This is annoying me, security issues.

[gurpreet]

Ok so my game is www.death-wars.com, and i have no idea how but people who just joined have the best stats and stuff, if someone good at testing security can go to my game and help me I would appreciate it a lot!

1 haloboy08 [1197]

2 ozzy [1196]

3 W&W † Drako † [602]

4 sunflower58 [779]

5 knightrider [744]

The user ID 1197 is the newest member, yet he has more stats than donators.

[gurpreet]

Re: This is annoying me, security issues.

Bumpppppppppppppppppppp

More are coming :(

1 haloboy2k8 [1201]

2 ozzy [1196]

3 W&W † Drako † [602]

4 sunflower58 [779]

5 knightrider [744]

[Guest Anonymous]

Re: This is annoying me, security issues.

Well I had a look and I reckon you are suffering from multiple vulnerabilities, but tbh you are not really helping yourself:

Gurpreet [1], Level 666, Cash $2,878,005,646

Hardly seems fair.

Anyway, looks like a simple injection attack - I suggest you start looking at your logs.

[gurpreet]

Re: This is annoying me, security issues.

I'm not a player, i just keep it like that for show. In logs do you mean via the cpanel or in-game?

[Guest Anonymous]

Re: This is annoying me, security issues.

Try the in-game logs...

Try the http server logs...

Try the MySQL binary logs (assuming they are turned on)...

You will soon see who the culprits are...

[gurpreet]

Re: This is annoying me, security issues.

I know WHO the culprits are, just don't know how to stop them from using whatever they use...

[Guest Anonymous]

Re: This is annoying me, security issues.

Well trace the logs - that will tell you exactly where the problem lies. If it doesn't, get yourself a good sentinel logger or turn on MySQL's binary logger.

Once you know how they do it, it becomes simple to stop them.