Hacked?

Database is generating constantly random numbers and creating accounts with these numbers. In the recent database was hacked.How to prevent it ?

example
https://i.imgur.com/loHhpv4.png
https://i.imgur.com/loHhpv4.png

Protect your web?

I don't have panel at my website, he can't hack from there. i shared my information with the man who was hacked me

Change password , login , port

It is very easy to fix.
Exist a file in phyton to create flood 99999999x accounts emails and password. he usage Create Account ASPX via api request.
is easy to block, use your API to incriment a secret internal key. input API -> SQL and not Launcher -> API.

Here is the line to flood account, only incriment new string's and hide using SQL side. Good lucky!

Code:

---

Socket....
bla bla bla
Command use
print "-Tip on use : perl api.pl 1.1.1.1 80 /api/api_AccRegister.aspx 20\n";

$postit = "username=$mail$kapoom%40picanotambor.$mail&userid=$mail&password=CHAPADASSO111111&serial=&email=not%40used.de";

---

#Sorry bad eng.

i couldn't find anything like this

- - - Updated - - -

give me discord code bro

Quote:

---

Originally Posted by LukasCCB

It is very easy to fix.
Exist a file in phyton to create flood 99999999x accounts emails and password. he usage Create Account ASPX via api request.
is easy to block, use your API to incriment a secret internal key. input API -> SQL and not Launcher -> API.

Here is the line to flood account, only incriment new string's and hide using SQL side. Good lucky!

Code:

---

Socket....
bla bla bla
Command use
print "-Tip on use : perl api.pl 1.1.1.1 80 /api/api_AccRegister.aspx 20\n";

$postit = "username=$mail$kapoom%40picanotambor.$mail&userid=$mail&password=CHAPADASSO111111&serial=&email=not%40used.de";

---

#Sorry bad eng.

---

Quote:

---

Originally Posted by TheWoodPecker

i couldn't find anything like this

- - - Updated - - -

give me discord code bro

---

You cant find this on source code of course, he is talking about the method attacker uses.

You can add identification key parameter to register requests but if you are facing aganist someone who can reverse engineer your launcher requests this wont work, proper way would be implemeting some methods to block spam attacks.

Ex:
- User Agent and Session Verification
- Using of Captcha based registration systems instead of completely trusting the packet source.

[mental]Probably your database has been hacked by someone or someone used your default API key to create a simple program or script to make simple requests by post in your api and generated several random users passing random strings in the parameters.[/mental]

[mental]To solve this problem just:[/mental]

[mental]1) Change your api key in your api[/mental]
[mental]2) Make sure your website or api is not vulnerable and change all user passwords in your database[/mental]

[mental]One way to prevent registre spam is by adding one account per ip in your database.[/mental]

@IKaruzI15 already wrote yesterday what he did to you, but he removed later what he have written.

so i guess talk to him

@Sylvanas1234 I have not deleted anything, has been deleted by a mod or someone else with more power.

Quote:

---

Originally Posted by IKaruzI15

@Sylvanas1234 I have not deleted anything, has been deleted by a mod or someone else with more power.

---

Well, I accidentally deleted something:blink: