Improving security

Oceanic · Jul 20, 2008

This guide will help you to improve your security on your servers.
To use this guide you shall my-SQL installed and use a AAC page.

Step 1 - Basics
First make sure that you dont use the default username and password. You can do this very simple with this code

PHP:

<?
mysql_connect("localhost", "root", "") or die(mysql_error());
echo "You have a security problem";
?>

If you got the message:

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'root'@'localhost' (using password: NO) in D:\xampp\htdocs\index.php on line 2
Access denied for user 'root'@'localhost' (using password: NO)

Then your SQL is safe.

Step 2 - phpmyadmin
Just because your SQL is safe it dosent mean that it is impossebile to hack, almost all server-applications have some problems.
Always check so phpmyadmin is not able to access your SQL server.

http://localhost/phpmyadmin/

The best thing to do is to delete the folder phpmyadmin in the xampp folder. Because it is possebile to Bruteforce it.

Step 3 - XSS
XSS (Cross-site scripting) is a method that is able to do when a user is able to input own html code into the website.
Most time you steal the cookies from the one you want passwords from, and then use his cookies to access the persons account.
One easy way to do this is when a user import external scripts.

HTML:

<script src="http://location_to_the_script.js">

All you need is some experience in javascript.

Step 4 - SQL-Injection

The last thing is the SQL-Injection. This is the most popular method to use, you find a place to inject a " or ' character into a input field. If you success you may get an error that says:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1

If some one use "union select" or "show tables" they can be able to get all the server information

Step 5 - Last word
This was all, hope you have some use of it, because many server has problems with this.

Gesior.pl · Jul 20, 2008

About second step and bruteforce:
Set loong password to database and remember about numbers in password. Someone try to hack my MySQL database from ~6 days with bruteforce script without result

If you have phpmyadmin, fast connection and your CPU use is 50%(2 cores) or 100% by "Apache" it's attack, delete phpmyadmin folder or add "exit;" in second line of index.php in phpmyadmin folder.

Oceanic · Jul 20, 2008

Gesior.pl said:
About second step and bruteforce:
Set loong password to database and remember about numbers in password. Someone try to hack my MySQL database from ~6 days with bruteforce script without result
If you have phpmyadmin, fast connection and your CPU use is 50%(2 cores) or 100% by "Apache" it's attack, delete phpmyadmin folder or add "exit;" in second line of index.php in phpmyadmin folder.

Yes, adding things like ["#]() in the password eliminate the risk of a bruteforce, most bruteforce just use a-z 1-9.
So swedish letters like åäö is very good

Dulin · Jul 20, 2008

yes yes, very cool tutorial. Im excited. You have done very good work to otserv security.

Exiled Pain · Jul 22, 2008

But could you elaborate a bit more on step 3 and 4 please...
Didn’t quite get them... (srry a bit noobish of me)
Where to fix this or how to secure that part.

And also got one question.
Is there a program out there (if so just yes or no, don’t want to give out ideas, lol) or is it possible that someone could just type your servers IP or some address and gain full access to your full server folder and steal it??

I'm kind of worried about this, and if so how could you protect your self against it..

Cause I now there are some Trojans and stuff out there that can do this, but someone would have to download the thing into the host PC. But if that's not the case and the host PC doesn’t receive any files consciously (let say getting some picture with the Trojan hidden in it), can this happen, can someone with anything at all just get this kind of access??

Also I’m a bit worried about Avarianas account manager in the guild section, where people can upload their guilds logo, could something be done to secure this part.

Many questions I know, but this is an interesting issue that many times, hosters don’t take the time and care they should and are completely vulnerable, and I know no one is a 100% safe, but would like to reduce the risk of at least the most noobish hackers of taking control of OTs.

Oceanic · Jul 25, 2008

One esy way to protect is to make sure your computer is virus protected, use a simple application like Avast.

Step 3 (XSS) is that some one steal your "login information". And then the hacker use this information to login, it is very simple if you know some javascipt.

Step 4 is a bit tricky, you need to know the basics in php and My-sql to understand it. But the basic is that some one add a "' to much so the server get an error, then the hacker enter own code like "show tables()".

Bruteforce is the most simple way to protect against, you just use a capatcha or some thing like that so you can prove that your user is a human and not a computer that is spamming logins.
If you get hacked by bruteforce just check your logs and you will find his IP very easy

Then talk to your local police

Znote · Jul 25, 2008

Oceanic said:
Yes, adding things like ["#]() in the password eliminate the risk of a bruteforce, most bruteforce just use a-z 1-9.
So swedish letters like åäö is very good

I tryed to add things like €, £ $ and #.

But got error on xampp and they asked me to use standard letters a - z 1 - 9 :S

But at the end i used big letters, small letters, and numbers, and make the password pretty long

JayBeee · Jul 25, 2008

Ya, I've got a password that's 12 symbols, mixed between numbers and letters, all randomized. ^^

Oceanic · Jul 26, 2008

Using random password to, also got CAPATCHA to prove my self, and of course BLOW-FISH

koitsalu · Aug 6, 2008

but if I remove phpmyadmin, how am I supposed to edit the SQL?

Oceanic · Aug 6, 2008

koitsalu said:
but if I remove phpmyadmin, how am I supposed to edit the SQL?

Use Navicat or SQL console?

Snel pUppie · Aug 7, 2008

Improving security? Shouldn't you add HOW to protect yourself from XSS or SQL injections? You did just tell the people how you can abuse this security leaks, not to improve the security. I believe you have at least a basic php knowledge, why not explain how to use addslashes and how they work? Same with
mysql_real_escape_string. This would totally improve your guide and the others safety

Oceanic · Aug 8, 2008

Snel pUppie said:
Improving security? Shouldn't you add HOW to protect yourself from XSS or SQL injections? You did just tell the people how you can abuse this security leaks, not to improve the security. I believe you have at least a basic php knowledge, why not explain how to use addslashes and how they work? Same with
mysql_real_escape_string. This would totally improve your guide and the others safety

Forgot to talk on that

I prefer htlmspecialchars(); instead of addslashes();
I update guide tonight

Improving security

Oceanic

Php / C++ / MySQL

Gesior.pl

Mega Noob&LOL 2012

Oceanic

Php / C++ / MySQL

Dulin

Member

Exiled Pain

Fervid Learner

Oceanic

Php / C++ / MySQL

Znote

<?php echo $title; ?>

JayBeee

Retired Global Mod

Oceanic

Php / C++ / MySQL

koitsalu

Banned User

Oceanic

Php / C++ / MySQL

Snel pUppie

Member

Oceanic

Php / C++ / MySQL

Similar threads