hackers attack

[PapaSmurf]

For secure you server, plz rename all atum2 bases to &^$* XXXX bzzz or something like that.. and rename it in binary files of severs by HexEdit Too.

yesterday any deutshe shwine [ 93.193.209.147] tryed to destrtoy my db..
See ya mf :))
welcome in real world and fucked datasystem hahah :)

for next time.. - fully redundant system, all are doubled , real time backups for 7 days / every 1 hr ;)

I wish you more hope in next time if will be next - firewall logs with all your TEST";// commands are sended to FBI :)

See ya :)

[MentaL]

[laura555]

Is possible?
For me this lamah use script sql injection by use webpage.
I suspect you have simple webpage for registration, and this page not use filter example: SQL Injection Attacks by Example
Is possible by http execute script in url command line.
Question friend: You have page registration?

[jison]

:D hehehe

[foranyone]

send to FBI?

[Comet]

yesterday any deutshe shwine [ 93.193.209.147] tryed to destrtoy my db..

Who cares?

[DragonLord]

Enlighten me: How is renaming databases related to security?

[ItsameMario]

Hmmm, ok... FBI... "deutshe shwine"... you hit the wrong country ehhh

[laura555]

I'm not shure if change name db is protect, because my experience is in MYSQL and PHP by SQL INJECTION.
For my experience, if use php by simple registration and this script not have filter by examination strings, the hacker have possible inject string and change or modify or delete in database all dating.
in MYSQL and php the solution is descrived in function mysql_escape_string
But i'm first experience in MSSQL database. I study for solution security by interface php script registration. After time i post in section developer the security script by registration, payment and statistic charapter.....sorry....

[WARonline]

For secure you server, plz rename all atum2 bases to &^$* XXXX bzzz or something like that.. and rename it in binary files of severs by HexEdit Too.

yesterday any deutshe shwine [ 93.193.209.147] tryed to destrtoy my db..
See ya mf :))
welcome in real world and fucked datasystem hahah :)

for next time.. - fully redundant system, all are doubled , real time backups for 7 days / every 1 hr ;)

I wish you more hope in next time if will be next - firewall logs with all your TEST";// commands are sended to FBI :)

See ya :)

1st of all, your server is illegal.
2nd of all, If you try to reach FBI or who you wanna call, they will take you without discussions.
3rd of all, is still not secure if you change the database names.
4th of all, if you change database names, nothing will work.
5th of all, if you do it, then, you will need to recreate the entire scripts of each important procedure, table, bins, configs, ACEonline.atm, AdminTool, SCMonitor + other programs in order to connect your server to the new named databases.

And a lot of other things.

The weird thing is that you said your server can't be hacked. And it happened.

I know who to blame on. FauconSimca15. He deleted my FTP Files few days ago and he thought that this is hack. Also Dark-Rivals they had the same problem from this FauconSimca15.
Now police department has opened a case on his name. I can call the authorities, but you can't, because they will put you to "thumbs up" instead of catching the guy who hacked.

[laura555]

Hey Darkmandos, the solution is:
ftp server not active in server game but in other Internet Service Provider.
http server web for page html and download file installation not active in server game but in Internet service Provider.
only file Launcher.atm by hexeditor have page for registration, but this page redirect in your server for connection database:
Example:
Create site in other free website domain,
insert this the files http and not php files because dont work external connection in database setting.
ftp active in free website domain for update version game.
in free website domain create page for request by Launcher.atm
and in this page create redirection page php:
------------------------------------
<? header("location: http://195.64.12.166/register.php"); ?>
------------------------------------
For security php POST (filter blocked the Slash function: / )
Example hack bypass:
-------
$userid= $_POST[username];
$passwd_user=$_POST[password1];
$mail_user=$_POST[mail1];
-------
the external hacker have possible change script for request
or chenge or modify database.

security script:
----------------------------
$userid= htmlspecialchars($_POST[username]);
$passwd_user= htmlspecialchars($_POST[password1]);
$mail_user= htmlspecialchars($_POST[mail1]);
$userid = stripslashes($userid);
$passwd_user = stripslashes($passwd_user);
$mail_user = stripslashes($mail_user);
----------------------------
This filter blocked another char!
Dont accept /
SQL INJECTION is blocked!

[WARonline]

Hey Darkmandos, the solution is:
ftp server not active in server game but in other Internet Service Provider.
http server web for page html and download file installation not active in server game but in Internet service Provider.
only file Launcher.atm by hexeditor have page for registration, but this page redirect in your server for connection database:
Example:
Create site in other free website domain,
insert this the files http and not php files because dont work external connection in database setting.
ftp active in free website domain for update version game.
in free website domain create page for request by Launcher.atm
and in this page create redirection page php:
------------------------------------
<? header("location: http://195.64.12.166/register.php"); ?>
------------------------------------
For security php POST (filter blocked the Slash function: / )
Example hack bypass:
-------
$userid= $_POST[username];
$passwd_user=$_POST[password1];
$mail_user=$_POST[mail1];
-------
the external hacker have possible change script for request
or chenge or modify database.

security script:
----------------------------
$userid= htmlspecialchars($_POST[username]);
$passwd_user= htmlspecialchars($_POST[password1]);
$mail_user= htmlspecialchars($_POST[mail1]);
$userid = stripslashes($userid);
$passwd_user = stripslashes($passwd_user);
$mail_user = stripslashes($mail_user);
----------------------------
This filter blocked another char!
Dont accept /
SQL INJECTION is blocked!

You can't block a pro hacker. Trust me.

[laura555]

I trust you...the problem is because this source and configuration is simple hacked by interception default configuration.
The classic atum and callweb is first problem.
hackshield in game is not complete security 100%
SQL INJECTION have other sistem bypassing, i study other filters
but need information to hack database by hacker.
If problem is in php code...i'm here,
if problem is other....i'm here for study solution and vulnerability servers and mssql server.
For me, the security is in local connection by mssql and not external connection.
Require information for this hacking.
i want wrote at hacker for this violation mode.

[WARonline]

The best way, if your server is legal, report them to IC3, and they will take care of it if you catch at least the IP who did hack your systems, and also if you got any proves.

If you do that, next time won't be anymore, because he will face police.

I already did for mister FauconSimca15 (he is a good hacker) but he mess up by hacking my website. IC3 will take care of him with real authorities.
Nothing else to comment anymore.

[Grott]

Also, please note RUMETAL, the presence at this forum. I think that all this is not without its participation.
Believe me, there is reason. Look at both of whom are helping here. These rats will put all of your server.

[WARonline]

Also, please note RUMETAL, the presence at this forum. I think that all this is not without its participation.
Believe me, there is reason. Look at both of whom are helping here. These rats will put all of your server.

No proves. So he will escape from this (if he participated to what FauconSimca15 did).