Hacking

[foxzone33]

Hello everyone.

I have a 2.2.3.2 rf server. I got all the protection which is needed. I got the dev-corp serverside protection to be exact. I have a player in my server that is probably using a WPE. Im not quite sure tho. But everytime I banned this guy, 3 to 4hrs later hes gonna come up with another char with all +7upgrade and all gm eles. This guy has been doing this for about a week now and all I do is banned him. I dunno if this guy has access to my SQL.


Any advice that you guys csn give?

I would appreciate your advice.

[MentaL]

[lifestream]

vulnerable gamecp. So hes ether got admin access or sql injecting.

[foxzone33]

vulnerable gamecp. So hes ether got admin access or sql injecting.

how do I check if theyre doing sql injection?

[lifestream]

Well idk what gamecp you are using. u can start by changing the sql passwords and look at gamecp logs if any of the gm accounts is used to give items (leaked/shared info).

ur best bet to catch injections is to run sql pro filer - but there will be loads of data to go through and find any unusual queries.

[foxzone33]

vulnerable gamecp. So hes ether got admin access or sql injecting.

how do I check if theyre doing sql injection?

I dont think they have admin acc

Well idk what gamecp you are using. u can start by changing the sql passwords and look at gamecp logs if any of the gm accounts is used to give items (leaked/shared info).

ur best bet to catch injections is to run sql pro filer - but there will be loads of data to go through and find any unusual queries.

im using intrepids game cp. i checked all my logs and I dont see no giving going on. So the best bet is SQL injection. do they have any tools that you can buy to filter the unwanted injections? does anyone offer those kind of security?

[lifestream]

also make sure al lthe ports are blocked, besides the updater,web and login/server. you may have controlserver access open.

[foxzone33]

also make sure al lthe ports are blocked, besides the updater,web and login/server. you may have controlserver access open.

what port is that?

[foxzone33]

also make sure al lthe ports are blocked, besides the updater,web and login/server. you may have controlserver access open.

do you know whos selling a filther for anti sql injection? life for example it will only takw commanda from a certain ip?

[lifestream]

10001, 27780 besides launcher 80/8080/10007 and rdp port are the only ones u really need to open.

[likertuban]

don't open port for control server,
use it only on local...
change sql, and .ini password...
use different user and password for account, and zone server...
block any unused port...
check your firewall and port forwarding...
and check for backdoor...

[lifestream]

and no.. anti sql ijnject software doesn't exist. Software that is coded as inject safe is the only solution.

[sadi]

Change (% god hand)

[foxzone33]

Change (% god hand)

I habe a custom gm commands.

[likertuban]

if you have custom GM command, then it's maybe SQL inject, or control server...

[foxzone33]

Change (% god hand)

I habe a custom gm commands.

if you have custom GM command, then it's maybe SQL inject, or control server...

so I have to clear the port? and what do you mean control server?

[likertuban]

I habe a custom gm commands.

so I have to clear the port? and what do you mean control server?

i mean RF manage tool...
don't used it, don't open port for manage tool,
-clear port on firewall and port forwarding
-use different account and privillage for RF_user and RF_World in sql also in *.ini (make custom account name, don't use 'sa')
-make sure there's no sql injection

[foxzone33]

i mean RF manage tool...
don't used it, don't open port for manage tool,
-clear port on firewall and port forwarding
-use different account and privillage for RF_user and RF_World in sql also in *.ini (make custom account name, don't use 'sa')
-make sure there's no sql injection

what do you mean make sure no sql injection? that means once ita injected its always going to be injected?

[foxzone33]

what do you mean make sure no sql injection? that means once ita injected its always going to be injected?

unless you clean it?

[likertuban]

no, sql injection usually change your query...
but, it's possible to destroy your entire server, because someone can get full access on your sql database with sql injection
and scan your server, make sure no backdoor...

[foxzone33]

Now it make sense to me. I have a lot of port that is not meant to be open. Probably thats how everything got started. i even have a port on msql that is also open -_______-

BTW question do i need to use outbound as well? Or no outbound needed?

[dodojimbun]

1. block tcp and udp inbound and outbound for port

1433, 61433 (depend which sql port u open)
27000, 28000, 29000 (account server)
27555, 27556 (unused port of zoneserver)

*CMIIW

2. make a whitelist for ur IP

3. for make sure ur RDP is safe, change the port and dont forget whitelist it on firewall so u can connect, else u cant connect haha (find it @ google for how)

[likertuban]

i think sql port doesn't need to be opened? o.O
people can still play without opening sql port right? o.O

[sadi]

I habe a custom gm commands.

I think it takes a lot of work you want to enter from SQL
I also think he did not need to start from your
You should check the right GM
All the commands have changed
As long as you do even your GM account even if you can not work a success

- - - Updated - - -

There is also a
The first change the default account ControlServer_GloD.exe
Turn it off when not in use
Or do not open world

[makatekamo]

In my server i have a case like that , you must secure all your ports so the hacker will not be able to use injection.... And i guess you need to IP BANNED that hacker :)

[dodojimbun]

IP Banned? how bout usb internet user? hahaha or can use VPN :junglejane: