Zero-Affect

Immortal, a possible reason for the recent weird events may be due to you rubbing someone up the wrong way, have you done anything to someone that might pee them off? To me it sounds like your computer is open to stuff like teamview or programs which allow a external user to access your computer and use your computer. <Possible or maybe they just figured out a way to bypass ip checks with cpanel and disguise their ip as yours im sure that's not so difficult. Immortal don't use the words 'zero' and 'hack' in the same sentence it's bad PR lol

that is unusual, ctype_numeric may have worked well there

i know i commented in the past that mt_rand was good but in this aspect you used it on set chars which the max is under 32768 so what i got to ask myself is, why?

Yeah i personally would say ALOT more advanced in more than one language. Good luck with that thought

I do love SOTHINK works great specially this product.

You may have a point their but considering half of the "hackers" from MC can't tie their own shoe laces, on another hand i agree you are correct but maybe just simple fixed basically find all $_POST and $_GET see whats put through them and do a simple isset !empty ctype_alpha and so on, That wouldn't take long

Actually with MC codes not all $_GET and $_POST are insecure so not always a need to secure everyone (kind of just ruined alot of peoples cons their huh), There is mainly i would say around 40 which need serious attention normally on a small website it can take upto 2-3 hours to secure sometimes longer depends on the modifications on their. When more is added it's best to filter them through the coder who secured your site and also best to ask atleast one other coder to test the website for vulnerable points after it's secured.   Your referring to the Cross Site Request Forgery right CSRF? I find most site owners would just prefer some honest, i've found 30 vulnerable area so far i can fix them within x times it will cost x amount the attack-able categories vary. Some do need a more Professional approach which is why i offer a overview service which basically means ill log what i find wrong and give a little comment which normally explains in laymen terms whats wrong.

sorry i had to say something, LOVE THE site name seriously nice name.

I know exactly what you mean by leaked mods most of our mods have been leaked i for one stopped making them for that exact reason now know if anything of mine leaks it was custom work for a site so isn't hard to know who did it lol

$Select = sprintf( "SELECT u.userid, u.username, u.level, u.money, u.crystals, u.laston, u.lastip, u.energy, u.will, u.maxwill, u.brave, u.maxbrave, u.maxenergy, u.hp, u.maxhp, u.location, u.hospital, u.jail, u.jail_reason, u.fedjail, u.user_level, u.gender, u.daysold, u.signedup, u.gang, u.donatordays, u.email, u.display_pic, u.duties, u.staffnotes, u.hospreason, u.lastip_login, u.lastip_signup, u.last_login, u.friend_count, u.enemy_count, c.cityid, c.cityname, h.hID, h.hWILL, g.gangID, g.gangNAME, f.fed_userid, f.fed_days, f.fed_jailedby, f.fed_reason " . "FROM users u " . "LEFT JOIN cities c " . "ON u.location=c.cityid " . "LEFT JOIN houses h " . "ON u.maxwill=h.hWILL " . "LEFT JOIN gangs g " . "ON g.gangID=u.gang " . "LEFT JOIN fedjail f " . "ON f.fed_userid=u.userid " . "WHERE u.userid=('%u')", $_GET['u']);   that is the SQL now considering i think your saying you changed gangID and so on in gangs table to factionID, and maybe gang to faction in users database i would say try editing the SQL to fit that?

I don't openly discuss my prices due to respecting the privacy of the Customers, it's no one Else's business in my eyes what they pay for peace of mind. Personally i ask for private messages it's a bit more formal. No disrespect intended to anyone here it's just my personal view on things and thank you for the reference there Immortal. Due to the Prices posted i would like to specify with my work i charge by the hour and normally depends on many factors so a base or Quote could easily be mistaken as false advertising. I therefore cannot make a Quote till all unknown Variables are taken into account. PM me jon182

this maybe a stupid question but do you have a default city? ID 1 preferably

You also can't post it if you have proof unless you are special like the people who post other people are hackers, but when i post something with substantial evidence it's a different story. Sorry flash back to old CE

$select = sprintf("SELECT cb.`cb_money`, u.`username`, `level`, `hp`, `maxhp`, `location`, `hospital`, `jail`, c.`npcid`, `userid`, cy.`cityname` FROM `challengebots` maybe better, this could error i didn't test it but considering all the combined tables * is definitely a bad idea. also... $get = sprintf("SELECT count(*) FROM challengesbeaten WHERE npcid=%u",$v); come on specify a column atleast i know maybe it doesn't help but it looks better, also the use of `` isn't such a bad idea on tables columns and so forth. say for example, you have a table which contains a column called asc or desc then it's obvious it would error ie: [mysql]SELECT desc FROM table[/mysql] [mysql]UPDATE table SET desc=1[/mysql] [mysql]DELETE FROM table WHERE desc=1[/mysql] The above would fail. [mysql]SELECT `desc` FROM `table`[/mysql] [mysql]UPDATE `table` SET `desc`=1[/mysql] [mysql]DELETE FROM `table` WHERE `desc`=1[/mysql] The above would not fail. I really do have to ask, what is so insecure about the original Battle Tent.

i'm sure if you want it done properly you could get someone well known to do it, Hello :P PM me if your interested

Find line 159 paste whats in it and maybe we can help mate.

Danny not the best advice mate, Ben your improving i can say that but i still think ADMINs should add a Learning scripts section somewhere for these. like Test mods till they are at least worthy of this section (no offense intended) - I'm sure you wouldn't want someones game getting hacked over your mod?

http://www.crimgame.com They should really have a category for learning scripts so people don't add these things to their site

CrimGame.com   lmao lmao lmao Liked that one eh Alan:)

CrimGame.com Interesting mod, very basic i must admit but so did you on the first post. This i wouldn't call a usable mod just maybe one for learners to view.

is there not a post for the mod? if so why do a new thread?

why not direct them to Haunted Dawgs "8 lines to secure all known exploits" post lol

i don't know how to input urls into my address bar so how would i find that, should i Google it?

Best idea paste the following into your address bar and add whatever you want to search where it says blank http://www.google.co.uk/search?q=blank

Danny696, GAH i can't take it anymore change to: global $_CONFIG; $db->query("DROP DATABASE `".$_CONFIG['database']."`"); By the way i wouldn't use that lol