IP hack secure - fixed

[DELETE ME NOW!]

All theses topics are pissing me of so much, so im posting a fix, i know theres loads but its fu**ing pissing me off.

Header.php

Replace the $IP with

$IP = mysql_real_escape_string($_SERVER['REMOTE_ADRR']);

Close Save!

Open Global_func.php

Find function stafflog_add();

Find $IP

Replace with

$IP = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);

Close save!

Open register!

Find $IP

replace with

$IP = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);

close save!

Authenticate.php

Find $IP

Replace with

$IP = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);

close save!

Done simple! no do it and stop moaning and doing everyones head in moaning "Someones hacked my game someone help plzzzzzzzzzzzzzz" :S

[Strats]

Re: IP hack secure - fixed

It's nice you have done this.

Has it been fully tested?

There's no need to be an ass is there?

I had my game for about a week, I am am still learning.

Before I opened it I looked on here and added all these so called secure codes.

And I have had other members from here take at look at some other my files and say that they are secure, but

I got hacked the other night and lost pretty much my whole game as I had done it all in one day.

I did not come on here moaning saying plzzzzzz help.

I came on warned people and offered to pay someone if they could take a look at my game.

So I do not like people complaining about things like this, people who pay for a .com and want to learn about coding and making mods Need to ask for help.

They need the support from others.

I am sure by your large - near your name that you have been a Noob before and asked for help.

Give people a break. :roll:

[DELETE ME NOW!]

Re: IP hack secure - fixed

ok lol, but i aint moaning... i was just saying there thats a way to do it also ive secured the variable..

not like the others.

$IP = $_SERVER['REMOTE_ADDR'];

i done

$IP = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);

done secure.

[Strats]

Re: IP hack secure - fixed

Well I am going to use this.

Will this stop people making themselves admin on games? lol

[DELETE ME NOW!]

Re: IP hack secure - fixed

huh? this is the ip fix secure..

[DELETE ME NOW!]

Re: IP hack secure - fixed

maybe even

$IP = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
if(empty($IP))
{
echo 'You dont have a/an IP so you can\'t play the game!';
$this->endpage();
exit;
}
$blockedIPS = array("127.0.0.1", "blah", "blah1", "Some blocked ips lol");
if(in_array($IP, $blockedIPS))
{
echo 'This IP is blocked from the game';
exit;
}

[Strats]

Re: IP hack secure - fixed

 

maybe even

$IP = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
if(empty($IP))
{
echo 'You dont have a/an IP so you can\'t play the game!';
$this->endpage();
exit;
}
$blockedIPS = array("127.0.0.1", "blah", "blah1", "Some blocked ips lol");
if(in_array($IP, $blockedIPS))
{
echo 'This IP is blocked from the game';
exit;
}

 

 

Where would you put that?

On all the pages you just listed?

[bigm]

Re: IP hack secure - fixed

I tried that and it dont log ips on profiles for staff while using $IP = $_SERVER['REMOTE_ADDR']; seems to work

[POG1]

Re: IP hack secure - fixed

an IP address consists of chars 0-9 and . right, why not just strip/disallow anything not within what you want ;) instead of using mres..

[wolfe]

Re: IP hack secure - fixed

 

All theses topics are pissing me of so much, so im posting a fix, i know theres loads but its fu**ing pissing me off.

 

Done simple! no do it and stop moaning and doing everyones head in moaning "Someones hacked my game someone help plzzzzzzzzzzzzzz" :S

yikes. relax.

if they didnt have this stuff to post about, the place would really be dead.

[DELETE ME NOW!]

Re: IP hack secure - fixed

 

an IP address consists of chars 0-9 and . right, why not just strip/disallow anything not within what you want ;) instead of using mres..

Yeah.... here is some examples....

http://www.regular-expressions.info/examples.html

Then scroll down a bit

[Wickidnezz]

RE: Re: IP hack secure - fixed

 

 

Sunday, April 26th 2009, 2:46pm

by Strats

 

 

Re: IP hack secure - fixed

 

Well I am going to use this.

Will this stop people making themselves admin on games? lol

 

Strats the answer to your question would be yes it will stop that at least the way ive fixed it in my game it does:):)

 

Sunday, April 26th 2009, 2:46pm

by DELETE ME NOW!

 

 

Re: IP hack secure - fixed

 

huh? this is the ip fix secure..

 

uhhh IP Fix is pretty much the same as the hack for users to make them staff :):)

[Uridium]

You could always create an IP block table and add ip's to it from staff panel..

[Karlos94]

This looks like it was simply updating a field in the MySQL database and an abusive user would improve their user level to become part of the game staff.

Why not use some MySQL functions to help counter against it? I mean INET_ATON() and INET_NTOA() is great for storing IP's. With finding useful open source snippets to get a retieve a valid IP can be hard to find, but I have managed to find one on this forum.

[FAQ] How do I retrieve the remote IP of a user

[The Chaotic Banana]

or do what i did :D Get rid of user_level and change it to something that i only know or even for example stafff_level just contributing to your posts thanks

[Karlos94]

or do what i did :D Get rid of user_level and change it to something that i only know or even for example stafff_level just contributing to your posts thanks

I believe your missing the point. You game will still be vunerable to the exploit. If I was you I would completely sort the problem, not just a 'quick' fix where you game can still be exploited. See if you make an error while writing an MySQL query and one of the fields are the user level field, they will be able to see the new field name due to the error. I'd say try sorting the error, not covering it..