Server Being Hacked.

Started by Shanky, Nov 10, 2012, 06:15 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Shanky

okay friends i am the owner of SoulReaper-RO
and these past few days been hard for me, you see my server is young and growing...
but its being hacked..

now wht i mean by hacked is
some random person is able to delete all the accounts from the db, make him/her into an admin
boost his/her char...

DELETE my admin id, delete all other gm's id and Dropping all donate items. 30k of each infront of us.....and so on..

yeah i know its pretty much bad, but i request u all to let me know how can this even be happening..

PhpmyAdmin we use secure login
FluxCP  u can view the details and not change ( even if hacked )

pls help me off.
[color=cyan] Looking for a new Server contact me now !!!! Fb.com/luckyshanky !!! [/color]

yC

#1
I'll toss in some suggestion.

Don't use the same mysql user for forum, cp and server (if you are even doing that).  CP mysql user can have a smaller set of permissions than the game mysql user.  Forum mysql user should only be able to access the forum database. etc take into other safety measure.

A scenario could be your cp is unsafe (now or at some point in time) and the mysql user/pass is leaked out.  With the mysql user info if the permission is allowed, connecting to the mysql server/database with a mysql client will allow anyone to do anything that is not even possible with Flux.  You should set permission to only allow mysql connection make to the game database from localhost (if msyql is on the same server) or allow only the cp/website's IP to connect to it.

In most hack cases I tend to blame it to the control panel or unsafe web-directory.  Unless you have something in your computer or your staff computer that is unsafe like a keylogger.

You could try ... disable the fluxcp or I mean rename the cp directory to something only you know for a clear cut (use _M/_F) for the time being and change the mysql user passwords on all the mysql users that have access to the game database.  See if the hacker come back if not then you have isolated the problem.


Shanky

thanks for ur suggestion, and if u get more ideas on how to protect the sever pls pls help me out.
[color=cyan] Looking for a new Server contact me now !!!! Fb.com/luckyshanky !!! [/color]

Triper

So you don't have the user user db encripted? ._.

Shanky

well  u know how to make it encrypted? or at least secure?
[color=cyan] Looking for a new Server contact me now !!!! Fb.com/luckyshanky !!! [/color]

Triper

AFAIK, there is an option at the eathena/rathena that changes the save files from plain text to md5. That, most of the time, is enough to save you from user db hacks since, to extract the info from the files, would take ages without a super computer.

yC

Well he mentioned the "hacker" deleted IDs rather than logging into his/staff's accounts, I would assume it's md5ed? 

If you don't see people's passwords in plain text in the user account table (login table? forgot the name) you are fine on this one. 

Star Platinum

Check phpMyadmin.  Go to the users list.

Do you see an 'any' user?

DELETE IT NOW.

Shanky

Seriously let me convey my Gratitude to you all since u all stepped up and helped me a lot.


currently i am doing all the changes as yC and others has told me to do so.

hope this works...

God's speed.
[color=cyan] Looking for a new Server contact me now !!!! Fb.com/luckyshanky !!! [/color]