darkmandos, the solution is:
ftp server not active in server game but in other Internet Service Provider.
http server web for page html and download file installation not active in server game but in Internet service Provider.
only file Launcher.atm by hexeditor have page for registration, but this page redirect in your server for connection database:
Example:
Create site in other free website domain,
insert this the files http and not php files because dont work external connection in database setting.
ftp active in free website domain for update version game.
in free website domain create page for request by Launcher.atm
and in this page create redirection page php:
------------------------------------
<? header("location: http://195.64.12.166/register.php"); ?>
------------------------------------
For security php POST (filter blocked the Slash function: / )
Example hack bypass:
-------
$userid= $_POST[username];
$passwd_user=$_POST[password1];
$mail_user=$_POST[mail1];
-------
the external hacker have possible change script for request
or chenge or modify database.

security script:
----------------------------
$userid= htmlspecialchars($_POST[username]);
$passwd_user= htmlspecialchars($_POST[password1]);
$mail_user= htmlspecialchars($_POST[mail1]);
$userid = stripslashes($userid);
$passwd_user = stripslashes($passwd_user);
$mail_user = stripslashes($mail_user);
----------------------------
This filter blocked another char!
Dont accept /
SQL INJECTION is blocked!

---

1st of all
:scared: you don't have any knowledge of php if you use these scripts... man , you are so fucking funny. If you have that security i can enter you DB in hmm max. 20 mins.

2nd of all
LoL ! If you wan't stop real hacker, not a stupid kid, dont use that script- it's shit.

3rd
In regpage you have all infos needed to log to your DB.

4th
If you really thiong about SOMETHING security you have to do some steps :) :

1. Change names , users of DB , best to XORed with your imaginary variable ex. +*(&%^&^#$@%&896({[1-=}990&ASfsa!@4 , uppercase and lowercase letters, punctuation marks spec, a lot of special characters.
2. If you have your FTP server in your
gameserver i see 3 options:
-change all ports of apache and add user can only read
and log to ftp
-buy a hosting
-change folder names in yor ftp to names like
(&%^&$%%$^#%Fsaghuk%&*&^$=-8 and write it on a
regular sheet of paper , I assure you , nobody steal
you that pass.

5th
In regpage don't use one file... Include other php file with your db acces data.

6th
Router with dynamic ip - you can manage ports which you want use.

And so I said too much but if you want to talk about security write PM, i can help you.

In summary, your security is ridiculous

I Greet