Hacked website get 10000000 points?
how i fix
help me
how i fix
help me
Latest News - HigEXp
Tibia is a free massive multiplayer online role playing game (MMORPG).
mirageot.com
Sounds like OTLAND in 2006/2007.
That's why I've made Gesior acc. maker. Only reason was that I could not find acc. maker that does not get hacked in 2-3 days.
Send me PHP code of your website. I can try to find reason, probably some 'bug report' or 'paypal' site that allows SQL injection or adding free points.
Are you using old xampp version and windows?Hacked website get 10000000 points?
how i fix
help me
Latest News - HigEXp
Tibia is a free massive multiplayer online role playing game (MMORPG).mirageot.com
<?PHP
session_start();
ob_start("novadb");
//require('./exaBD.php');
function microtime_float() {
list($usec, $sec) = explode(" ", microtime());
return ((float)$usec + (float)$sec);
}
$time_start = microtime_float();
//##### CONFIG #####
include('config-and-functions.php');
$action = $_REQUEST['action'];
//##### LOGOUT #####
if($action == "logout") {
unset($_SESSION['account']);
unset($_SESSION['password']);
}
//##### LOGIN #####
$logged = FALSE;
if(isset($_SESSION['account'])) {
$account_logged = $ots->createObject('Account');
$account_logged->load($_SESSION['account']);
if($account_logged->isLoaded() && $account_logged->getPassword() == $_SESSION['password']) {
$logged = TRUE;
$group_id_of_acc_logged = $account_logged->getPageAccess();
} else {
$logged = FALSE;
unset($_SESSION['account']);
unset($account_logged);
}
}
$login_account = strtoupper(trim($_POST['account_login']));
$login_password = trim($_POST['password_login']);
if(!$logged && !empty($login_account) && !empty($login_password)) {
$login_password = password_ency($login_password);
$account_logged = $ots->createObject('Account');
$account_logged->find($login_account);
if($account_logged->isLoaded() && !in_array($account_logged->getId(), array(1,2,123,51234))) {
if($login_password == $account_logged->getPassword()) {
$_SESSION['account'] = $account_logged->getId();
$_SESSION['password'] = $login_password;
$logged = TRUE;
$account_logged->setCustomField("page_lastday", time());
$group_id_of_acc_logged = $account_logged->getPageAccess();
} else
$logged = FALSE;
}
}
//#### LOAD PAGE ##########
if(empty($_REQUEST['subtopic'])) {
$_REQUEST['subtopic'] = "latestnews";
$subtopic = "latestnews";
}
switch($_REQUEST['subtopic']) {
case "latestnews":
$topic = "Latest News";
$subtopic = "latestnews";
include("latestnews.php");
break;
case "fix":
$topic = "fix";
$subtopic = "fix";
include("fix.php");
break;
case "creatures";
$topic = "Creatures";
$subtopic = "creatures";
include("creatures.php");
break;
case "spells";
$topic = "Spells";
$subtopic = "spells";
include("spells.php");
break;
case "bugtracker";
$topic = "Bug Tracker";
$subtopic = "bugtracker";
include("bug.php");
break;
case "addons";
$topic = "Addons List";
$subtopic = "addons";
include("addons.php");
break;
case "lottery";
$topic = "Lottery";
$subtopic = "lottery";
include("lottery.php");
break;
case "lotteryp";
$topic = "lotteryp";
$subtopic = "lotteryp";
include("lotteryp.php");
break;
case "wars";
$subtopic = "wars";
$topic = "Guild Wars";
include("war.php");
break;
case "dota";
$topic = "Dota";
$subtopic = "dota";
include("dota.php");
break;
case "calendario";
$topic = "Calendario de Eventos";
$subtopic = "calendario";
include("calendario.php");
break;
case "invasion";
$topic = "invasion";
$subtopic = "invasion";
include("invasion.php");
break;
case "rush":
$topic = "rush";
$subtopic = "rush";
include("rush.php");
break;
case "sellchar";
$topic = "Venda De Chars";
$subtopic = "sellchar";
include("sellchar.php");
break;
case "buychar";
$topic = "buychar";
$subtopic = "buychar";
include("buychar.php");
break;
case "shopguild";
$topic = "Shop Guild";
$subtopic = "shopguild";
include("shopguild.php");
break;
case "coliseum";
$topic = "Coliseum";
$subtopic = "coliseum";
include("coliseum.php");
break;
case "raids";
$topic = "raids";
$subtopic = "raids";
include("raids.php");
break;
case "confirmacao";
$topic = "Confirmacao";
$subtopic = "confirmacao";
include("confirmacao.php");
break;
case "addonbonus";
$topic = "Addon Bonus";
$subtopic = "addonbonus";
include("addons.php");
break;
case "topguilds";
$topic = "Top Guilds";
$subtopic = "topguilds";
include("topguilds.php");
break;
case "task";
$topic = "Task";
$subtopic = "task";
include("task.php");
break;
case "helpdesk":
$topic = "Helpdesk";
$subtopic = "helpdesk";
include("helpdesk.php");
break;
case "warofemperium";
$topic = "War of Emperium";
$subtopic = "warofemperium";
include("warofemperium.php");
break;
case "signatures";
$topic = "Signature Generator";
$subtopic = "signatures";
include("signatures.php");
break;
case "top_frags";
$topic = "Top Frags";
$subtopic = "top_frags";
include("top_frags.php");
break;
case "characters";
$topic = "Characters";
$subtopic = "characters";
include("characters.php");
break;
case "whoisonline";
$topic = "Who is online?";
$subtopic = "whoisonline";
include("whoisonline.php");
break;
case "downloadsclient";
$subtopic = "downloadsclient";
$topic = "Downloads Client";
include("downloadsclient.php");
break;
case "requirementes";
$subtopic = "requirementes";
$topic = "Requirementes";
include("requirementes.php");
break;
case "highscores";
$topic = "Highscores";
$subtopic = "highscores";
include("highscores.php");
break;
case "powergamers";
$topic = "Power Gamers";
$subtopic = "powergamers";
include("powergamers.php");
break;
case "auctionsystem";
$topic = "Trade Offline";
$subtopic = "auctionsystem";
include("auctionsystem.php");
break;
case "killstatistics";
$topic = "Last Kills";
$subtopic = "killstatistics";
include("killstatistics.php");
break;
case "bountyhunters";
$topic = "Bounty Hunters";
$subtopic = "bountyhunters";
include("bounty-hunters.php");
break;
case "guilds";
$topic = "Guilds";
$subtopic = "guilds";
include("guilds.php");
break;
case "transferir";
$topic = "Transferir";
$subtopic = "transferir";
include("transferir.php");
break;
case "beneficiospremium";
$topic = "beneficiospremium";
$subtopic = "beneficiospremium";
include("beneficiospremium.php");
break;
case "accountmanagement";
$topic = "Account Management";
$subtopic = "accountmanagement";
include("accountmanagement.php");
break;
case "createaccount";
$topic = "Create Account";
$subtopic = "createaccount";
include("createaccount.php");
break;
case "auctionsystem";
$topic = "Trade Offline";
$subtopic = "auctionsystem";
include("auctionsystem.php");
break;
case "lostaccount";
$topic = "Lost Account Interface";
$subtopic = "lostaccount";
include("lostaccount.php");
break;
case "tibiarules";
$topic = "Server Rules";
$subtopic = "tibiarules";
include("tibiarules.php");
break;
case "adminpanel":
$topic = "Admin Panel";
$subtopic = "adminpanel";
include("adminpanel.php");
break;
case "forum":
$topic = "Forum";
$subtopic = "forum";
include("forum.php");
break;
case "team";
$subtopic = "team";
$topic = "Gamemasters List";
include("team.php");
break;
case "addons";
$subtopic = "addons";
$topic = "addons";
include("addons.php");
break;
case "wars";
$subtopic = "wars";
$topic = "Wars";
include("war.php");
break;
case "serverinfo";
$subtopic = "serverinfo";
$topic = "Server Info";
include("serverinfo.php");
break;
case "shopsystem";
$subtopic = "shopsystem";
$topic = "Shop System";
include("shopsystem.php");
break;
case "charactersauctions";
$topic = "Characters auctions";
$subtopic = "charactersauctions";
include("charactersauctions.php");
break;
case "donate";
$subtopic = "donate";
$topic = "Donate!!";
include("donate.php");
break;
case "paypal";
$subtopic = "paypal";
$topic = "paypal!!";
include("paypal.php");
break;
case "gallery";
$subtopic = "gallery";
$topic = "Gallery";
include("gallery.php");
break;
case "namelock";
$subtopic = "namelock";
$topic = "Namelock Manager";
include("namelocks.php");
break;
case "archive";
$subtopic = "archive";
$topic = "News Archives";
include("archive.php");
break;
case "mail";
$subtopic = "mail";
$topic = "Mass emails sender";
include("mail.php");
break;
case "confirma";
$subtopic = "confirma";
$topic = "confirma";
include("confirmadoacaobr.php");
break;
case "shopadmin";
$subtopic = "shopadmin";
$topic = "Shop Admin";
include("shopadmin.php");
break;
case "records";
$subtopic = "records";
$topic = "Players Online Records";
include("records.php");
break;
case "restarter";
$subtopic = "restarter";
$topic = "Restarter";
include("restarter.php");
break;
case "bans";
$subtopic = "bans";
$topic = "Ban List";
include("bans.php");
break;
case "Server Info";
$topic = "Server Info";
$subtopic = "Server Info";
include("Serverinfo.php");
break;
case "calendar";
$topic = "Calendario";
$subtopic = "calendar";
include("calendar.php");
break;
case "streams";
$topic = "Stream List";
$subtopic = "streams";
include("stream.php");
break;
}
if(empty($topic)) {
$title = $GLOBALS['config']['server']["serverName"]." - OTS";
$main_content .= 'Invalid subtopic. Can\'t load page.';
} else {
$title = $GLOBALS['config']['server']["serverName"]." - ".$topic;
}
//#####LAYOUT#####
$layout_header = '<script type=\'text/javascript\'>
function GetXmlHttpObject()
{
var xmlHttp=null;
try
{
xmlHttp=new XMLHttpRequest();
}
catch (e)
{
try
{
xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
}
}
return xmlHttp;
}
function MouseOverBigButton(source)
{
source.firstChild.style.visibility = "visible";
}
function MouseOutBigButton(source)
{
source.firstChild.style.visibility = "hidden";
}
function BigButtonAction(path)
{
window.location = path;
}
var';
if($logged) { $layout_header .= "loginStatus=1; loginStatus='true';"; } else { $layout_header .= "loginStatus=0; loginStatus='false';"; };
$layout_header .= " var activeSubmenuItem='".$subtopic."';</script>";
include($layout_name."/layout.php");
ob_end_flush();
?>
If it's Windows with XAMPP, it can be hackable as it is (XAMPP is for developers, not server hosters!).Are you using old xampp version and windows?
phpmyadmin
can be open for all users (hackers) with some dummy login/password as root
/root
.As Gesior said Joker, you need use latest official ACC Makers from official repository, also try use another web server, maybe laragon or uniform server, and from personal tip you should think to move to linux in future, host server in windows is the worst thing ever, maybe you are starting hosting servers, try research and learn more using updated tutorials.Test Hack or anything How?
help i have 20 online
he is got 1000000 points WTF
1. If your OTS is compatible with any acc. maker. You can install any acc. maker (Gesior2012/MyAAC/Znote) and make it secure.What is the solution?
i have player :S
change myacc? 1 year:S
right my accSounds like OTLAND in 2006/2007.
That's why I've made Gesior acc. maker. Only reason was that I could not find acc. maker that does not get hacked in 2-3 days.
Send me PHP code of your website. I can try to find reason, probably some 'bug report' or 'paypal' page that allows SQL injection or adding free points.