Jump to content
MakeWebGames

sercuity for a game [MCC V2]

morgan1122

By morgan1122
in Requests

 Share

Recommended Posts

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Joshua Newbie

Joshua

Posted
Posted

Meh until his darn server Un-IP bans me I can't finish securing his site.

Tried logging on the other day 2-3 times and he had changed his cpanel password so the old guy he had securing it couldnt access it.

But, I guess do to failed log-in attempts, my IP was banned in the process.

To kick it off, No proxies I use will let me edit any of his files >,<

Link to comment
Share on other sites
Joshua Newbie

Joshua

Posted
Posted

Being as I was altering a lot of the Database and majority of files, as well as he didnt have a problem with it I see no issue

But that being said, because of the now IP ban, I can't even use filezilla to access the site, just get a connection time out.

The odd thing is, I've had this problem in the past with my own servers, however the ban is usually only a few hours and this one is going on a few days.

Link to comment
Share on other sites
rulerofzu Newbie

rulerofzu

Posted
Posted

I agree with DJK why are you even asking for cpanel access? You do not require it to secure files.

Why are you also using proxies??

FTP access at most and that would not be blocked by the cpanel brute force routine. Unless this is a ldf firewall issue which is probably unlikely as you have to pay extra for that service

Link to comment
Share on other sites
Joshua Newbie

Joshua

Posted
Posted

I think you guys are both missing the obvious ;-)

 

When we discussed security etc I was given login information directly via cpanel. It wasnt an FTP login. Which i've done a million times in the past, and frankly it's easier to go straight through filemanager and phpmyadmin when altering the database and files.

We worked out a payment arrangement as he couldn't pay all up front and being his predicament I understood and told him i'd work on it leisurely on a payment plan more or less.

 

I worked on it a few hours for 2 days, the 3rd day the cpanel password was changed. I simply thought i typed it in wrong, tried again, and it failed a 2nd time.

So i went to my logs, copy/pasted the info and tried again. Then i couldn't connect to the site anymore, so 3 invalid attempts = permanent IP ban ?

 

Anywho, being as I should be done with it by now, but am not due to the IP ban, I tried logging in via a Proxy just so I could finish up only to discover that just about any proxy I use only gets me so far and i still can't complete the job. I had him file a support request to his host a day or so ago to try and speed up the process so i can finish

I hope that sheds some form of light on the situation, it's more between me and him, but I seen that someone wanted to have his url so they could test the job i've done and well, i'm not done! >,<

Edit:

The majority of his site is done, however he was altering/re-adding some files/modifications while I was in the process of securing the files and one of them was the viewuser.php file, which i now need to go back over.

Plus i promised him to fix a few bugs he had with some of his scripts that I haven't been able to do and that's something I said I would.

So again, not done

Link to comment
Share on other sites
Joshua Newbie

Joshua

Posted
Posted

Ruler, I tend to alter the database a bit to make each security job unique and that little extra kick, ESPECIALLY when I have nothing else to do.

Not to mention when adding certain things, it's easier to have phpmyadmin direct access rather than the FTP wouldn't you agree?

I've done jobs both ways, one is easier. I didn't request the cpanel, that's just the info that was given to me and I worked off of it.

But again, Now my IP must be blocked because even my FTP won't connect.

I can login to the site cpanel only via a proxy, however when I go to file manager to modify files, the page just goes blank and I see no files.

Royal pain in the butt to be honest.

Link to comment
Share on other sites
Dominion Newbie

Dominion

Posted
Posted
Ruler, I tend to alter the database a bit to make each security job unique and that little extra kick, ESPECIALLY when I have nothing else to do.

Not to mention when adding certain things, it's easier to have phpmyadmin direct access rather than the FTP wouldn't you agree?

Why could the user not just hand a backup over, and you do it on something like wamp? If it's not secure the site should not be up anyway so not an issue with downtime...

Would rather do that then allow someone to see everything on my account. :whistling:

Link to comment
Share on other sites
Paul Evans Newbie

Paul Evans

Posted
Posted

OMFG are you a idiot Joshua think about this your logging into a cpanel with a web proxie?

WOW now i thought some people were stupid but you just won the NEWB of the year award for that.

you do know you can edit anything in SQL via code right... no need for myphpadmin...

Why even edit the SQL? if you secure it properly it doesn't matter about changing sql or moving staff files and i means /StaffFiles/staff.php oh hard... it just shows that you think it will be exploited in the future... i stopped moving them because i know if i secure a site the code i did won't be exploited.

Link to comment
Share on other sites
Dominion Newbie

Dominion

Posted
Posted

phpmyadmin is an easier way...from what you're saying Paul I assume you mean upload a file that does the sql for you? Pointless in my opinion...

write file => upload file => run file => delete file (if you have not used unlink() )

OR

load phpmyadmin leave it on “sql” tab...

Link to comment
Share on other sites
Paul Evans Newbie

Paul Evans

Posted
Posted

if you have no access to myphpadmin then... what i said would be a solution lol way better than trying to access cpanel with a web proxie, normally when securing stuff you only need to edit what a single column like userpass => password just to mess with the wanna be hackers a bit

not difficult via code [mysql]ALTER TABLE `users` CHANGE `userpass` `password` varchar(32) NOT NULL DEFAULT ''[/mysql] Oh i mean wow that is just so difficult... then use notepad++ to edit userpass => password i mean it ain't rocket science.

Link to comment
Share on other sites
Dominion Newbie

Dominion

Posted
Posted
To kick it off, No proxies I use will let me edit any of his files >,<

 

But that being said, because of the now IP ban, I can't even use filezilla to access the site, just get a connection time out.

How is he going to upload files to do the query updates...

My point was using phpmyadmin does not make someone a noob...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...