Jesse60905 Posted July 14, 2007 Share Posted July 14, 2007 I ned help desperately. I can't pay anyone until the end of the month so I need to know a temp fix or someone that will fix it and will trust me to pay him/her later. I need protection against MySql injections. I got the IP of the hacker but he may of been using a proxy. 142.176.57.62. If someone could post back on a price or to do it for free (either way Idc...). However if I know/think you aren't legit I will not accept your offer =/. Also the main thing I need help with is passwords (the hacker got mine and caused havoc) Quote Link to comment Share on other sites More sharing options...
Jesse60905 Posted July 14, 2007 Author Share Posted July 14, 2007 Re: Mysql Injections Also if you don't trust me enough to fix it now (personally I wouldn't trust myself becasue I just joined this forum a few months ago) then if you possibly just give me a temp fix for passwords until I can pay for a 100% bug fix? Thank you. Quote Link to comment Share on other sites More sharing options...
RecklessCounty Posted July 14, 2007 Share Posted July 14, 2007 Re: Mysql Injections Don't use such a common password because md5 can't be reversed but there are md5 databases that have the md5 hash for common passwords, also add salt to the md5 that way hackers can't get it Quote Link to comment Share on other sites More sharing options...
Jesse60905 Posted July 14, 2007 Author Share Posted July 14, 2007 Re: Mysql Injections Ok well I did find a site that can find passes for free and it does work. As for adding salt to the MD5... Huh...? I know what the MD5 is (the encryption for the passwords) but salt...? Isn't that a condiment...? Sorry I'm a noob (still trying to learn...) Quote Link to comment Share on other sites More sharing options...
Jesse60905 Posted July 14, 2007 Author Share Posted July 14, 2007 Re: Mysql Injections Also my password is a series of binary numbers. I can say it out loud and no-one can figure it out. Quote Link to comment Share on other sites More sharing options...
RecklessCounty Posted July 14, 2007 Share Posted July 14, 2007 Re: Mysql Injections binary numbers can be converted before being cracked Quote Link to comment Share on other sites More sharing options...
Jesse60905 Posted July 14, 2007 Author Share Posted July 14, 2007 Re: Mysql Injections I won't give any more details about my pass but could someone please help...? Quote Link to comment Share on other sites More sharing options...
Michael Posted July 14, 2007 Share Posted July 14, 2007 Re: Mysql Injections In the DB user's [asses are displayed as numbers and letters, when a user loses password and asks me to get it i go to a MD5 decrypter to get there pass back, maybe they accessed ya DB and did it that way. Upgrade ya host to IP specific so it only lets you in thats what i did after iw as hacked Quote Link to comment Share on other sites More sharing options...
seanybob Posted July 14, 2007 Share Posted July 14, 2007 Re: Mysql Injections [asses are displayed as numbers and letters really now? o.0 Quote Link to comment Share on other sites More sharing options...
Jesse60905 Posted July 14, 2007 Author Share Posted July 14, 2007 Re: Mysql Injections He is hacking through MySql injections. I know that because he just got done doing it again. I had to fed everyone except my best admin to fix it. I have an idea of how to fix it tho... Quote Link to comment Share on other sites More sharing options...
Michael Posted July 14, 2007 Share Posted July 14, 2007 Re: Mysql Injections [asses are displayed as numbers and letters really now? o.0 Haha typo.. Quote Link to comment Share on other sites More sharing options...
Michael Posted July 14, 2007 Share Posted July 14, 2007 Re: Mysql Injections when a user loses password and asks me to get it i go to a MD5 decrypter to get there pass back. So MD5 remains uncracked to this day but you have a decrypter? :roll: Huh ? I dont get ya, I go to a site and get them decypted Quote Link to comment Share on other sites More sharing options...
Decepti0n Posted July 14, 2007 Share Posted July 14, 2007 Re: Mysql Injections you dont get them decrypted it just looks in a huge database of already known hashes to find the one that matches Quote Link to comment Share on other sites More sharing options...
Michael Posted July 14, 2007 Share Posted July 14, 2007 Re: Mysql Injections you dont get them decrypted it just looks in a huge database of already known hashes to find the one that matches But sometimes it doesnt yield a result and then you can pay $3 to get it Quote Link to comment Share on other sites More sharing options...
Matty Posted July 14, 2007 Share Posted July 14, 2007 Re: Mysql Injections But sometimes it doesnt yield a result and then you can pay $3 to get it Thats sounds like a scam TBH... You cant crack MD5 you can get a big ass chart and compare but im not sure that 100% totally works for md5 anyways... All these deycrtpter sites are just huge databased of md5 hashes, hence if you put something really complex in it wont find it. Also my password is a series of binary numbers. I can say it out loud and no-one can figure it out. Very bad... A good strong password consists of Not a dictionary word, perhaps not even a word... A good length MUST CONTAIN - Upper and lower case letter mixed, numbers and a few symbols. He is hacking through MySql injections. I know that because he just got done doing it again. I had to fed everyone except my best admin to fix it. I have an idea of how to fix it tho... It could be anything, there is no fix... He may be using javascript to gain access to session varibles. He may of found an exploit to upload his own files? who knows, but saying its deffintely SQL injection isnt good. My advice to you is make sure your using mysql_real_escape_string on anything user inputted this will escape all the data , thus making it safe. If you have the magic quotes thing on then you would need to use add slashes first so you dont escape it twice... Do that on ANYTHING user inputted and you should be okay from SQL injections... Take a look at this post, its a really good explaination and a good starting point... Sorry for my bad spelling and puncuation, its past my bed time =) Quote Link to comment Share on other sites More sharing options...
seanybob Posted July 14, 2007 Share Posted July 14, 2007 Re: Mysql Injections you dont get them decrypted it just looks in a huge database of already known hashes to find the one that matches But sometimes it doesnt yield a result and then you can pay $3 to get it Interesting... I'm sure the $3 isn't a guarentee though. Best they can do is use rainbow tables, and still it would leave a huge portion of unchecked possibilities. However... I could see how it *might* work for your game. My suggestion would just be making your own encryptor. Quote Link to comment Share on other sites More sharing options...
Jesse60905 Posted July 15, 2007 Author Share Posted July 15, 2007 Re: Mysql Injections Well luckily I got help elsewhere =/ Quote Link to comment Share on other sites More sharing options...
Jesse60905 Posted July 15, 2007 Author Share Posted July 15, 2007 Re: Mysql Injections Scratch that. Hack3rmatt gave me something solid to go on. Thanks =) **EDIT** I know he was using MySql injections because he found out my MSN and IM'ed me saying that he knew them and bla, bla, bla... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.