dako12 7 Posted December 18, 2015 Share Posted December 18, 2015 Hello Recently I 've seen many server got their databases deleted.. This is caused from their sites? or from the new gamefile? If I block mysql port and connect through ssh and create an account for homepage only to write new accounts will I be protected? Link to comment Share on other sites More sharing options...
Honorable Member NoFr1ends 751 Posted December 18, 2015 Honorable Member Share Posted December 18, 2015 In the messenger part of the game (core) is a bug which allows with a manipulated packet to execute unfiltered sql statements. Kind regards Chuck 1 Link to comment Share on other sites More sharing options...
Ken 904 Posted December 18, 2015 Share Posted December 18, 2015 56 minutes ago, dako12 said: If I block mysql port and connect through ssh and create an account for homepage only to write new accounts will I be protected? This thing is not related to the ports. It's related to the messenger system. The exploit is only working when you're trying to remove someone on your friend list. Ymir didn't add a protection for this. In the leaked source files or Vanilla source has the same vulnerability too. I can't say anything about the older game versions because they probably have the same vulnerability too. Kind Regards ~ Ken 1 Do not be sorry, be better. Link to comment Share on other sites More sharing options...
dako12 7 Posted December 19, 2015 Author Share Posted December 19, 2015 1 hour ago, Ken said: This thing is not related to the ports. It's related to the messenger system. The exploit is only working when you're trying to remove someone on your friend list. Ymir didn't add a protection for this. In the leaked source files or Vanilla source has the same vulnerability too. I can't say anything about the older game versions because they probably have the same vulnerability too. Kind Regards ~ Ken thanks both of you, so we must implement the fix you shared with us to be safe right? one more question: if ymir didn't take care of this, can it be done to official too then or not? ;P Link to comment Share on other sites More sharing options...
Ken 904 Posted December 19, 2015 Share Posted December 19, 2015 1 minute ago, dako12 said: thanks both of you, so we must implement the fix you shared with us to be safe right? one more question: if ymir didn't take care of this, can it be done to official too then or not? ;P They already knew this problem before (It's just a guess). The server will ban who tries to use this SQL injection If you implement my code with a ban query. Kind Regards ~ Ken 1 Do not be sorry, be better. Link to comment Share on other sites More sharing options...
dako12 7 Posted December 19, 2015 Author Share Posted December 19, 2015 Just now, Ken said: They already knew this problem before (It's just a guess). The server will ban who tries to use this SQL injection If you implement my code with a ban query. Kind Regards ~ Ken so they just let it like this for you developers to be troubled then.. is it possible to add a lib or fix it with a dif to 2.4.1 gamefile of vanilla? cause of its several bug fixes and stuff I don't think the leaked source of vanilla is better than this or wrong? Link to comment Share on other sites More sharing options...
Ken 904 Posted December 19, 2015 Share Posted December 19, 2015 6 minutes ago, dako12 said: so they just let it like this for you developers to be troubled then.. is it possible to add a lib or fix it with a dif to 2.4.1 gamefile of vanilla? cause of its several bug fixes and stuff I don't think the leaked source of vanilla is better than this or wrong? Vanilla source could be good in the old days. For now, everyone is using the new source files. (Home-made) I can't say anything about vanilla source is better than every source or something like that. Every source is valuable at the moment. I think there is no a diff for vanilla sources yet. Kind Regards ~ Ken Do not be sorry, be better. Link to comment Share on other sites More sharing options...
Cyclone_DE 9 Posted December 19, 2015 Share Posted December 19, 2015 Is there any way that we can protect our servers from this? Link to comment Share on other sites More sharing options...
Honorable Member NoFr1ends 751 Posted December 19, 2015 Honorable Member Share Posted December 19, 2015 No other way than switch to your own source and apply the released fix. Or if you know IDA you can try to make a diff. I dont know how IDA works so i can't help here. Edit: Also you can add a prefix to the tables and add the prefix to the configuration, this will prevent the attackers from knowing how the table is named. 3 Link to comment Share on other sites More sharing options...
Cyclone_DE 9 Posted December 19, 2015 Share Posted December 19, 2015 Can you tag the released fix please? Also didnt understand the thing you said about the prefix Link to comment Share on other sites More sharing options...
Former Staff Shisui 490 Posted December 19, 2015 Former Staff Share Posted December 19, 2015 1 Link to comment Share on other sites More sharing options...
Premium Galet 510 Posted December 19, 2015 Premium Share Posted December 19, 2015 This could be an issue from the port 15000, if he is not protected, anybody can create an auth server which connects to your db core and login any account they want on your server and even delete your databases... Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now