noddy Posted November 1, 2009 Posted November 1, 2009 hey, well the owner of the site i help out on, found a spammer, so he put him in jail, and as soon as that happened, our whole site went down with the error "FATAL ERROR: Could not connect to database on localhost (Access denied for user 'krakisgod'@'localhost' (using password: YES))" , now i gather someone called krakisgod tried getting into our database, but is there anyway to turn off this error, as players cant play the game, if anyone could add me on msn, thatd be great, [email protected] . Quote
Joshua Posted November 1, 2009 Posted November 1, 2009 (Access denied for user 'krakisgod'@'localhost' (using password: YES))" Someone connected to your Cpanel and changed the password. If Cpanel password is changed, it won't connect to your game. That or you changed it and didnt update your config file :p Quote
noddy Posted November 1, 2009 Author Posted November 1, 2009 password hasnt been changed, i still login with the same, so you say it may be in the config file? ill go take a look and update with what i find Quote
Joshua Posted November 1, 2009 Posted November 1, 2009 It is possible you have had a shell uploaded and someone tinkered with your config file. Did you do any updates and add a differant config file perhaps? Check the password in your config and make sure it matches your cpanel, then change them both to be safe. Quote
Joshua Posted November 1, 2009 Posted November 1, 2009 It may also be possible your site was re-directed to another site that is having problems, check the URL and report back ;) Quote
noddy Posted November 1, 2009 Author Posted November 1, 2009 yep, our config files been messed with, anyone know how they got in? cause they didnt get the cpanel pasword Quote
Joshua Posted November 1, 2009 Posted November 1, 2009 Though I'm not 100% sure on where to locate it, It is entirely possible someone uploaded a Shell to your file manager. Quote
noddy Posted November 1, 2009 Author Posted November 1, 2009 and how would i fix that? btw , could an sql inject be used to get our admins to do it without them knowing, as the head admin says he did click on his profile, and i have yet to secure our display pic Quote
Joshua Posted November 1, 2009 Posted November 1, 2009 Squared Player Reports away, now onto your Preferances :-) Quote
Haunted Dawg Posted November 2, 2009 Posted November 2, 2009 might wanna check if installer.php has been deleted first? Quote
noddy Posted November 2, 2009 Author Posted November 2, 2009 +1 for kyle xd yeah it was that, immortals helping me secure stuff now :] Quote
Joshua Posted November 2, 2009 Posted November 2, 2009 Almost good to go, +1 me..oh wait no Rating no more >< :) Quote
CrazyT Posted November 2, 2009 Posted November 2, 2009 might wanna check if installer.php has been deleted first? I was about to say that. You beat me to it. lol Quote
Joshua Posted November 2, 2009 Posted November 2, 2009 Lazy-T dont you have some games you want to go hack? You're probably the one that was in on it ;) UPDATE: There were various files that weren't secured, some have been, some still are open as he had to go for the time being. He had removed his installer.php by the time I signed up and checked it out, but he had it on earlier today, which is the most propable cause of the hack. PEOPLE---REMOVE your installer :\ Secure your Inputs Quote
seanybob Posted November 2, 2009 Posted November 2, 2009 He had removed his installer.php by the time I signed up and checked it out, but he had it on earlier today, which is the most propable cause of the hack. It wasn't the most probable - it was the cause of the hack. I know that without looking at his game, just reading through this thread. He didn't mention anything else that the 'hacker' (I use that term lightly) did to his game. His database tables weren't dropped, no extra admins were created, his paypal links weren't changed... just the database information was altered in his config.php. What does installer.php do? It just alters the database information in his config.php. You got lucky, this was an easy fix. It could have been much, much worse. Especially if (as I would presume) you don't make daily backups of your database. :) Quote
Strats Posted November 2, 2009 Posted November 2, 2009 Installer.php is the most easiest way to mess up a game. It does not ask for passwords and it is not a hack. Quote
Joshua Posted November 3, 2009 Posted November 3, 2009 Unfortunately his entire game is leaky, pref, preport, breport, forums, etc the list goes on Helping him get some fixes down so it won't happen again easily. Funny story to this---Was testing his game for loop holes when he was logged on and we were testing everything So used a few meta tag hack re-directs to see if they'd work They did, so we started repairing. Well, he never removed the re-directs so certain parts of his site were re-directing to mine, now his "assistant" who is unaware of the situation, thinks I am hacking his game and starts spamming on mine :P This will be fun when the owner logs back on :P Giving free help and get spammed on my forums >< Quote
noddy Posted November 3, 2009 Author Posted November 3, 2009 yeah sorry :/ had some coursework to do and it would seem he wasnt aware of the situation xD, sorry about that lol. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.