Jump to content
MakeWebGames

Site Hacked

MNG

By MNG
in GRPG Support

 Share

Recommended Posts

MNG Collaborator

MNG

Posted
Posted

Not sure if you guys know the person name "MrAshly"

But this person hasn't did any sql injection from sending points or anything,

They have a way to access other accounts.

Do anyone know how to prevent this.

I could post Header,login and register. If needed but I sort of need help with this ASAP

Link to comment
Share on other sites
sniko Apprentice

sniko

Posted
Posted

SHA-512 is a cryptographic hash function. Cryptographic hash functions are one way - so you're safe (at least for the actual raw passwords, unless MrAshly has a super-computer, or NSA's help, which I doubt.) - so you could force a password reset via the e-mail players signed up with, assuming they're not fake e-mails.

He's probably just session stealing - hopefully, as this is a somewhat easy exploit to fix.

May I have a game link so I can test my theory?

With regards to hashing existing passwords with SHA-512, you'd have to deploy some routine to md5 encrypt, then SHA-512 on certain passwords - which isn't hard to do.

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

You will need to force the users to change there password on login into the new format, on login detect if they have an md5 pass, then take them to the account page, don't let them do anything else.

Make sure you change the change password to suit the sha512

EDIT: Sniko beat me to it

Link to comment
Share on other sites
sniko Apprentice

sniko

Posted
Posted
You will need to force the users to change there password on login into the new format, on login detect if they have an md5 pass, then take them to the account page, don't let them do anything else.

Make sure you change the change password to suit the sha512

EDIT: Sniko beat me to it

If he has access to their game accounts, he will have the power to render their account useless, as he will be welcome to the password change screen. Best way is to make use of the e-mail address they signed up with.

Link to comment
Share on other sites
Lithium Apprentice

Lithium

Posted
Posted

I actually think everyone gets what deserves. A quick look to your posts, a quick look throughout the forums and you would have seen that plain text passwords are simply dumb, even more on an engine full with security holes everywhere. The rush to publish a game, with such a thing happening just 48 hours after launch... A game voted to fail. Sorry if this sounds harsh but its reality.

Link to comment
Share on other sites
MNG Collaborator

MNG

Posted
  • Author
Posted
I actually think everyone gets what deserves. A quick look to your posts, a quick look throughout the forums and you would have seen that plain text passwords are simply dumb, even more on an engine full with security holes everywhere. The rush to publish a game, with such a thing happening just 48 hours after launch... A game voted to fail. Sorry if this sounds harsh but its reality.

I have been working on it for 3 months now and just published it.

Link to comment
Share on other sites
dnenb Newbie

dnenb

Posted
Posted
Exactly as I said... In a rush!

Are you saying that's rushing things for a browser game? I disagree. Launch the game as soon as you can. The issues that arise will make you get to fixing them fast, and you'll learn something new every time. As a new developer you can't possibly read up on every single mistake you might make.

http://www.codinghorror.com/blog/2009/12/version-1-sucks-but-ship-it-anyway.html

If I misunderstood: Sorry. But that link is still worth reading.

Link to comment
Share on other sites
Seker Newbie

Seker

Posted
Posted

Not to mention, a subject like "too soon" is very subjective.

I get the feeling this guy isn't the most experienced. However, you or I do not actually know this.

You never have any idea how long it will take one person to the next to do a certain task.

Just because one project may take one developer a year plus to finish does not mean it will take another developer the same amount of time to complete a different project.

It's silliness and there's no reason for that line of thinking.

Link to comment
Share on other sites
Lithium Apprentice

Lithium

Posted
Posted
Not to mention, a subject like "too soon" is very subjective.

I get the feeling this guy isn't the most experienced. However, you or I do not actually know this.

You never have any idea how long it will take one person to the next to do a certain task.

Just because one project may take one developer a year plus to finish does not mean it will take another developer the same amount of time to complete a different project.

It's silliness and there's no reason for that line of thinking.

I can agree with this point of view, but looking just a bit for previous MNG's posts, not hard to find that experience... is not his strong. Also, an experienced developer, does take their time, not 3 month even. And my line of thinking, may be wrong, though all through the years, I have seen this too many times, and usually... "rushed" games are voted to fail, mostly for the initial rush and the lack of experience to solve problems.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...