Re: A hacker on my server.
Simple. Find out his IP, (and preferably his MAC address), and disallow any connections from his IP/MAC address to the website, and your server. Not to sure if it would work, I am to tired. XD
Or, fuck with him back.
Find his IP, send floods to his internet. (I can't think of the name, so I chose floods. :P)
Re: A hacker on my server.
Quote:
Originally Posted by
Tman151
Simple. Find out his IP, (and preferably his MAC address), and disallow any connections from his IP/MAC address to the website, and your server. Not to sure if it would work, I am to tired. XD
Or, fuck with him back.
Find his IP, send floods to his internet. (I can't think of the name, so I chose floods. :P)
No, the moment he logs in, the Last IP is picked randomly from the DB, which makes it impossible.
Re: A hacker on my server.
shutdown your website till you find a better way to secure ur db and ask all new members to add u on msn so u can manually add them to ur db :x lol
Re: A hacker on my server.
Did ProjectX finally discover that SQL injection isn't hacking. :O
Joking....
I have never heard about the "IP randomly picked" thing.
Re: A hacker on my server.
Quote:
Originally Posted by
Tman151
I have never heard about the "IP randomly picked" thing.
It's like, he used someone elses IP.
But most of the time, he does that. There's sometimes when he doesn't.
Re: A hacker on my server.
Quote:
Originally Posted by
Linear88
No, the moment he logs in, the Last IP is picked randomly from the DB, which makes it impossible.
No it doesn't. GunZ updates the LastIP as soon as a login attempt is commited. Even if the password is incorrect.
Anyhow, just execute
UPDATE Account SET UGradeID = 0 WHERE UGradeID >= 252 AND UGradeID != 253
Re: A hacker on my server.
Quote:
Originally Posted by
lxchadxl
shutdown your website till you find a better way to secure ur db and ask all new members to add u on msn so u can manually add them to ur db :x lol
Not a good idea..
New members can simply register via the website.
Re: A hacker on my server.
Oh if you're using MPOG web, it's probably still exploitable. (Overreaded that part)
Re: A hacker on my server.
Its Sql Injection I think...
Re: A hacker on my server.
Quote:
Originally Posted by
Wizkidje
Oh if you're using MPOG web, it's probably still exploitable. (Overreaded that part)
yes still a lot of bugs to be fixed :D
Re: A hacker on my server.
Quote:
Originally Posted by
wesman2232
yes still a lot of bugs to be fixed :D
Could you name me some?
I imported some functions from the DarkGunz MPOG.
Only the player ranking, ventrilo and the my items thing. Nothing more.
EDIT: Found that he came back. Exploited an admin's account - only a single one.
Shut off the apache.
Re: A hacker on my server.
fix anti-sql injection (if you ever seen any of the posts by gWX0 then you should know it sucks xD),
then go though the login scripts and see if there is any bugs. Cause like you said he keeps logging in to do it so I would go from there.
Then make sure you fixed the bug in the forgot password script.
I can't name any for sure but if you fix any please contact me :D
Re: A hacker on my server.
Quote:
Originally Posted by
wesman2232
fix anti-sql injection (if you ever seen any of the posts by gWX0 then you should know it sucks xD),
then go though the login scripts and see if there is any bugs. Cause like you said he keeps logging in to do it so I would go from there.
Then make sure you fixed the bug in the forgot password script.
I can't name any for sure but if you fix any please contact me :D
It's impossible for me to fix the anti-sql function and replace it to Coldfx's, because on the registration page, it would remove the @ symbol for the email, making it impossible to register.
I'll check the login scripts.
The forgot password script has been fixed long ago by replacing the Step 3 thing.
I'll update you guys.
