Jump to content
MakeWebGames

Hacker

radio_active

By radio_active
in General Discussion

 Share

Recommended Posts

Tezza` Newbie

Tezza`

Posted
Posted

Re: Hacker

 

I would also like to request code which means you cannot remove ID 1 from admin. I believe its just a query but i cannot write it seen as im on a german keyboard which does not have square brackets.

this would be silly, as if your where to be hacked again... they would be able to do as much damage as they want....

your best approach would be to lock your ip either for your account.. or for the admin panel.... meaning only YOUR ip (computer / household) can go on either id 1's account or the admin panel.

Link to comment
Share on other sites
radio_active Newbie

radio_active

Posted
  • Author
Posted

Re: Hacker

That would mean i will most likely be having to validate my account by email every time i login or everyday, i have removed the forums and i will either use phpbb3 external or floydian if he will sell me a copy.

After all it was not my account that was hacked but ID 2, so thats why i wanted it so i cannot be removed or demoted by staff as its just a hassle having to go t phpmyadmin when you dont have your laptop and give a little "update users set user_level=2 where userid=1" if it is hacked. Hopefully not again though.

Link to comment
Share on other sites
Tezza` Newbie

Tezza`

Posted
Posted

Re: Hacker

 

That would mean i will most likely be having to validate my account by email every time i login or everyday, i have removed the forums and i will either use phpbb3 external or floydian if he will sell me a copy.

 

why do you mind....

if it kept my game secure i would login to validate everytime i logged in.

Link to comment
Share on other sites
Floydian Newbie

Floydian

Posted
Posted

Re: Hacker

adding phpbb3 to an existing game would be difficult.

just take the password that needs to be stored in the phpbb users table. it uses a different hash than mccodes and since I wouldn't have a list of passwords for all your users (since presumably you have them stored as a hash only), I wouldn't be able to automatically set up your existing users with accounts.

You could automatically log them into the forum, but they wouldn't ever be able to login to the forum by itself, and they wouldn't be able to change their password on the forum (since they wouldn't know it).

Thus, you're only viable option would be to force existing users to sign up to the forum and then link their accounts to the game account. Not a pretty picture.

So, I don't think I'd be taking on that job without sufficient pay (more than $100 USD for sure).

Link to comment
Share on other sites
radio_active Newbie

radio_active

Posted
  • Author
Posted

Re: Hacker

 

adding phpbb3 to an existing game would be difficult.

just take the password that needs to be stored in the phpbb users table. it uses a different hash than mccodes and since I wouldn't have a list of passwords for all your users (since presumably you have them stored as a hash only), I wouldn't be able to automatically set up your existing users with accounts.

You could automatically log them into the forum, but they wouldn't ever be able to login to the forum by itself, and they wouldn't be able to change their password on the forum (since they wouldn't know it).

Thus, you're only viable option would be to force existing users to sign up to the forum and then link their accounts to the game account. Not a pretty picture.

So, I don't think I'd be taking on that job without sufficient pay (more than $100 USD for sure).

Im not actually re-questing anythng here, lol. If i was to add a phpbb3 forum as i have done before i have no intention to get users signed up and have all who sign up to the game automatically get an account, it would simply be if you want your opinion put down you sign up and post away.

 

"Password protect your staff panels..."

any clue on how i approach on doing that, any one

his name is Fahim Miah ([email protected]) aka [email protected] he tried it on mine as well

but i dont have a secound person as admin but still he came in as a normal user then added a announcement Get Help @ [email protected]

Yes i got him off the site before he could do any damage, all he did was post an announment and gave everyone 2.147bil crystals, money and ddays which is a simple fix really, especially if you have backup. So i used the cpanel's IP Deny manager.

Floydian, what i posted was about the in game forum code that you made for Cove of Pirates. :-)

Link to comment
Share on other sites
AlabamaHit Newbie

AlabamaHit

Posted
Posted

Re: Hacker

use your Database.....find the IP of the person logined in on ID 1...Make sure its not yoru IP....if its not...Use you cPanel IP Ban That IP

Now go into users and chage the password back...

just make up a work.say use password for your password..

its md5 so you have to hash , it, simple,

google md5 has, find a sign to give you the hash the word password..

Now you have your passsword back, AND the hacker is IP banned.

If the user name is changed, just change it in th cPanel.

 

Now with that said....STOP MAKING GAMES WITHOUT PROTECTION

Secure yourself BEFORE you release the game...No game is released fast..

If you bought the codes, and released the game in less than a week, you WILL get hacked...cause you have not had time to code your game....Just take your time and secure it,

DONT ASK HERE HOW...

Search the Forums there are tutorials....if you ask here you will get called a moron and told to use the search feature.

Link to comment
Share on other sites
radio_active Newbie

radio_active

Posted
  • Author
Posted

Re: Hacker

If you can login to your account and your not staff use this in the SQL in the DB.

update users set user_level=2 where userid=1

else if you cannot login, make a new account and do the same SQL only changing the 1 (userid) to the number of the new account.

If he credited everyone money and crystals use this

update users set money=10000;

update users set crystals=2

That should hellp

Link to comment
Share on other sites
Floydian Newbie

Floydian

Posted
Posted

Re: Hacker

 

Im not actually re-questing anythng here, lol. If i was to add a phpbb3 forum as i have done before i have no intention to get users signed up and have all who sign up to the game automatically get an account, it would simply be if you want your opinion put down you sign up and post away.

My point wasn't to "sell services", but rather a simple comparision. I.e., if I wouldn't do a job for $100, then it must be a hard job to do.

Make sense? ;)

 

I can't really comment on all the hacking going on. If I did, I would sound like I'm being harsh.

I.e., it might go something like this ----

There are two sorts of folks that routinely fall victim to hacking. Naturally I am talking about people that run games based on mccodes. Now the two types of mccodes game owners that fall victim to hacking on a regular basis are the ones that can't code and want other people to write up solutions for them pro bono. And then there's the folks that either can't code or are poor programmers that don't have the funds necessary to pay someone to secure their site.

There is no "catch all" solution that prevents hacking. Remember, the Pentagon is hacked on a daily basis. So obviously, you simply can't prevent it all. Password protection? How about a brute force attack. Sessions, how about session fixation attacks. Oh, you're on a shared server, then your temp files containing tons of information like session ids are voulnerable to any of the 1000's of folks sharing your shared host.

Ah, so you've figured out how to prevent all of those. Have you gone through every script and every file on your game and have you understood completely what the code there is doing? If you haven't, then you haven't even begun to secure your game.

mccodes was and still is full of security wholes. Dabom just didn't know squat about secure programming methods. Just consider the fact that dbs2 requires magic quotes, or it dies. lol that's beyond laughable.

 

So, folks use a hellaciously insecure platform and are amazed when they find out they get hacked over and over again. Folks pick up free scripts and are amazed that the person that made the free script wasn't too concerned about the quality of the code.

 

There really isn't anything one can say to help here because the only viable solution for folks that lack the necessary programming skils and/or the funds to pay for the services of someone that does have those skills is to tell them to try and plug a boat with more holes than swiss cheese with a rubber stopper.

 

But if I said that, folks would think I'm being harsh. And in reality, I sympathize with the hobbyists that run games in their time off from school, or whatever the case may be, who have trouble with the azzholes that go around trying to see if the same old hacks that worked on the last mccodes game works on the next one.

I sympathize with the fact that hobbyists aren't going to be able to afford a professional solution to their problems and aren't likely to posses the necessary skills to solve it themselves.

The best advice I can offer the hobbyists out there, is learn how to run a MySQL query.

If you can do something like this:

update users set user_level = 2 where userid = 1

Then you never have to worry about being dethroned from your staffly dais and not being able to regain your former position.

 

Learn how to use do something like:

update users set password = "gobbledygook" where userid = someone to perma ban

Useful when you are locked out of your staff panel and you just want to lock someone out of the game by preventing them from being able to log in.

If you had databased sessions, you could even log them out using

 

delete from sessions where userid = someone to log out

 

And if you're royally pissed, log them all out

 

truncate sessions

lmao

 

And if you're feeling generous,

update users set money = money + 9999999999

 

Learn your MySQL. If you can't be bothered to learn anything else, learn how to run a few queries. All the power is held in the query. Period.

Link to comment
Share on other sites
Hash-Op Newbie

Hash-Op

Posted
Posted

Re: Hacker

 

"Password protect your staff panels..."

any clue on how i approach on doing that, any one

his name is Fahim Miah ([email protected]) aka [email protected] he tried it on mine as well

but i dont have a secound person as admin but still he came in as a normal user then added a announcement Get Help @ [email protected]

 

to get this correct his name is Kevin

Yss his name is Kevin, not Fahim Miah

And I know Kevin

He's some guy I had to deal with about a year ago, he's alright once you get to know him.

Anyways, stop being a jerk

I've talked to him right now, and he left a warning on your staff notepad, written from your user account.

 

Kraftyz e-eh-echoless says: I lft him a big warning about an hour before my launch bro. He was online then so were other staff, ther just priks tbh. I told them I'm in and they should contct me quik to get help, or I'l jus attack coz am not in a good mood init

Hanif says: Ah..good job then.

I blame YOU for not checking your notepad when you were clearly online, so were other staff!

Kevin doesn't go around harming, without a warning, and by the looks of it, he has given a warning.

And also, it wasn't via the forums. He has no damn idea how to get through to it by the forum, he uses 'other' methods.

Anyways, nice to see your all back up and running.

Link to comment
Share on other sites
  • 2 weeks later...
Becon Newbie

Becon

Posted
Posted

Re: Hacker

I dont know if it helps or not but when I made my game...there are admins....and I made myself an OWNER account which was kinda like admin used to be but I limited everyone else. But since Im the only OWNER account...all the admins cant do squat to me. Then again Im sure some hacker can still get me some how. Thats what they do.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...