Hacked website get 10000000 points?
how i fix
help me
mirageot.com
how i fix
help me
Latest News - HigEXp
Tibia is a free massive multiplayer online role playing game (MMORPG).
RevScripts Some one Hacked webiste
- Thread starter Joker Man
- Start date
Sounds like OTLAND in 2006/2007.
That's why I've made Gesior acc. maker. Only reason was that I could not find acc. maker that does not get hacked in 2-3 days.
Send me PHP code of your website. I can try to find reason, probably some 'bug report' or 'paypal' page that allows SQL injection or adding free points.
That's why I've made Gesior acc. maker. Only reason was that I could not find acc. maker that does not get hacked in 2-3 days.
Send me PHP code of your website. I can try to find reason, probably some 'bug report' or 'paypal' page that allows SQL injection or adding free points.
Last edited:
imperianic
Well-Known Member
- Joined
- May 20, 2020
- Messages
- 232
- Solutions
- 1
- Reaction score
- 93
I'm your fan. Helping people just for help.
Acubens
Old Penguin
Are you using old xampp version and windows?Hacked website get 10000000 points?
how i fix
help me
Latest News - HigEXp
Tibia is a free massive multiplayer online role playing game (MMORPG).
yes i use xampp
Lua:
<?PHP
session_start();
ob_start("novadb");
//require('./exaBD.php');
function microtime_float() {
list($usec, $sec) = explode(" ", microtime());
return ((float)$usec + (float)$sec);
}
$time_start = microtime_float();
//##### CONFIG #####
include('config-and-functions.php');
$action = $_REQUEST['action'];
//##### LOGOUT #####
if($action == "logout") {
unset($_SESSION['account']);
unset($_SESSION['password']);
}
//##### LOGIN #####
$logged = FALSE;
if(isset($_SESSION['account'])) {
$account_logged = $ots->createObject('Account');
$account_logged->load($_SESSION['account']);
if($account_logged->isLoaded() && $account_logged->getPassword() == $_SESSION['password']) {
$logged = TRUE;
$group_id_of_acc_logged = $account_logged->getPageAccess();
} else {
$logged = FALSE;
unset($_SESSION['account']);
unset($account_logged);
}
}
$login_account = strtoupper(trim($_POST['account_login']));
$login_password = trim($_POST['password_login']);
if(!$logged && !empty($login_account) && !empty($login_password)) {
$login_password = password_ency($login_password);
$account_logged = $ots->createObject('Account');
$account_logged->find($login_account);
if($account_logged->isLoaded() && !in_array($account_logged->getId(), array(1,2,123,51234))) {
if($login_password == $account_logged->getPassword()) {
$_SESSION['account'] = $account_logged->getId();
$_SESSION['password'] = $login_password;
$logged = TRUE;
$account_logged->setCustomField("page_lastday", time());
$group_id_of_acc_logged = $account_logged->getPageAccess();
} else
$logged = FALSE;
}
}
//#### LOAD PAGE ##########
if(empty($_REQUEST['subtopic'])) {
$_REQUEST['subtopic'] = "latestnews";
$subtopic = "latestnews";
}
switch($_REQUEST['subtopic']) {
case "latestnews":
$topic = "Latest News";
$subtopic = "latestnews";
include("latestnews.php");
break;
case "fix":
$topic = "fix";
$subtopic = "fix";
include("fix.php");
break;
case "creatures";
$topic = "Creatures";
$subtopic = "creatures";
include("creatures.php");
break;
case "spells";
$topic = "Spells";
$subtopic = "spells";
include("spells.php");
break;
case "bugtracker";
$topic = "Bug Tracker";
$subtopic = "bugtracker";
include("bug.php");
break;
case "addons";
$topic = "Addons List";
$subtopic = "addons";
include("addons.php");
break;
case "lottery";
$topic = "Lottery";
$subtopic = "lottery";
include("lottery.php");
break;
case "lotteryp";
$topic = "lotteryp";
$subtopic = "lotteryp";
include("lotteryp.php");
break;
case "wars";
$subtopic = "wars";
$topic = "Guild Wars";
include("war.php");
break;
case "dota";
$topic = "Dota";
$subtopic = "dota";
include("dota.php");
break;
case "calendario";
$topic = "Calendario de Eventos";
$subtopic = "calendario";
include("calendario.php");
break;
case "invasion";
$topic = "invasion";
$subtopic = "invasion";
include("invasion.php");
break;
case "rush":
$topic = "rush";
$subtopic = "rush";
include("rush.php");
break;
case "sellchar";
$topic = "Venda De Chars";
$subtopic = "sellchar";
include("sellchar.php");
break;
case "buychar";
$topic = "buychar";
$subtopic = "buychar";
include("buychar.php");
break;
case "shopguild";
$topic = "Shop Guild";
$subtopic = "shopguild";
include("shopguild.php");
break;
case "coliseum";
$topic = "Coliseum";
$subtopic = "coliseum";
include("coliseum.php");
break;
case "raids";
$topic = "raids";
$subtopic = "raids";
include("raids.php");
break;
case "confirmacao";
$topic = "Confirmacao";
$subtopic = "confirmacao";
include("confirmacao.php");
break;
case "addonbonus";
$topic = "Addon Bonus";
$subtopic = "addonbonus";
include("addons.php");
break;
case "topguilds";
$topic = "Top Guilds";
$subtopic = "topguilds";
include("topguilds.php");
break;
case "task";
$topic = "Task";
$subtopic = "task";
include("task.php");
break;
case "helpdesk":
$topic = "Helpdesk";
$subtopic = "helpdesk";
include("helpdesk.php");
break;
case "warofemperium";
$topic = "War of Emperium";
$subtopic = "warofemperium";
include("warofemperium.php");
break;
case "signatures";
$topic = "Signature Generator";
$subtopic = "signatures";
include("signatures.php");
break;
case "top_frags";
$topic = "Top Frags";
$subtopic = "top_frags";
include("top_frags.php");
break;
case "characters";
$topic = "Characters";
$subtopic = "characters";
include("characters.php");
break;
case "whoisonline";
$topic = "Who is online?";
$subtopic = "whoisonline";
include("whoisonline.php");
break;
case "downloadsclient";
$subtopic = "downloadsclient";
$topic = "Downloads Client";
include("downloadsclient.php");
break;
case "requirementes";
$subtopic = "requirementes";
$topic = "Requirementes";
include("requirementes.php");
break;
case "highscores";
$topic = "Highscores";
$subtopic = "highscores";
include("highscores.php");
break;
case "powergamers";
$topic = "Power Gamers";
$subtopic = "powergamers";
include("powergamers.php");
break;
case "auctionsystem";
$topic = "Trade Offline";
$subtopic = "auctionsystem";
include("auctionsystem.php");
break;
case "killstatistics";
$topic = "Last Kills";
$subtopic = "killstatistics";
include("killstatistics.php");
break;
case "bountyhunters";
$topic = "Bounty Hunters";
$subtopic = "bountyhunters";
include("bounty-hunters.php");
break;
case "guilds";
$topic = "Guilds";
$subtopic = "guilds";
include("guilds.php");
break;
case "transferir";
$topic = "Transferir";
$subtopic = "transferir";
include("transferir.php");
break;
case "beneficiospremium";
$topic = "beneficiospremium";
$subtopic = "beneficiospremium";
include("beneficiospremium.php");
break;
case "accountmanagement";
$topic = "Account Management";
$subtopic = "accountmanagement";
include("accountmanagement.php");
break;
case "createaccount";
$topic = "Create Account";
$subtopic = "createaccount";
include("createaccount.php");
break;
case "auctionsystem";
$topic = "Trade Offline";
$subtopic = "auctionsystem";
include("auctionsystem.php");
break;
case "lostaccount";
$topic = "Lost Account Interface";
$subtopic = "lostaccount";
include("lostaccount.php");
break;
case "tibiarules";
$topic = "Server Rules";
$subtopic = "tibiarules";
include("tibiarules.php");
break;
case "adminpanel":
$topic = "Admin Panel";
$subtopic = "adminpanel";
include("adminpanel.php");
break;
case "forum":
$topic = "Forum";
$subtopic = "forum";
include("forum.php");
break;
case "team";
$subtopic = "team";
$topic = "Gamemasters List";
include("team.php");
break;
case "addons";
$subtopic = "addons";
$topic = "addons";
include("addons.php");
break;
case "wars";
$subtopic = "wars";
$topic = "Wars";
include("war.php");
break;
case "serverinfo";
$subtopic = "serverinfo";
$topic = "Server Info";
include("serverinfo.php");
break;
case "shopsystem";
$subtopic = "shopsystem";
$topic = "Shop System";
include("shopsystem.php");
break;
case "charactersauctions";
$topic = "Characters auctions";
$subtopic = "charactersauctions";
include("charactersauctions.php");
break;
case "donate";
$subtopic = "donate";
$topic = "Donate!!";
include("donate.php");
break;
case "paypal";
$subtopic = "paypal";
$topic = "paypal!!";
include("paypal.php");
break;
case "gallery";
$subtopic = "gallery";
$topic = "Gallery";
include("gallery.php");
break;
case "namelock";
$subtopic = "namelock";
$topic = "Namelock Manager";
include("namelocks.php");
break;
case "archive";
$subtopic = "archive";
$topic = "News Archives";
include("archive.php");
break;
case "mail";
$subtopic = "mail";
$topic = "Mass emails sender";
include("mail.php");
break;
case "confirma";
$subtopic = "confirma";
$topic = "confirma";
include("confirmadoacaobr.php");
break;
case "shopadmin";
$subtopic = "shopadmin";
$topic = "Shop Admin";
include("shopadmin.php");
break;
case "records";
$subtopic = "records";
$topic = "Players Online Records";
include("records.php");
break;
case "restarter";
$subtopic = "restarter";
$topic = "Restarter";
include("restarter.php");
break;
case "bans";
$subtopic = "bans";
$topic = "Ban List";
include("bans.php");
break;
case "Server Info";
$topic = "Server Info";
$subtopic = "Server Info";
include("Serverinfo.php");
break;
case "calendar";
$topic = "Calendario";
$subtopic = "calendar";
include("calendar.php");
break;
case "streams";
$topic = "Stream List";
$subtopic = "streams";
include("stream.php");
break;
}
if(empty($topic)) {
$title = $GLOBALS['config']['server']["serverName"]." - OTS";
$main_content .= 'Invalid subtopic. Can\'t load page.';
} else {
$title = $GLOBALS['config']['server']["serverName"]." - ".$topic;
}
//#####LAYOUT#####
$layout_header = '<script type=\'text/javascript\'>
function GetXmlHttpObject()
{
var xmlHttp=null;
try
{
xmlHttp=new XMLHttpRequest();
}
catch (e)
{
try
{
xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
}
}
return xmlHttp;
}
function MouseOverBigButton(source)
{
source.firstChild.style.visibility = "visible";
}
function MouseOutBigButton(source)
{
source.firstChild.style.visibility = "hidden";
}
function BigButtonAction(path)
{
window.location = path;
}
var';
if($logged) { $layout_header .= "loginStatus=1; loginStatus='true';"; } else { $layout_header .= "loginStatus=0; loginStatus='false';"; };
$layout_header .= " var activeSubmenuItem='".$subtopic."';</script>";
include($layout_name."/layout.php");
ob_end_flush();
?>
Last edited:
If it's Windows with XAMPP, it can be hackable as it is (XAMPP is for developers, not server hosters!).
ex.
phpmyadmin can be open for all users (hackers) with some dummy login/password as root/root.He is using some custom acc. maker. It's not official Gesior2012/MyAAC/Znote.
It's some custom OTS/TFS/otservbr acc. maker with multiple new 'pages' (ex. bug report - well known for SQL injections) or custom payment system (ex. PayPal/[other system] that allows hackers to 'spoof' payments).
They were all replaced (updated) in official acc. makers or not included at all. There are still some OTS acc. makers that use 'Gesior2008 with custom pages' or totally rewritten MyAAC/Znote - outdated versions - as official page
Acubens
Old Penguin
As Gesior said Joker, you need use latest official ACC Makers from official repository, also try use another web server, maybe laragon or uniform server, and from personal tip you should think to move to linux in future, host server in windows is the worst thing ever, maybe you are starting hosting servers, try research and learn more using updated tutorials.
Here are the most popular Github repository of ACC Makers.
GitHub - gesior/Gesior2012: Gesior 2012 - Account Maker [website] for OTSes, account maker you can find in BRANCHES. Select 'branch'.
Gesior 2012 - Account Maker [website] for OTSes, account maker you can find in BRANCHES. Select 'branch'. - gesior/Gesior2012
github.com
GitHub - slawkens/myaac: A free and open-source Automatic Account Creator (AAC) written in PHP
A free and open-source Automatic Account Creator (AAC) written in PHP - slawkens/myaac
github.com
GitHub - Znote/ZnoteAAC: Developement repository for the Znote AAC project. A website portal to represent and manage your Open Tibia server.
Developement repository for the Znote AAC project. A website portal to represent and manage your Open Tibia server. - Znote/ZnoteAAC
github.com
1. If your OTS is compatible with any acc. maker. You can install any acc. maker (Gesior2012/MyAAC/Znote) and make it secure.
2. If your OTS is some 2010 code, that works only with 'acc. maker made for it'. You will have to review all your acc. maker files and fix them to be secure - a lot of work.
You can contact me on Discord: Gesior.pl#3208
but if it's very old acc. maker, I won't have time to update it to 2023 standards.
right my acc
<?php
/**#@+
* @version 0.0.1
*/
/**
* @package POT
* @version 0.1.5
* @author Wrzasq <[email protected]>
* @Copyright 2007 - 2008 (C) by Wrzasq
* @license http://www.gnu.org/licenses/lgpl-3.0.txt GNU Lesser General Public License, Version 3
Similar threads
- Question
