help hacker in my server

[bluedrago 26]

hi everyone

iin this day one hacker attack my server!!

he can create items and unnbaned  and can delete my table players

i change my pass but he enter again.

say with program...... -.-

any can help me¿¿?

i have 40k and source in all

[VII 4]

WTF 

Let God Be With You  

i don't Know anything about hack defence  

[kieranFMT2 157]

What serverfiles u using?

[BackPlayer 52]

chech your website and look for metin2 expoilts 40k

[bluedrago 26]

i use source of novaline clean and all patch
 

[kieranFMT2 157]

yeah but u must use some sort of sf base give us something xD and the website

[BackPlayer 52]

send us sysser of DB and Channel

[bluedrago 26]

files of metin2rage old version but all is change and game and db is base of novaline clean posted here.

www.perseo2.com

[BackPlayer 52]

check this fix exploit

[kieranFMT2 157]

homepage is not up please put on

[BackPlayer 52]

check this too FIX EXPLOIT FOR OFFLINE SHOP

[bluedrago 26]

yes i have fixed messenge,guild and shop

[BackPlayer 52]

Just now, bluedrago said:

yes i have fixed messenger and guild

offline shop? show us your sysser of DB and Channels... all

may your site has a bug or something

[bluedrago 26]

sorry is clean sysers becouse

now im installing freebsd 10.3 and mysql 5.7 becouse one friend say me upgrade

[BackPlayer 52]

try to down your website and tell us

[Nickas 23]

try change to mysql user of localhost.

example like CONFIG file of usr/game/channel1/2.. auth,game99 or db/conf.txt :

Spoiler

PLAYER_SQL: localhost localroot pass player
COMMON_SQL: localhost localroot pass common
 

you change localroot  , pass and go navicat connection > manage users > select localroot@localhost > edit user > user name: localroot , password/confirm password : pass

 

i sorry for bad english.

[iltizio 138]

There are a lot of possibilities:

Game Exploit

Website exploit

Game bug

Low Security on your machine.

To find from which of this possibilities they use, create a differenti user for each use:

user [email protected]<ip_of_your_website> for your website 

User [email protected] for your game

User [email protected] for amministratore (if you use ssh tunnel).

Nextly enable MySQL General log that create a table on mysql db with all the query run. Be careful because it is very verbose and Can use a lot of space.

http://dev.mysql.com/doc/refman/5.7/en/query-log.html

Check the sospicious queries and where they run, so you have find which possibilities they use and nextly you can block they.

Firstly check also MySQL alert log. It contain also wrong authentication.

If you need extra help, please contact me: http://iltizioservice.ga/index.php/en/contacts2

[Istny 64]

if changing ssh,mysql passwords don't help, you have probably installed webshell, disable dangereous php command in php.ini

after you can delete this shit with this 

This is the hidden content, please

• Sign In
• or
• Sign Up

 

[bluedrago 26]

hello VPN is installed

now only i can enter in mi putty,navicat,winscp etc

key changes   user web and key "only for web"

in users root now have my ip.

i´m waiting hacker....

[Galet 425]

Add ipfw, fw or pf rules to the db port (15000 If my memory is fresh)

[caes95 1]

On 4/6/2016 at 4:37 AM, galet said:

Add ipfw, fw or pf rules to the db port (15000 If my memory is fresh)

Why ?, he has a VPN installed and do not need to filter packets.

[Galet 425]

22 minutes ago, caes95 said:

Why ?, he has a VPN installed and do not need to filter packets.

This is a dangerous threat.

Everyone is able to connect through the DB prot even with distant servers. Thus he'll be able to alter quests, database and so on...

This is a known bug. Even shogun warns us back in the years.

On 21/02/2014 at 4:15 PM, Shogun said:

 

Port 15000 should never be publicly open! Only the game cores need to connect to it, not your users. In fact it's a security risk as anybody can create an auth server which connects to your db core and login any account they want on your server.

 

[tierrilopes 406]

#Removed. Thank you m2dev for getting ruined.

[AlCapone 58]

If you fixed all of exploits posted in forums then the only think is the owner of the host where you buy the dedicat server...if is vzland may the good lord bless and keep you safe xD