AAC Hacked Website, Deleted adm give access

[Joker Man]

hello, some one hacked my website, take points 100000-Deleted Adm, Give self Access 5
gesior 2012 Full bug

 

[Competitibia]

Congratulations did u change page access accs? Did u port forward 3306 and allow root with no password?

 

[Joker Man]

lol, i don`t do that
no one can use root, only from my vps
some one Hacked website, Deleted my Adm-take points from site -100000, give self access in game only not site
Everything
my ots have 44 online i closed > what i can do?

 

[Competitibia]

Not sure what happened best if u post php log

 

[Joker Man]

i`m here to get joke, need every help,my server is new, someone Get Full Hacked in my site i fix guild bug, i can do, i was have 44 online
iam full follow Gesior, i add Code New, Help me
he is can do anything, take from website admin panel like 100k points? -100000- Deleted adm or taked in account.
@Gesior.pl

 

[Competitibia]

Are u running on latest php? RCE is possible on older php versions idk why there is no warning for that on top of otland and why links for old accs are up..

 

[Joker Man]

Are u running on latest php? RCE is possible on older php versions idk why there is no warning for that on top of otland and why links for old accs are up..

right, i use old versions 2012

##### CREDITS #####
Version 0.3.6 r.49
Acc. script:
*Gesior - e-mail: [email protected]
*widnet - e-mail: [email protected]
*Norix - e-mail: [email protected]
*Cybermaster - e-mail: [email protected]
POT:
*Wrzasq - user from www.otfans.net
Layouts:
*CipSoft Gmbh - www.tibia.com
Monsters images:
*Unknown author
Items images:
*Unknown author

 

[Competitibia]

right, i use old versions 2012

That's gesior version not php

 

[Joker Man]

you mean, index.php?

 

[Competitibia]

No webserver nginx uniservwr Apache whatever u using plus u working with anyone there is chance they uploaded some file to server that gave them access

 

[Joker Man]

No webserver nginx uniservwr Apache whatever u using plus u working with anyone there is chance they uploaded some file to server that gave them access

How did he find out?

 

[Competitibia]

I'm done

 

[Joker Man]

why he can`t page access ? only to withdraw points from my account panel -100000? opening- bug

 

[Jpstafe]

right, i use old versions 2012

use znote instead and do not open ports 3306 443. is there a bug with news_ticker in gesior. i think it's solved. but don't know where

 

[Sarah Wesker]

hello, some one hacked my website, take points 100000-Deleted Adm, Give self Access 5
gesior 2012 Full bug

No one else has reported being hacked using Gesior Web, so the problem is not the web.
So the only option left is that you yourself have introduced some change that left a security hole.
(Maybe someone did a job for you and left you a little gift.)

In the event that you have hired someone to add a new page to the panel, you can leave the file that was modified here and we will review it for you.
If you submitted the entire page, the web could be full of magical things.

The recommendation is that you download the web page from scratch again as it comes by default and make the modifications again, please do not use copy and paste files.

Have you already tried a default page? Let's see if they hack you again?
The problem may also be in the server scripts, there could be many things that are failing but you should start by ruling out suspicions.

You need to give better information than just a screenshot that does not have to be true, That capture does not mean anything.

 

[Joker Man]

No one else has reported being hacked using Gesior Web, so the problem is not the web.
So the only option left is that you yourself have introduced some change that left a security hole.
(Maybe someone did a job for you and left you a little gift.)

In the event that you have hired someone to add a new page to the panel, you can leave the file that was modified here and we will review it for you.
If you submitted the entire page, the web could be full of magical things.

The recommendation is that you download the web page from scratch again as it comes by default and make the modifications again, please do not use copy and paste files.

Have you already tried a default page? Let's see if they hack you again?
The problem may also be in the server scripts, there could be many things that are failing but you should start by ruling out suspicions.

You need to give better information than just a screenshot that does not have to be true, That capture does not mean anything.

really, my server is new All br like it, add script guild and, i lose everything
i just say, why he hacked, free items
i`m loser

 

[mano368]

really, my server is new All br like it, add script guild and, i lose everything
i just say, why he hacked, free items
i`m loser

try to better elaborate your sentences, if you don't know English, use google translator. if you want help, just give the necessary information. there are several here trying to help you but you don't pass on information with qquality.

just "hacked 10000- website"

this has no use

---------

tenta elaborar melhor suas frases, se nao sabe ingles, use o google tradutor. se voce quer ajuda, é só da as informações necessarias. tem varios aqui tentando te ajudar mas você não passa informações com qualidade.

apenas "hacked 10000- website"
isso não serve de nada

 

[Joker Man]

I explained that someone is greedy and wants to destroy the site and everything
He uses methods that have never passed me by
Pull the manager off the site then and to withdraw -1000000 from admin panel? how do the bug idk

 

[mano368]

I explained that someone is greedy and wants to destroy the site and everything
He uses methods that have never passed me by
Pull the manager off the site then and to withdraw -1000000 from admin panel? how do the bug idk

Only to know, you think that the person have acess to admin account?

 

[Gesior.pl]

right, i use old versions 2012

It's not official 2012 for sure. Probably it's not even 2012 - in 2012 version there is no Admin Panel/Shop Admin. It was in 2008 version. I've removed it, because features like that give hackers ability to escalate privileges easily.
Looks like Gesior2008 with some extra pages.

There were reports on OTLand from people who get hacked using custom acc. maker version (Gesior/MyAAC) with all these extra pages like 'polls' (SQL injection), 'bug report' (SQL injection), 'forum with modified styles' (XSS), 'admin panel' (SQL injection).

Gesior2012 supports only official TFS versions (database schema). Otservbr and custom servers (ex. Nostalrius 7.7 based on TFS 1.2) are not supported.
MyAAC and ZnoteAAC are much better at handling custom databases, you should test them (if they are compatible with your OTS):

GitHub - slawkens/myaac: A free and open-source Automatic Account Creator (AAC) written in PHP

A free and open-source Automatic Account Creator (AAC) written in PHP - slawkens/myaac

github.com

GitHub - Znote/ZnoteAAC: Developement repository for the Znote AAC project. A website portal to represent and manage your Open Tibia server.

Developement repository for the Znote AAC project. A website portal to represent and manage your Open Tibia server. - Znote/ZnoteAAC

github.com

After machine hack you should:

• backup database of OTS
• reinstall operating system - hacker could install some backdoor already
• change passwords/e-mails/recovery keys of GM/GOD/admin (ID 1) accounts - hacker may already know them
• upload files of OTS from your PC - not copy of files from current server, as they may be already infected by hacker [again, backdoor in C++/Lua)
• install official version of acc. maker from GitHub (Gesior2012/MyAAC/ZnoteAAC)

If you don't know how to configure Linux for hosting, hire someone to do it (~10 $).
If it's Ubuntu 20.04 I can configure it for free [after system reinstall, I've got auto-install script for clean Ubuntu 20.04], Discord: Gesior.pl#3208

EDIT:
Hacker could also install backdoor (trigger) in MySQL and it will be saved in database backup file. You should ask someone to review dumped .sql file, if there are only official TFS triggers or someone added backdoor.