How do I prevent my site is not hacked.

Well, I use a very good website gunz but the problem is they are using some kind of trick to add as many coins and want to know how to prevent this from no happening again.

Re: How do I prevent my site is not hacked.

Quote:

Originally Posted by megol

they are using some kind of trick to add as many coins.

You mean SQL Injections...

Re: How do I prevent my site is not hacked.

Which release are you using?

Re: How do I prevent my site is not hacked.

I'm using gunz 1.5 and web called Project RED created by s00rk a certain something?.

I'm in situations of emergency, are adding more and more coins.

Re: How do I prevent my site is not hacked.

Add this dirty piece of code on top of your config file.

PHP Code:

<?php if(count($_POST) > 0) { foreach($_POST as $key=>$value) { $_POST[$key] = str_replace(array("\x1a", "\x00", "\0", "'", '"', ";", "--", "/*"), "", $value); } } if(count($_GET) > 0) { foreach($_GET as $key=>$value) { $_GET[$key] = str_replace(array("\x1a", "\x00", "\0", "'", '"', ";", "--", "/*"), "", $value); } } ?>

Consider finding someone who could find the exploit and fix it.

Re: How do I prevent my site is not hacked.

this should go where in the config.php?

Re: How do I prevent my site is not hacked.

After connecting to your database.

Re: How do I prevent my site is not hacked.

Example:

Code:

<?php if(count($_POST) > 0) { foreach($_POST as $key=>$value) { $_POST[$key] = str_replace(array("\x1a", "\x00", "\0", "'", '"', ";", "--", "/*"), "", $value); } } if(count($_GET) > 0) { foreach($_GET as $key=>$value) { $_GET[$key] = str_replace(array("\x1a", "\x00", "\0", "'", '"', ";", "--", "/*"), "", $value); } } @session_start(); $DBHost = '184.45.63.974'; $DBUser = 'gunz'; $DBPass = 'randonmama'; $DB = 'Gunzdatabase'; $r = mssql_connect($DBHost, $DBUser, $DBPass); if(!$r) { die( mssql_error() ); } mssql_select_db($DB,$r); $_SESSION['correo'] = 'finalgunz@gmail.com'; $_SESSION['passcorreo'] = 'felizfeliz'; $_SESSION['nombregunz'] = 'FinalGunZ'; date_default_timezone_set("America/Mazatlan"); ?>

Correct?

Sr. SuperWaffle these is correct?

Re: How do I prevent my site is not hacked.

Quote:

Originally Posted by megol

Example:

Code:

<?php if(count($_POST) > 0) { foreach($_POST as $key=>$value) { $_POST[$key] = str_replace(array("\x1a", "\x00", "\0", "'", '"', ";", "--", "/*"), "", $value); } } if(count($_GET) > 0) { foreach($_GET as $key=>$value) { $_GET[$key] = str_replace(array("\x1a", "\x00", "\0", "'", '"', ";", "--", "/*"), "", $value); } } @session_start(); $DBHost = '184.45.63.974'; $DBUser = 'gunz'; $DBPass = 'randonmama'; $DB = 'Gunzdatabase'; $r = mssql_connect($DBHost, $DBUser, $DBPass); if(!$r) { die( mssql_error() ); } mssql_select_db($DB,$r); $_SESSION['correo'] = 'finalgunz@gmail.com'; $_SESSION['passcorreo'] = 'felizfeliz'; $_SESSION['nombregunz'] = 'FinalGunZ'; date_default_timezone_set("America/Mazatlan"); ?>

Correct?

Sr. SuperWaffle these is correct?

AFTER the connection string.

Re: How do I prevent my site is not hacked.

This in here I have not to modify it or something like that?.

$_POST[$key] = str_replace(array("\x1a", "\x00", "\0", "'", '"', ";", "--", "/*"), "", $value);

and

$_GET[$key] = str_replace(array("\x1a", "\x00", "\0", "'", '"', ";", "--", "/*"), "", $value);

Re: How do I prevent my site is not hacked.

replace this narb :

Spoiler:

<?php

@session_start();
$DBHost = '184.45.63.974';
$DBUser = 'gunz';
$DBPass = 'randonmama';
$DB = 'Gunzdatabase';
$r = mssql_connect($DBHost, $DBUser, $DBPass);
if(!$r)
{
die( mssql_error() );
}

if(count($_POST) > 0)
{
foreach($_POST as $key=>$value)
{
$_POST[$key] = str_replace(array("\x1a", "\x00", "\0", "'", '"', ";", "--", "/*"), "", $value);
}
}

if(count($_GET) > 0)
{
foreach($_GET as $key=>$value)
{
$_GET[$key] = str_replace(array("\x1a", "\x00", "\0", "'", '"', ";", "--", "/*"), "", $value);
}
}

mssql_select_db($DB,$r);
$_SESSION['correo'] = 'finalgunz@gmail.com';
$_SESSION['passcorreo'] = 'felizfeliz';
$_SESSION['nombregunz'] = 'FinalGunZ';
date_default_timezone_set("America/Mazatlan");
?>