About Mysql !

grabb_666 · Jul 16, 2008

I got a mysql server "tfs" tibia client 8.10, and i dont know how they hack it, they can do whatever they want with the sql base :S and i secure it, Help me

Znote · Jul 16, 2008

Put a password to your phpmyadmin?

Pazzur · Jul 16, 2008

Go to your http://localhost/security and add passwords for both options.

Renaming phpMyAdmin may also help (you won't be able to access it either though - until you rename it/Change some settings i'm not aware of)

Best of luck,
Pazzur

grabb_666 · Jul 16, 2008

i've done that look at this

Cuz now one of my players that i deleted for bug abouse, threaten me to destroy the server and shit, every time i wake up i se on the floor many bugs and shit.. strange ;S

Sorry * XD

Pazzur · Jul 16, 2008

That looks safe to me, what kind of bugs do you see on the floor?

You should also change the password on data/XML/admin.xml (I don't know if thats directly related to your problem though).

It could also be a problem with your version of phpMyAdmin, maybe one of your friends could access it and confirm it asks for a password.

grabb_666 · Jul 16, 2008

They can creat what ever they want from Cash to items.., And other type's of floor and ladders and stairs, and remove walls :S here is my admin.xml

<security onlylocalhost="1" maxconnections="2" loginrequired="1" loginpassword="test"/>
<encryption required="0">


But i wonder about this one, On localhost/security.... """ These XAMPP pages are accessible by network for everyone UNSECURE
Every XAMPP demo page you are right now looking at is accessible for everyone over network. Everyone who knows your IP address can see these pages.
""

Pazzur · Jul 16, 2008

You should change loginpassword to something secure instead of "test" which is the default.

I also suggest you check their access levels as well as your commands.xml to make sure only GMs have the ability to create items and that their characters don't have GM access.

grabb_666 · Jul 16, 2008

Alright i've been change that "test" to an secured password.. and no one have "GM" access, Only me

Pazzur · Jul 16, 2008

grabb_666 said:
But i wonder about this one, On localhost/security.... """ These XAMPP pages are accessible by network for everyone UNSECURE
Every XAMPP demo page you are right now looking at is accessible for everyone over network. Everyone who knows your IP address can see these pages.
""

Thats what I have too. I don't think thats a problem.

What worries me is that you say they can remove walls, I have no idea how they can do that (I knew it could be done in 7.6) since not even GMs can do that.

If your problem continues I suggest switching to the latest TFS which might require your server to change protocol to 8.11.

Best of luck,
Pazzur

grabb_666 · Jul 16, 2008

thx dude =), im very greatfull,

//Kriss

Znote · Jul 16, 2008

You know, you can make so it is ONLY possible to enter phpmyadmin through localhost (your own computer).

Then its safe

unless you use an homepage that has "holes" that allows somebody to thief coockies or something like that..

Edit:
If you get this worked, maybe you want to remove the GM's and such things the hacker have created?

Enter your database - go to the player table - browse - choose so you see the group ids, display highest group id at top and you will see all high positions

Pazzur · Jul 16, 2008

Could the whole creating/removing walls be caused through phpMyAdmin though? If yes, well I had no idea :S

In my case, I use a dedicated server so I can't have it for only localhost.

grabb_666 · Jul 16, 2008

How do i make that? so only "LOCALHOST" can enter ? ^^,

Check this out !

Thats the problem.. They can make walls and whatever they want

Znote · Jul 17, 2008

Check your commands, and do as i said in the edit in my earlier post, but go accounts and sort by account id aswell. And you see if they got any special chars.

JayBeee · Jul 17, 2008

grabb_666 said:
How do i make that? so only "LOCALHOST" can enter ? ^^,

Check this out !

Thats the problem.. They can make walls and whatever they want

That should pretty much be impossible! :O At least since after the 7.6 client.... You should report that to Talaturen in the TFS sub-forum...

Znote · Jul 17, 2008

@up

Not impossible if the hacker made himself his acc type 5 and/or group id 3 character

JayBeee · Jul 17, 2008

Ya, but if grabb haven't made another account, the others won't be able to log into the database since the "root" account can only be accessed from localhost...

Mazen · Jul 17, 2008

Link1: "yourserver".com/security
Link2: "yourserver".com/phpmyadmin
and they have full access to the database

Pazzur · Jul 17, 2008

I agree with Znote, you should check for all group ids in case whoever had access to your database didn't give himself any access levels. Cause they can pretty much hide from you with /ghost.

grabb_666 · Jul 17, 2008

I've check all that in my sql base, NO one have access higher then 1, it's only me that got access 5 :S . and group 2 ofc no one else ;S, And commands.xml "talk".xml no harmless command is under access 2 either :S

About Mysql !

Z-athura.mine.nu

<?php echo $title; ?>

New Member

Z-athura.mine.nu

New Member

Z-athura.mine.nu

New Member

Z-athura.mine.nu

New Member

Z-athura.mine.nu

<?php echo $title; ?>

New Member

Z-athura.mine.nu

<?php echo $title; ?>

Retired Global Mod

<?php echo $title; ?>

Retired Global Mod

Developer

New Member

Z-athura.mine.nu

Similar threads