Hello everyone, I host a server and I bought a dedicated server. I use theforgottenserver(the newest version) and Gesiors site. I've reoved phpmyadmin from xampp and still my server got hacked by a guy, I don't know HOW, but he managed to give everyone level etc.. So I wonder what can I do to protect my server?
Hacking problem!
- Thread starter Saj
- Start date
i got this problem too :/ i using old Gesior Acc maker and hacker tell me to delete PHPMA from xampp he using PMA user to enter to my DB and he got backup of my DB :/ have all rec keys etc 
(
(
PhPMyAdmin (PHPMA) has and will be insecure for a long period of time..
I spoke with a friend of mine a year ago, someone who has been working with computers for 21 years (lots of years with Dos, yeah xD) - who claimed that Apache is very secure for its low cost (free) but that the Xampp package isn't as safe, who includes PHPMA.. Use MySql-DB-browsers instead. Try this or Navicat instead..
I spoke with a friend of mine a year ago, someone who has been working with computers for 21 years (lots of years with Dos, yeah xD) - who claimed that Apache is very secure for its low cost (free) but that the Xampp package isn't as safe, who includes PHPMA.. Use MySql-DB-browsers instead. Try this or Navicat instead..
Changed your password?
On admin/GM in OT? On mysql DB?
If so, you either got Apache v1.0.0 beta, you got a virus/backdoor, or your aac is insecure.
PS: I'll find out if you got any webserver-based security holes/bugs and if you got any backdoors, for a small price
On admin/GM in OT? On mysql DB?
If so, you either got Apache v1.0.0 beta, you got a virus/backdoor, or your aac is insecure.
PS: I'll find out if you got any webserver-based security holes/bugs and if you got any backdoors, for a small price
- Joined
- May 27, 2007
- Messages
- 6,390
- Solutions
- 21
- Reaction score
- 1,472
phpMyAdmin is not insecure. phpMyAdmin's only security weakness is that it doesn't have any bruteforce protection, but if you use a long enough password you don't have to worry so much about that. If you're still worried you can create a .htaccess file to only allow your IP to connect to it, you can also place it in a directory that only you know about.
phpMyAdmin 2.9.1.1-Debian-8, you have my permission to try to hack it, good luck.
You've probably patched it or something, but only time will show.
I've found several PHPMA bugs earlier, though I technically didn't know nor know today what I was doing -- what I did was, using the XSS bugs in different AACs to inject myself, by JS redirection over to phpmyadmin and then used SQL injection (in one package/url injection)
AAFFF, I got hacked today, just few minutes ago! I was using TFS 0.2, and Gesiors aac 3.0, the hacker deleted all the tables in my database and created a new one named.
"hacked by svenskpopis thanks talaturen "
Please someone helpme.
I have my doubts, maybe if some1 hacked my god, can deleted databases from the web? Cause the hacker didnt loged into the host.
"hacked by svenskpopis thanks talaturen "
Please someone helpme.
I have my doubts, maybe if some1 hacked my god, can deleted databases from the web? Cause the hacker didnt loged into the host.
Blue Charizard
Blue where it counts
Best way to not get hacked, is to not use any web-based database access, and for the love of god, do NOT use root as the account to connect your server/AAC to the mysql db, its like asking to get your entire DB deleted.
Simple solutions for a secure database/server:
1. Do not use web-based MySQL database managers, use the tools made by MySQL (Administrator & Query Browser), or navicat if you cannot figure out how to use the MySQL ones, and perferrabley disable remote root-access, unless you're planning on doing alot of database management on root from another computer. (But i doubt you will have reason for that anyways)
2. For connecting your server/AAC to the database, create a new user and ONLY give it privileges to access your OTserv database, nothing else. Dont EVER use the Root account for anything else than database management and user/server management!
3. Keep your MySQL, Apache and PHP up to date, new releases means new bugfixes and security-fixes.
4. Use long multi-cased numeric ASCII passwords made from made-up words of your own (or words from your own language), so they cannot be bruteforced easilly, a good example would be "fR4gZ03r@d4T0r*U/\/dUl4t5567" or "chW4rtZ3@@k4tZ3***n13Z3895", it may be a bit annoying to type, but it keeps your database safe from most conventional dictionary bruteforcing.
5. Get a router and a good firewall and keep all ports closed exept for the ports needed for Server/Apache/Mysql, and have the firewall keep a log of any connection which connects to your Apache/MySQL which is not from your own computer. (If only programs on your server is meant to connect to your database/whatever, it wouldnt make sense if another IP attempted connecting, would it?)
6. Do frequent database backups, perferrabley several times a day, on a separate drive (USB stick, portable harddrive, etc) thus even if the worst were to happen (Like your dog suddenly gaining "haxxor skills" and deciding on deleting your OTserv database), you will always have an up-to-date backup to restore.
Sure, there is no thing as the "perfectly secure computer", even NASA and FBI and CIA has been hacked, the only way to be perfectly secure is no not use the internet at all, but the tips mentioned above will at least elevate your server beyond the reach of most script-kiddie hackers.
Simple solutions for a secure database/server:
1. Do not use web-based MySQL database managers, use the tools made by MySQL (Administrator & Query Browser), or navicat if you cannot figure out how to use the MySQL ones, and perferrabley disable remote root-access, unless you're planning on doing alot of database management on root from another computer. (But i doubt you will have reason for that anyways)
2. For connecting your server/AAC to the database, create a new user and ONLY give it privileges to access your OTserv database, nothing else. Dont EVER use the Root account for anything else than database management and user/server management!
3. Keep your MySQL, Apache and PHP up to date, new releases means new bugfixes and security-fixes.
4. Use long multi-cased numeric ASCII passwords made from made-up words of your own (or words from your own language), so they cannot be bruteforced easilly, a good example would be "fR4gZ03r@d4T0r*U/\/dUl4t5567" or "chW4rtZ3@@k4tZ3***n13Z3895", it may be a bit annoying to type, but it keeps your database safe from most conventional dictionary bruteforcing.
5. Get a router and a good firewall and keep all ports closed exept for the ports needed for Server/Apache/Mysql, and have the firewall keep a log of any connection which connects to your Apache/MySQL which is not from your own computer. (If only programs on your server is meant to connect to your database/whatever, it wouldnt make sense if another IP attempted connecting, would it?)
6. Do frequent database backups, perferrabley several times a day, on a separate drive (USB stick, portable harddrive, etc) thus even if the worst were to happen (Like your dog suddenly gaining "haxxor skills" and deciding on deleting your OTserv database), you will always have an up-to-date backup to restore.
Sure, there is no thing as the "perfectly secure computer", even NASA and FBI and CIA has been hacked, the only way to be perfectly secure is no not use the internet at all, but the tips mentioned above will at least elevate your server beyond the reach of most script-kiddie hackers.
Last edited:
Similar threads
