mxyi Posted July 14, 2010 Share Posted July 14, 2010 hello all! recently i found a person on my game called Major561 or somthing and i caught him with 2147m (max for normal int) wich would take frigin ages to get also he had 1.5b crystals.. i deleted them and banned him but how do i stop this from happening again?! also how do i ip ban people? thanks dudes also im the only one with access to the phpmyadmin no staff actions from it in the staff panel so it must be sql injection Quote Link to comment Share on other sites More sharing options...
Dayo Posted July 14, 2010 Share Posted July 14, 2010 im not to big on hacking but any unsecure user input can be hacked to do this (all/most user input for mccodes) you will have to go throgh ALL your scripts and secure them Quote Link to comment Share on other sites More sharing options...
rulerofzu Posted July 14, 2010 Share Posted July 14, 2010 All $_GET and $_POST should be secured. Remove any $_SERVER['PHP_SELF'] There is a lot of places it could be a problem. If you do not know what your doing there is recommended coders on here that will charge a fee to go through your scripts and sort it out. Quote Link to comment Share on other sites More sharing options...
bladewolf2010 Posted July 14, 2010 Share Posted July 14, 2010 KcMajor? XD he did it from the cmarket i'm going to guess Quote Link to comment Share on other sites More sharing options...
Paddy Posted July 14, 2010 Share Posted July 14, 2010 Please note: this is not a fix. it just helps you get the user auto jailed so if you are not online his / her money or crystals can not be stolen or used/transferred use this till you get your site sorted out and secured then remove add this code to your header if($ir['money'] > 2700000000 OR $ir['crystals'] > 60000 AND $ir['userid'] != 1 AND $ir['userid'] != 2) { die("<table> <td class='your class'> Under investigation!!!</td></table> <font color='#ffffff'>You have over $2.700,000,000 in cash OR 60.000 in crystals, Your account is under investigation.Please mail Admin on [email][email protected][/email]</font>"); mysql_query("UPDATE users SET fedjail=1000 WHERE userid={$ir['userid']}"); } Quote Link to comment Share on other sites More sharing options...
Jordan Palmer Posted July 14, 2010 Share Posted July 14, 2010 Paddy, You're ''help'' is wrong as you'd also need to insert into the fedjail log's. I'd also say You should sent some event to staff informing them off the Cheating person :] Quote Link to comment Share on other sites More sharing options...
Dayo Posted July 14, 2010 Share Posted July 14, 2010 plus if i hacked would just re resister then set my money to 2699999999 ... bank it then do it again plus some games rely on large ammounts of money using bigint but your way would help stop script kiddies, maby IP banning them would stop the re resestering or setting a session then checking for the session registration Quote Link to comment Share on other sites More sharing options...
Paddy Posted July 14, 2010 Share Posted July 14, 2010 this is to be used for a day or 2 till site is fixed, so that you dont have to reset, ive seen games that had to reset cos the hacker giving users money - crystals or getting mugged, this usually happens when admin is fast asleep and no staff online so yes it is a good script to use to start with. As stated in my first post "use this till you get your site sorted out and secured then remove" so that will answer the bigint pointed out, it is not to be used as secured but as a temporary security Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted July 14, 2010 Share Posted July 14, 2010 It's not a bad temp protection till sorting out. Quote Link to comment Share on other sites More sharing options...
layto Posted September 7, 2010 Share Posted September 7, 2010 . Does anyone have the sql injection so i can test my game to see? PM If you do thanks Quote Link to comment Share on other sites More sharing options...
Dayo Posted September 7, 2010 Share Posted September 7, 2010 Does anyone have the sql injection so i can test my game to see? PM If you do thanks LOL no 1 will send you an sql injection you can ask people like eternal/crazy-t to test the site for you (just a few examples of people they may not actuly do it) but as i said no1 will send you the sql injection as you could be some newb who would go around hacking sites Quote Link to comment Share on other sites More sharing options...
Dave Posted September 7, 2010 Share Posted September 7, 2010 Does anyone have the sql injection so i can test my game to see? PM If you do thanks That's what they all say.. I'd remove your post before you get majorly flamed on. Everyone knows your motive and why you wan't the code. Edit: DAMN YOU DAYO D: Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted September 7, 2010 Share Posted September 7, 2010 Does anyone have the sql injection so i can test my game to see? PM If you do thanksEveryone knows your motive and why you wan't the code. Not everyone want's the SQL Injection for that purpose! Quote Link to comment Share on other sites More sharing options...
Dayo Posted September 7, 2010 Share Posted September 7, 2010 but 905 of people do, like i said just get some one to do it for you that way there are a not as many people who know how to do it Quote Link to comment Share on other sites More sharing options...
Dominion Posted September 7, 2010 Share Posted September 7, 2010 no ones going to help you on here, however google it and there not hard to find. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.