a guy made himself god and everyone else in my server aswell

[Lurk]

I'm using this website GesiorACC 2019 8.60 UPDATE 29/06/2019 (https://tibiaking.com/forums/topic/44980-gesioracc-2019-860-update-29062019/) I know this was posted here in otland as well tho I don't know where it is, and I'm using tfs 0.4 and google cloud to host the server
I don't know how but this guy came in and made himself god, I don't know if it was through the website or what but the machine seemed fine, like it wasn't invaded and there were no way he could've become god in the game, my char also was still online so he didn't log into my account to give god to himself
does anyone have any idea how this have happened? I'm desperate

 

[roriscrave]

I'm using this website GesiorACC 2019 8.60 UPDATE 29/06/2019 (https://tibiaking.com/forums/topic/44980-gesioracc-2019-860-update-29062019/) I know this was posted here in otland as well tho I don't know where it is, and I'm using tfs 0.4 and google cloud to host the server
I don't know how but this guy came in and made himself god, I don't know if it was through the website or what but the machine seemed fine, like it wasn't invaded and there were no way he could've become god in the game, my char also was still online so he didn't log into my account to give god to himself
does anyone have any idea how this have happened? I'm desperate

he probably accessed your database (yoursite/phpmyadmin) and changed his character to god.
try changing your phpmyadmin password

 

[fortation]

probably sql injection

 

[Lurk]

my phpmyadmin password has like 15 characters, simbols and all of that but still I'll try changing it, thank ya

edit: phpmyadmin can only be accessed locally right?

 

[Nekiro]

my phpmyadmin password has like 15 characters, simbols and all of that but still I'll try changing it, thank ya

edit: phpmyadmin can only be accessed locally right?

if you dont restrict it then no

 

[Lurk]

I haven't changed it and by default it's localhost only

 

[fortation]

yes. if you set it to be accessed locally

 

[Evil Puncker]

probably backdoor on the script, never trust downloads from brazilian forums

 

[Lurk]

Natanael is one of the few trusthworty people in our brazilian community

 

[zbizu]

iirc some old gesior aac versions were vulnerable to sql injection, just switch to znote

years ago I remember one of my friends bragged about gaining full control over servers with that vulnerability

 

[Merrok]

I haven't changed it and by default, it's localhost only

Wrong. By default, any users can only be accessed locally. But PHPMyAdmin uses the user login from the local server but then it displays everything via your webserver. That's the very reason why I don't recommend it. Use the command line instead

PhpMyAdmin is the most likely way someone got in.
Though ssh is also a possibility if your password is bad (please stop using passwords, use encrypted keys instead and deactivate the root login)
And the third option is SQL injection. Though that's usually unlikely.
Another big possibility is that you gave someone who you thought you could trust access.
Or maybe some user or database login you forgot about? Something that came by default by some shitty script? Some login you made once and didn't deactivate or secure it?
Also possible is outdated software. You need to maintain your server. New exploits, bugs and vulnerabilities are being found every day. If you don't update for example your MySQL server, it will be vulnerable.

Natanael is one of the few trusthworty people in our brazilian community

Noone you don't personally know well is trustworthy.

 

[Lurk]

I never share passwords, logins and no other stuff @Merrok how can I change this stuff?

 

[Merrok]

Well you can google how to change any of these things. There are very good tutorials for it out there already. Not gonna write one now, sorry

The first thing you need to do is change all your passwords. Use random passwords, at least 15 characters long with upper, lower letters as well as special symbols and numbers.

Then you can google how to:
deactivate root (make sure to give another user sudo privileges first)
make the ssh login only possible via a rsa key
change the ssh port
find all current users in any server with login possibilities
update your server
make mysql, phpmyadmin only accessible from localhost
setup a (at least default) firewall

after you have made sure everything is safe, you can review the logs. Those are by default located in /var/log/
This will give you more information on how this could happen.

edit: most turorials on OTLand are completely outdated and useless. Don't trust all of these. You can find recent tutorials for anything (not tibia related) in the internet @Lurk