[Arcturus] Security Fix

[lCON]

Since i have got some request On this matter I thought we would take a look into some of its security.

As many know I'm the owner of a Irose server using what some call Arcturus.
Arcturus seems to have its Bugs and security holes. This is no Surprise.
What my objective here is to help plug some of these holes.

Now lets start plugging...

First Matter we will take a look into is the SQL injection

when a sql injection is wrote its usually done in this manor,

Example 1

a';UPDATE SEVEN_ORA..UserInfo SET [right]=768 WHERE [right]=1--

What this Injection dose is look for your Seven_ORA Db and find the accounts with right 1 and make them right 768.
In thus the Whole server is GM..

Example 2

a';DELETE SHO..tblGS_AVATAR WHERE [dwRIGHT]=0--

Now what this one does is drops all chars in the SHO Db. Loss of all chars,

Example 3

a';DELETE SEVEN_ORA..UserInfo WHERE [right]=1--

And this one will delete all non Gm Accounts.

Now that we see how simple sql Injections are wrote lets add some Security for this type of inject.

The first step we would take to start to protect this is
Step 1
Create 3 new db's
:busted_co DON'T name them seven_ORA, SHO, Or SHO_LOG
Use a unique Db name for each Db but know what they are.

Step 2
Make backups of all your current db's back them up to your desktop you will need then in a min.

Step 3
Now after you have them all Backed up delete the original ones.

Step4
Now you will need to restore the backups into the new Db's.
This is simply done the same way you backed up your dbs,
right click db restore db select drive and find the db. In the tabs there's a
option to force over right make sure that is checked.
Do the same for all 3 Db's

Step 5
Now you have all your data in the New Dbs, We need to fix the user rights.
A good friend of mine has wrote a sql Script for a easy way to add user rights
You will need to change the Db names the users and passes used.

/*****************************************************************/

exec sp_addlogin 'Username1', 'pass1', 'YournewSevenOradbnamehere', 'us_english', 0x05000000000000000000000000000000
exec sp_addlogin 'Username2', 'pass2', 'YournewSHOdbnamehere', 'us_english', 0x07000000000000000000000000000000;--

use YournewSHOdbnamehere
/*exec sp_adduser 'Username1'
GRANT SELECT, INSERT, UPDATE ON UserInfo TO Username1*/
exec sp_adduser 'Username2'
GRANT SELECT, INSERT, UPDATE ON UserInfo TO Username2

use YournewSevenOradbnamehere
exec sp_adduser 'Username1'
GRANT SELECT, INSERT, DELETE, UPDATE ON WS_CheatLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblGS_AVATAR TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblGS_BANK TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblWS_CLAN TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblWS_ClanCHAR TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblWS_FRIEND TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblWS_MEMO TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblWS_VAR TO Username1

use SHO_LOG
exec sp_adduser 'Username1'
GRANT SELECT, INSERT, DELETE, UPDATE ON WS_CheatLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_ChangeAbility TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_CharacterLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_CreateLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_DieLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_GemmingLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_ItemLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_LevelUpLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_PeriodicCHARLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_QuestLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_SkillLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_UnionLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_UpgradeLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON UpdatePoint_Log TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON WS_ClanLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON WS_LoginLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblGS_ERROR TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblGS_LogIN TO Username1





/*****************************************************************/

/*****************************************************************/
use YournewSevenOradbnamehere
GRANT EXEC ON ws_ClanUPDATE TO Username1
GRANT EXEC ON gs_GetACCOUNT TO Username1
GRANT EXEC ON gs_SelectBANK TO Username1
GRANT EXEC ON gs_SelectCHAR TO Username1
GRANT EXEC ON ws_CharDELETE TO Username1
GRANT EXEC ON ws_ClanBinUPDATE TO Username1
GRANT EXEC ON ws_ClanCharADD TO Username1
GRANT EXEC ON ws_ClanCharADJ TO Username1
GRANT EXEC ON ws_ClanCharALL TO Username1
GRANT EXEC ON ws_ClanCharDEL TO Username1
GRANT EXEC ON ws_ClanCharGET TO Username1
GRANT EXEC ON ws_ClanDELETE TO Username1
GRANT EXEC ON ws_ClanINSERT TO Username1
GRANT EXEC ON ws_ClanMOTD TO Username1
GRANT EXEC ON ws_ClanMarkUPDATE TO Username1
GRANT EXEC ON ws_ClanSELECT TO Username1
GRANT EXEC ON ws_ClanSLOGAN TO Username1
GRANT EXEC ON ws_CreateCHAR TO Username1
GRANT EXEC ON ws_DelMEMO TO Username1
GRANT EXEC ON ws_DeleteCHAR TO Username1
GRANT EXEC ON ws_DeleteUnregCHAR TO Username1
GRANT EXEC ON ws_GetCharID TO Username1
GRANT EXEC ON ws_GetCharLIST TO Username1
GRANT EXEC ON ws_GetFRIEND TO Username1
GRANT EXEC ON ws_GetMEMO TO Username1
GRANT EXEC ON ws_SelectCHAR TO Username1
GRANT EXEC ON AddCharacterLog TO Username1
GRANT EXEC ON AddCheatLog TO Username1
GRANT EXEC ON AddClanLog TO Username1
GRANT EXEC ON AddCreateLog TO Username1
GRANT EXEC ON AddDieLog TO Username1
GRANT EXEC ON AddGemmingLog TO Username1
GRANT EXEC ON AddItemLog TO Username1
GRANT EXEC ON AddLevelUpLog TO Username1
GRANT EXEC ON AddLoginLog TO Username1
GRANT EXEC ON AddPeriodicCHARLog TO Username1
GRANT EXEC ON AddQuestLog TO Username1
GRANT EXEC ON AddSkillLog TO Username1
GRANT EXEC ON AddUpgradeLog TO Username1
GRANT EXEC ON DeleteGS_Log TO Username1
GRANT EXEC ON gs_M_DefLOG TO Username1
GRANT EXEC ON gs_M_DescLOG TO Username1
GRANT EXEC ON gs_M_LogInOut TO Username1
GRANT EXEC ON gs_M_ObjDescLOG TO Username1
GRANT EXEC ON gs_M_ObjLOG TO Username1


use SHO_LOG
GRANT EXEC ON gs_M_ObjLOG TO Username1
GRANT EXEC ON gs_M_ObjDescLOG TO Username1
GRANT EXEC ON gs_M_LogInOut TO Username1
GRANT EXEC ON gs_M_DescLOG TO Username1
GRANT EXEC ON gs_M_DefLOG TO Username1
GRANT EXEC ON DeleteGS_Log TO Username1
GRANT EXEC ON AddUpgradeLog TO Username1
GRANT EXEC ON AddSkillLog TO Username1
GRANT EXEC ON AddQuestLog TO Username1
GRANT EXEC ON AddPeriodicCHARLog TO Username1
GRANT EXEC ON AddLoginLog TO Username1
GRANT EXEC ON AddLevelUpLog TO Username1
GRANT EXEC ON AddItemLog TO Username1
GRANT EXEC ON AddGemmingLog TO Username1
GRANT EXEC ON AddDieLog TO Username1
GRANT EXEC ON AddCreateLog TO Username1
GRANT EXEC ON AddClanLog TO Username1
GRANT EXEC ON AddCheatLog TO Username1
GRANT EXEC ON AddCharacterLog TO Username1
/*****************************************************************/


use YournewSHOdbnamehere
GRANT SELECT, INSERT, UPDATE ON Statistic TO Username2
GRANT EXECUTE ON UpdateStat TO Username2


/*use YournewSHOdbnamehere
exec sp_adduser 'Username1'
GRANT SELECT, INSERT, DELETE, UPDATE ON UserInfo TO Username1 */

GRANT INSERT ON Ch_Pw TO Username2
GRANT UPDATE ON UserInfo TO Username2
GRANT EXECUTE ON UpdatePWD TO Username2

GRANT UPDATE ON Restart_Flag TO Username2

Step 6
Now we have users for the dbs next we need to fix the odbc
Open odbc and change the the login to the ones you created in the last script and link seven_ORA to your new SO db and SHo to your new SHO db
And same with SHO_LOG.
Step 7
You will need to go thru your stored proc and change the db names in them to use your new db name.


Stage 1 Complete....... This will Secure 90% of the people trying to exploit your server.

Now Xp_cmdShell exsploit i like this one it can make a admin account on your host for the hacker...

The Injection looks something like this

a';exec master..xp_cmdshell 'net user Myaccountname mynewpass /add';exec master..xp_cmdshell 'net localgroup administrators Myaccountname /add'--

The simeple fix for this would be this small script

use master 
exec sp_dropextendedproc 'xp_cmdshell'
go

This may cause a random error in your console window witch a few have told me it has. The server runs fine and if it's running good then why worry about it as long as you are secure.

Now I will say this is not all the security we use at Inferno but is some of our security fixes.
And i won't release all, But this should get you in the right direction. I hope this tut helps some out. If you don't understand most of this I'm sorry but learn your mssql a bit better. Ill show you the water but you need to figure out how to drink it.

 

[Necro]

Icon thank you very much for this explains a lot of things i was busting my head with.
<3

 

[mehurgay]

ICON ur such a woderfully inteligent lilboy :flag_schw

 

[lCON]

Icon thank you very much for this explains a lot of things i was busting my head with.
<3

No problem Your pm is what pushed me to finally post this.

 

[Necro]

Well like i said thank you for this once more and yeah was busting my head for a few days and nights feeling like a zombie looking at each area of the db i could not figure it out but i ran into xp_cmdshell in some area of the stored procedures and it keeped on buging me but could not figure out what or how it had to do with the injection into you posted the guide it all makes sense now.

Awsome release thnx

 

[Necro]

Hey icon was reading your guide i see on a few lines it shows.

use YournewSevenOradbnamehere
exec sp_adduser 'Username1'
GRANT SELECT, INSERT, DELETE, UPDATE ON WS_CheatLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblGS_AVATAR TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblGS_BANK TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblWS_CLAN TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblWS_ClanCHAR TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblWS_FRIEND TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblWS_MEMO TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblWS_VAR TO Username1

where it shows YournewSevenOradbnamehere i understand that area.

But what about also in this area of the code.

[COLOR="Red"]use SHO_LOG[/COLOR]
exec sp_adduser 'Username1'
GRANT SELECT, INSERT, DELETE, UPDATE ON WS_CheatLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_ChangeAbility TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_CharacterLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_CreateLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_DieLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_GemmingLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_ItemLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_LevelUpLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_PeriodicCHARLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_QuestLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_SkillLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_UnionLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_UpgradeLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON UpdatePoint_Log TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON WS_ClanLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON WS_LoginLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblGS_ERROR TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblGS_LogIN TO Username1

top first one shows to put in the new name of your sevenoradb but second one i see it does now say to put like newnameofshodb we see in your code use SHO_LOG should that be changed to the new db of sho? or is the code you posted right i dont wanna get lost so just asking as i am a lil lost in that area.
Also btw by username1 and username2 by that are you meaning two make two different user names and where is says pass1 and pass2 as username1 and 2?

"Update" got it to work

And if you don't mind ICON if i add on to your post if not just lemme know and i will delete the info it is just something to add on i guess as it may also be needed.

just a lil info i guess as this will also be needed to be done for the people who have a custom made site or use the RoseCP-AE from dyeprey here in Icons guide i guess all that was done into the stored Procedures will also be needed to be done onto the php code of a site and change like where it gets the info from saying seven_ORA/sho/sho_log would also need to be changed to whatever you renamed your db to site/admin panel both need recoding is needed if i am correct.

 

[buzbee]

i believe the username1 and username2 stuff will give those user names and passwords the rights to insert delete and select the db's

oh and editing all the system procs isnt no walk in the park, it will take about 30-45 minutes to do

nice little security guide btw icon,
shoulda waited for this instead of bugging you lol

 

[lCON]

BuzBee When i helped you i had no intentions of posting this. but i guess its all good tho.
It will help people and yes nec SHO_LOG needed changed as well. and RoseCP-AE from dyepre is a good site that's public.

 

[Necro]

Hmm still seem to be having problems when i run the query and execute it i get these errors can anyone point out where i am going wrong here. i edited out my names with name1 and name2.

Thankful for any help or clue.

Server: Msg 15433, Level 16, State 1, Procedure sp_addlogin, Line 94
Supplied parameter @sid is in use.
New login created.
Granted database access to 'name2'.
Server: Msg 208, Level 16, State 11, Line 10
Invalid object name 'UserInfo'.
Server: Msg 15007, Level 16, State 1, Procedure sp_adduser, Line 15
The login 'name1' does not exist.
Server: Msg 208, Level 16, State 11, Line 14
Invalid object name 'WS_CheatLog'.
Server: Msg 208, Level 16, State 11, Line 15
Invalid object name 'tblGS_AVATAR'.
Server: Msg 208, Level 16, State 11, Line 16
Invalid object name 'tblGS_BANK'.
Server: Msg 208, Level 16, State 11, Line 17
Invalid object name 'tblWS_CLAN'.
Server: Msg 208, Level 16, State 11, Line 18
Invalid object name 'tblWS_ClanCHAR'.
Server: Msg 208, Level 16, State 11, Line 19
Invalid object name 'tblWS_FRIEND'.
Server: Msg 208, Level 16, State 11, Line 20
Invalid object name 'tblWS_MEMO'.
Server: Msg 208, Level 16, State 11, Line 21
Invalid object name 'tblWS_VAR'.
Server: Msg 15007, Level 16, State 1, Procedure sp_adduser, Line 15
The login 'name1' does not exist.
Server: Msg 4604, Level 16, State 1, Line 25
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 26
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 27
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 28
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 29
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 30
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 31
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 32
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 33
There is no such user or group 'Username1'.
Server: Msg 4604, Level 16, State 1, Line 34
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 35
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 36
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 37
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 38
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 39
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 40
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 41
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 42
There is no such user or group 'name1'.
Server: Msg 208, Level 16, State 11, Line 52
Invalid object name 'ws_ClanUPDATE'.
Server: Msg 208, Level 16, State 11, Line 53
Invalid object name 'gs_GetACCOUNT'.
Server: Msg 208, Level 16, State 11, Line 54
Invalid object name 'gs_SelectBANK'.
Server: Msg 208, Level 16, State 11, Line 55
Invalid object name 'gs_SelectCHAR'.
Server: Msg 208, Level 16, State 11, Line 56
Invalid object name 'ws_CharDELETE'.
Server: Msg 208, Level 16, State 11, Line 57
Invalid object name 'ws_ClanBinUPDATE'.
Server: Msg 208, Level 16, State 11, Line 58
Invalid object name 'ws_ClanCharADD'.
Server: Msg 208, Level 16, State 11, Line 59
Invalid object name 'ws_ClanCharADJ'.
Server: Msg 208, Level 16, State 11, Line 60
Invalid object name 'ws_ClanCharALL'.
Server: Msg 208, Level 16, State 11, Line 61
Invalid object name 'ws_ClanCharDEL'.
Server: Msg 208, Level 16, State 11, Line 62
Invalid object name 'ws_ClanCharGET'.
Server: Msg 208, Level 16, State 11, Line 63
Invalid object name 'ws_ClanDELETE'.
Server: Msg 208, Level 16, State 11, Line 64
Invalid object name 'ws_ClanINSERT'.
Server: Msg 208, Level 16, State 11, Line 65
Invalid object name 'ws_ClanMOTD'.
Server: Msg 208, Level 16, State 11, Line 66
Invalid object name 'ws_ClanMarkUPDATE'.
Server: Msg 208, Level 16, State 11, Line 67
Invalid object name 'ws_ClanSELECT'.
Server: Msg 208, Level 16, State 11, Line 68
Invalid object name 'ws_ClanSLOGAN'.
Server: Msg 208, Level 16, State 11, Line 69
Invalid object name 'ws_CreateCHAR'.
Server: Msg 208, Level 16, State 11, Line 70
Invalid object name 'ws_DelMEMO'.
Server: Msg 208, Level 16, State 11, Line 71
Invalid object name 'ws_DeleteCHAR'.
Server: Msg 208, Level 16, State 11, Line 72
Invalid object name 'ws_DeleteUnregCHAR'.
Server: Msg 208, Level 16, State 11, Line 73
Invalid object name 'ws_GetCharID'.
Server: Msg 208, Level 16, State 11, Line 74
Invalid object name 'ws_GetCharLIST'.
Server: Msg 208, Level 16, State 11, Line 75
Invalid object name 'ws_GetFRIEND'.
Server: Msg 208, Level 16, State 11, Line 76
Invalid object name 'ws_GetMEMO'.
Server: Msg 208, Level 16, State 11, Line 77
Invalid object name 'ws_SelectCHAR'.
Server: Msg 208, Level 16, State 11, Line 78
Invalid object name 'AddCharacterLog'.
Server: Msg 208, Level 16, State 11, Line 79
Invalid object name 'AddCheatLog'.
Server: Msg 208, Level 16, State 11, Line 80
Invalid object name 'AddClanLog'.
Server: Msg 208, Level 16, State 11, Line 81
Invalid object name 'AddCreateLog'.
Server: Msg 208, Level 16, State 11, Line 82
Invalid object name 'AddDieLog'.
Server: Msg 208, Level 16, State 11, Line 83
Invalid object name 'AddGemmingLog'.
Server: Msg 208, Level 16, State 11, Line 84
Invalid object name 'AddItemLog'.
Server: Msg 208, Level 16, State 11, Line 85
Invalid object name 'AddLevelUpLog'.
Server: Msg 208, Level 16, State 11, Line 86
Invalid object name 'AddLoginLog'.
Server: Msg 208, Level 16, State 11, Line 87
Invalid object name 'AddPeriodicCHARLog'.
Server: Msg 208, Level 16, State 11, Line 88
Invalid object name 'AddQuestLog'.
Server: Msg 208, Level 16, State 11, Line 89
Invalid object name 'AddSkillLog'.
Server: Msg 208, Level 16, State 11, Line 90
Invalid object name 'AddUpgradeLog'.
Server: Msg 208, Level 16, State 11, Line 91
Invalid object name 'DeleteGS_Log'.
Server: Msg 208, Level 16, State 11, Line 92
Invalid object name 'gs_M_DefLOG'.
Server: Msg 208, Level 16, State 11, Line 93
Invalid object name 'gs_M_DescLOG'.
Server: Msg 208, Level 16, State 11, Line 94
Invalid object name 'gs_M_LogInOut'.
Server: Msg 208, Level 16, State 11, Line 95
Invalid object name 'gs_M_ObjDescLOG'.
Server: Msg 208, Level 16, State 11, Line 96
Invalid object name 'gs_M_ObjLOG'.
Server: Msg 4604, Level 16, State 1, Line 100
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 101
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 102
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 103
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 104
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 105
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 106
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 107
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 108
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 109
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 110
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 111
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 112
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 113
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 114
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 115
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 116
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 117
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 118
There is no such user or group 'name1'.
Server: Msg 208, Level 16, State 11, Line 123
Invalid object name 'Statistic'.
Server: Msg 208, Level 16, State 11, Line 124
Invalid object name 'UpdateStat'.
Server: Msg 208, Level 16, State 11, Line 131
Invalid object name 'Ch_Pw'.
Server: Msg 208, Level 16, State 11, Line 132
Invalid object name 'UserInfo'.
Server: Msg 208, Level 16, State 11, Line 133
Invalid object name 'UpdatePWD'.
Server: Msg 208, Level 16, State 11, Line 135
Invalid object name 'Restart_Flag'.

 

[lCON]

seems you did not run this under master or have the new db names in the script

 

[Necro]

the new db names where in it i will give it a try running under master not sure if i had it set on master lol ty icon.

and do i need to change the info in the stored proc befor running the scrpit?

"Edit"

Ran it on master and this is what i get this time.

I made my new db names and add'ed them to the scrpit but not sure where i am going wrong or like i said do i need to edit all the stored proc first.

Server: Msg 15433, Level 16, State 1, Procedure sp_addlogin, Line 94
Supplied parameter @sid is in use.
Server: Msg 15025, Level 16, State 1, Procedure sp_addlogin, Line 57
The login 'name2' already exists.
Server: Msg 15023, Level 16, State 1, Procedure sp_grantdbaccess, Line 127
User or role 'name2' already exists in the current database.
Server: Msg 208, Level 16, State 11, Line 10
Invalid object name 'UserInfo'.
Server: Msg 15007, Level 16, State 1, Procedure sp_adduser, Line 15
The login 'name1' does not exist.
Server: Msg 208, Level 16, State 11, Line 14
Invalid object name 'WS_CheatLog'.
Server: Msg 208, Level 16, State 11, Line 15
Invalid object name 'tblGS_AVATAR'.
Server: Msg 208, Level 16, State 11, Line 16
Invalid object name 'tblGS_BANK'.
Server: Msg 208, Level 16, State 11, Line 17
Invalid object name 'tblWS_CLAN'.
Server: Msg 208, Level 16, State 11, Line 18
Invalid object name 'tblWS_ClanCHAR'.
Server: Msg 208, Level 16, State 11, Line 19
Invalid object name 'tblWS_FRIEND'.
Server: Msg 208, Level 16, State 11, Line 20
Invalid object name 'tblWS_MEMO'.
Server: Msg 208, Level 16, State 11, Line 21
Invalid object name 'tblWS_VAR'.
Server: Msg 15007, Level 16, State 1, Procedure sp_adduser, Line 15
The login 'name1' does not exist.
Server: Msg 4604, Level 16, State 1, Line 25
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 26
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 27
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 28
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 29
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 30
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 31
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 32
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 33
There is no such user or group 'Username1'.
Server: Msg 4604, Level 16, State 1, Line 34
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 35
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 36
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 37
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 38
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 39
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 40
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 41
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 42
There is no such user or group 'name1'.
Server: Msg 208, Level 16, State 11, Line 52
Invalid object name 'ws_ClanUPDATE'.
Server: Msg 208, Level 16, State 11, Line 53
Invalid object name 'gs_GetACCOUNT'.
Server: Msg 208, Level 16, State 11, Line 54
Invalid object name 'gs_SelectBANK'.
Server: Msg 208, Level 16, State 11, Line 55
Invalid object name 'gs_SelectCHAR'.
Server: Msg 208, Level 16, State 11, Line 56
Invalid object name 'ws_CharDELETE'.
Server: Msg 208, Level 16, State 11, Line 57
Invalid object name 'ws_ClanBinUPDATE'.
Server: Msg 208, Level 16, State 11, Line 58
Invalid object name 'ws_ClanCharADD'.
Server: Msg 208, Level 16, State 11, Line 59
Invalid object name 'ws_ClanCharADJ'.
Server: Msg 208, Level 16, State 11, Line 60
Invalid object name 'ws_ClanCharALL'.
Server: Msg 208, Level 16, State 11, Line 61
Invalid object name 'ws_ClanCharDEL'.
Server: Msg 208, Level 16, State 11, Line 62
Invalid object name 'ws_ClanCharGET'.
Server: Msg 208, Level 16, State 11, Line 63
Invalid object name 'ws_ClanDELETE'.
Server: Msg 208, Level 16, State 11, Line 64
Invalid object name 'ws_ClanINSERT'.
Server: Msg 208, Level 16, State 11, Line 65
Invalid object name 'ws_ClanMOTD'.
Server: Msg 208, Level 16, State 11, Line 66
Invalid object name 'ws_ClanMarkUPDATE'.
Server: Msg 208, Level 16, State 11, Line 67
Invalid object name 'ws_ClanSELECT'.
Server: Msg 208, Level 16, State 11, Line 68
Invalid object name 'ws_ClanSLOGAN'.
Server: Msg 208, Level 16, State 11, Line 69
Invalid object name 'ws_CreateCHAR'.
Server: Msg 208, Level 16, State 11, Line 70
Invalid object name 'ws_DelMEMO'.
Server: Msg 208, Level 16, State 11, Line 71
Invalid object name 'ws_DeleteCHAR'.
Server: Msg 208, Level 16, State 11, Line 72
Invalid object name 'ws_DeleteUnregCHAR'.
Server: Msg 208, Level 16, State 11, Line 73
Invalid object name 'ws_GetCharID'.
Server: Msg 208, Level 16, State 11, Line 74
Invalid object name 'ws_GetCharLIST'.
Server: Msg 208, Level 16, State 11, Line 75
Invalid object name 'ws_GetFRIEND'.
Server: Msg 208, Level 16, State 11, Line 76
Invalid object name 'ws_GetMEMO'.
Server: Msg 208, Level 16, State 11, Line 77
Invalid object name 'ws_SelectCHAR'.
Server: Msg 208, Level 16, State 11, Line 78
Invalid object name 'AddCharacterLog'.
Server: Msg 208, Level 16, State 11, Line 79
Invalid object name 'AddCheatLog'.
Server: Msg 208, Level 16, State 11, Line 80
Invalid object name 'AddClanLog'.
Server: Msg 208, Level 16, State 11, Line 81
Invalid object name 'AddCreateLog'.
Server: Msg 208, Level 16, State 11, Line 82
Invalid object name 'AddDieLog'.
Server: Msg 208, Level 16, State 11, Line 83
Invalid object name 'AddGemmingLog'.
Server: Msg 208, Level 16, State 11, Line 84
Invalid object name 'AddItemLog'.
Server: Msg 208, Level 16, State 11, Line 85
Invalid object name 'AddLevelUpLog'.
Server: Msg 208, Level 16, State 11, Line 86
Invalid object name 'AddLoginLog'.
Server: Msg 208, Level 16, State 11, Line 87
Invalid object name 'AddPeriodicCHARLog'.
Server: Msg 208, Level 16, State 11, Line 88
Invalid object name 'AddQuestLog'.
Server: Msg 208, Level 16, State 11, Line 89
Invalid object name 'AddSkillLog'.
Server: Msg 208, Level 16, State 11, Line 90
Invalid object name 'AddUpgradeLog'.
Server: Msg 208, Level 16, State 11, Line 91
Invalid object name 'DeleteGS_Log'.
Server: Msg 208, Level 16, State 11, Line 92
Invalid object name 'gs_M_DefLOG'.
Server: Msg 208, Level 16, State 11, Line 93
Invalid object name 'gs_M_DescLOG'.
Server: Msg 208, Level 16, State 11, Line 94
Invalid object name 'gs_M_LogInOut'.
Server: Msg 208, Level 16, State 11, Line 95
Invalid object name 'gs_M_ObjDescLOG'.
Server: Msg 208, Level 16, State 11, Line 96
Invalid object name 'gs_M_ObjLOG'.
Server: Msg 4604, Level 16, State 1, Line 100
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 101
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 102
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 103
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 104
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 105
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 106
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 107
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 108
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 109
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 110
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 111
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 112
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 113
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 114
There is no such user or group 'name1'.






Server: Msg 4604, Level 16, State 1, Line 115
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 116
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 117
There is no such user or group 'name1'.
Server: Msg 4604, Level 16, State 1, Line 118
There is no such user or group 'name1'.
Server: Msg 208, Level 16, State 11, Line 123
Invalid object name 'Statistic'.
Server: Msg 208, Level 16, State 11, Line 124
Invalid object name 'UpdateStat'.
Server: Msg 208, Level 16, State 11, Line 131
Invalid object name 'Ch_Pw'.
Server: Msg 208, Level 16, State 11, Line 132
Invalid object name 'UserInfo'.
Server: Msg 208, Level 16, State 11, Line 133
Invalid object name 'UpdatePWD'.
Server: Msg 208, Level 16, State 11, Line 135
Invalid object name 'Restart_Flag'.

Also not sure if it is me or when i try to run the scrpit it shows in your guide to add the new names to the db's in the scrpit but in some area's its like backwords as some of the strings that need edit are not in like ether the sho or the seven_ora or the sho_log like the strings it is askin to be changed in one area are located in the other area example.
maybe i am wrong but just wanna know cus i fallowed your guide and all still keeps coming out with errors.

/*****************************************************************/

exec sp_addlogin '[COLOR="Blue"]Username1[/COLOR]', 'pass1', 'YournewSevenOradbnamehere', 'us_english', 0x05000000000000000000000000000000
exec sp_addlogin '[COLOR="Red"]Username2[/COLOR]', 'pass2', 'YournewSHOdbnamehere', 'us_english', 0x07000000000000000000000000000000;--

[B]But i dont see a line up top for like yournewsho_logdbnamehere or pass3[/B]

use YournewSHOdbnamehere [B]<-- Here the data to userinfo is not in sho but in 7Ora.[/B]
/*exec sp_adduser 'Username1'
GRANT SELECT, INSERT, UPDATE ON UserInfo TO Username1*/
exec sp_adduser 'Username2'
GRANT SELECT, INSERT, UPDATE ON UserInfo TO Username2

use YournewSevenOradbnamehere [B]<--7Ora does not hold these tables Sho does[/B]
exec sp_adduser 'Username1'
GRANT SELECT, INSERT, DELETE, UPDATE ON WS_CheatLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblGS_AVATAR TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblGS_BANK TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblWS_CLAN TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblWS_ClanCHAR TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblWS_FRIEND TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblWS_MEMO TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblWS_VAR TO Username1

use SHO_LOG [B]u got it named sho_log should it be yournewsho_logdbname here. ?[/B]
exec sp_adduser 'Username1'
GRANT SELECT, INSERT, DELETE, UPDATE ON WS_CheatLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_ChangeAbility TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_CharacterLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_CreateLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_DieLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_GemmingLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_ItemLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_LevelUpLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_PeriodicCHARLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_QuestLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_SkillLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_UnionLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON GS_UpgradeLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON UpdatePoint_Log TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON WS_ClanLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON WS_LoginLog TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblGS_ERROR TO Username1
GRANT SELECT, INSERT, DELETE, UPDATE ON tblGS_LogIN TO Username1





/*****************************************************************/

/*****************************************************************/
use YournewSevenOradbnamehere [B]<--this data is also not in 7Ora found it in SHO so should it be yournewshodbnamehere. ?[/B]

GRANT EXEC ON ws_ClanUPDATE TO Username1
GRANT EXEC ON gs_GetACCOUNT TO Username1
GRANT EXEC ON gs_SelectBANK TO Username1
GRANT EXEC ON gs_SelectCHAR TO Username1
GRANT EXEC ON ws_CharDELETE TO Username1
GRANT EXEC ON ws_ClanBinUPDATE TO Username1
GRANT EXEC ON ws_ClanCharADD TO Username1
GRANT EXEC ON ws_ClanCharADJ TO Username1
GRANT EXEC ON ws_ClanCharALL TO Username1
GRANT EXEC ON ws_ClanCharDEL TO Username1
GRANT EXEC ON ws_ClanCharGET TO Username1
GRANT EXEC ON ws_ClanDELETE TO Username1
GRANT EXEC ON ws_ClanINSERT TO Username1
GRANT EXEC ON ws_ClanMOTD TO Username1
GRANT EXEC ON ws_ClanMarkUPDATE TO Username1
GRANT EXEC ON ws_ClanSELECT TO Username1
GRANT EXEC ON ws_ClanSLOGAN TO Username1
GRANT EXEC ON ws_CreateCHAR TO Username1
GRANT EXEC ON ws_DelMEMO TO Username1
GRANT EXEC ON ws_DeleteCHAR TO Username1
GRANT EXEC ON ws_DeleteUnregCHAR TO Username1
GRANT EXEC ON ws_GetCharID TO Username1
GRANT EXEC ON ws_GetCharLIST TO Username1
GRANT EXEC ON ws_GetFRIEND TO Username1
GRANT EXEC ON ws_GetMEMO TO Username1
GRANT EXEC ON ws_SelectCHAR TO Username1
GRANT EXEC ON AddCharacterLog TO Username1
GRANT EXEC ON AddCheatLog TO Username1
GRANT EXEC ON AddClanLog TO Username1
GRANT EXEC ON AddCreateLog TO Username1
GRANT EXEC ON AddDieLog TO Username1
GRANT EXEC ON AddGemmingLog TO Username1
GRANT EXEC ON AddItemLog TO Username1
GRANT EXEC ON AddLevelUpLog TO Username1
GRANT EXEC ON AddLoginLog TO Username1
GRANT EXEC ON AddPeriodicCHARLog TO Username1
GRANT EXEC ON AddQuestLog TO Username1
GRANT EXEC ON AddSkillLog TO Username1
GRANT EXEC ON AddUpgradeLog TO Username1
GRANT EXEC ON DeleteGS_Log TO Username1
GRANT EXEC ON gs_M_DefLOG TO Username1
GRANT EXEC ON gs_M_DescLOG TO Username1
GRANT EXEC ON gs_M_LogInOut TO Username1
GRANT EXEC ON gs_M_ObjDescLOG TO Username1
GRANT EXEC ON gs_M_ObjLOG TO Username1


use SHO_LOG [B]<--Same here should it be renamed to mynewsho_logdbnamehere. ?[/B]

GRANT EXEC ON gs_M_ObjLOG TO Username1
GRANT EXEC ON gs_M_ObjDescLOG TO Username1
GRANT EXEC ON gs_M_LogInOut TO Username1
GRANT EXEC ON gs_M_DescLOG TO Username1
GRANT EXEC ON gs_M_DefLOG TO Username1
GRANT EXEC ON DeleteGS_Log TO Username1
GRANT EXEC ON AddUpgradeLog TO Username1
GRANT EXEC ON AddSkillLog TO Username1
GRANT EXEC ON AddQuestLog TO Username1
GRANT EXEC ON AddPeriodicCHARLog TO Username1
GRANT EXEC ON AddLoginLog TO Username1
GRANT EXEC ON AddLevelUpLog TO Username1
GRANT EXEC ON AddItemLog TO Username1
GRANT EXEC ON AddGemmingLog TO Username1
GRANT EXEC ON AddDieLog TO Username1
GRANT EXEC ON AddCreateLog TO Username1
GRANT EXEC ON AddClanLog TO Username1
GRANT EXEC ON AddCheatLog TO Username1
GRANT EXEC ON AddCharacterLog TO Username1
/*****************************************************************/


use YournewSHOdbnamehere [B]<--Here also data not in same are to username2 to grant execute to updatestat that is in 7Ora[/B]

GRANT SELECT, INSERT, UPDATE ON Statistic TO Username2
GRANT EXECUTE ON UpdateStat TO Username2


/*use YournewSHOdbnamehere [B]<--And here is same with the database userinfo not in sho db but in 7Ora.[/B]

exec sp_adduser 'Username1'
GRANT SELECT, INSERT, DELETE, UPDATE ON UserInfo TO Username1 */

GRANT INSERT ON Ch_Pw TO Username2
GRANT UPDATE ON UserInfo TO Username2
GRANT EXECUTE ON UpdatePWD TO Username2
                                                               [B] <-- line missing is it to be this way? or can bottom line be moved up. ?[/B]
GRANT UPDATE ON Restart_Flag TO Username2

 

[Flowan]

Nice security guid, thanks!

 

[buzbee]

well necro i really dont know what your problem is,

i did alot of this guide before it was posted, like the db names and stored procs

and the script ran for me without any problems,



plus another thing you can use to enhance the security of your server is to find a copy of tribalGRD and hex edit it to fit your servers needs
plus using tribalGRD will stop all the server disconnect problems people seem to have with arcturus

a final note on the security for arcturus is dll files
take a asm class and learn as much as you can or find an experienced coder and have them finish securing up the server for you, but coders are not free lol

 

[lCON]

Yes I guess you can do that . lol And yes Buzz I said in my post I was not gonna share all my secrets......

Everyone uses the TribalGrd anyways. Witch is a Modded Arua Gurad Credits go to them for it. {Was not aware of it when i got it but it works and too late to change now. Till we get our new one done.

 

[buzbee]

yeah didnt mean to tell another 2% of the security secrets but you know


i will not let out anything i have figured out yet btw


and tribal is the best way to go unless you can write your own game protection

but anyways, good guide icon, lot of useful info here

 

[Necro]

Even tho i still have not worked out my problems still there is many thanks to give for this guide ty also buz xD

have found few things by exploring the dll's and the server side exe's thanks <3

*Update*

Icon thanks alot got it to work

And yes the problem was when i ran the Query the first time i did it by the guide you made but like i was sayin the path to the new db names where off a lil on the guide so i had to change it around from there matched them up did fresh install of the db names restored the old backup's and walah ! worked fine this time thank you now i just got to go and rename each stored procedure lol and i think buz said it will take about 30-40 mins but worth it at the end

 

[Flowan]

I get this when i try to start the login, world or game server:


Find DSN ::: testSHO

Find DSN ::: testSHO_LOG

Find DSN ::: testseven_ORA

Find DSN ::: testSHO_MALL

Find DSN ::: LocalServer

sql connect failed ...

 

[lCON]

cause your dns can not be named anything but seven_ORA SHO SHO_LOG SHO_MALL

 

[Necro]

Yup dns needs to stay seven_ORA /SHO/ SHO_LOG and make sure you renamed all your stored procs or else you going to have a heck of a time tryin to find where u went wrong.

 

[Flowan]

thanks guys! Gonna fix this now, hope it will work.