I open the server after a few minutes of TB_User all content is deleted
PLEASE HELP ME
HACKS GTFO
Printable View
I open the server after a few minutes of TB_User all content is deleted
PLEASE HELP ME
HACKS GTFO
Configure Firewall: limit connect to port 1433 from some IPs only, do not allow all :(
Change user sa to something and set stronger password : DFGE$%^Rthyr6&%^&$^@$TGeryRTU$^&*%^*^&* :D
Check your website make sure there are no any sql injection error
...
How to Configure Firewall limit connect to port 1433 from some ips only ?
Search in Google bro :)
Nice answer, man :)Quote:
Originally Posted by nemo07
be sure to block port 15880 because smc can be sql injected, also make sure port 1433 is blocked too (local only) after that configure your mssql database to local only (no remote connections with TCP or Named Pipes) after that check your website scripts, everywhere you send user input data thats used for sql queries (like login, register etc) you will have to check the user data for unappropriate characters
for the last thing you can use something like this:
example usage for the above function:PHP Code:function secure($data) {
if ( !isset($data) or empty($data) ) return '';
if ( is_numeric($data) ) return $data;
$non_displayables = array('/%0[0-8bcef]/', '/%1[0-9a-f]/', '/[\x00-\x08]/', '/\x0b/', '/\x0c/', '/[\x0e-\x1f]/');
foreach ( $non_displayables as $regex )
$data = preg_replace( $regex, '', $data );
$data = str_replace("'", "''", $data );
return $data;
}
you should be safe thenPHP Code:$id = secure($_POST['UserID']);
$pass = secure($_POST['Password']);
regards,
Daedalus
picture of the problem
sql injection is very important for connection in bd... or ur all time racked tb_user
Meu Site ta Off vey, e ainda Continua LoL