• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

My server got attacked, what to do now and later?

M

Maaatz

New Member
Joined
Mar 10, 2010
Messages
17
Reaction score
0
Hello! I would first like to add that I am not really good in the field!

I have started an Open tibia server including website! After much hard work and I was finally done but obviously I was being attacked! Already after a few hours, the person in question took over rights in any way, and made himself GOD, Additionally logged into my account aswell.

Hence I concluded that the person had access to my database when he made hin selfe to GOD and had acess to my user name and password.

Could this be an attack that affected my computer in the future? an persistent "virus"?

Setup:
I use XAMPP and run mysql and apache, with a fairly secure password, however i use the default username (root) I also have Virus Protection and Firewall which is obvious?!?

Below you can see my security "setup" XAMPP
Note: For the top that says unsecure, I read a little about and it turns out to be not as serious as it sounds because it really means that everyone in my local network can access my database??? (Still password protected)
http://oi45.tinypic.com/2vughs5.jpg

i have opened port 7171,7172,3306 and 80 to host my server and website! (if that matters)

To get a different IP address, I use
Enhanced Dynamic DNS http://noip.com

Which I later got a tip to use another service called
www.cloudflare.com/, which also hides your IP address as above apparently not does.
However, I realized that i must have a registered domain for this, which I do not have or intend to have. because my goal with the start of the reserve was to eke out a student bank account! (Even if a domain will cost about 20$ a year)

Anyone know a similar service that is free, I'd appreciate the tip.!

The guy who was attacking was stupid enough to register his real? email address on his account, so that I have. Email address seems [email protected] so I know probably know his name too. (Also a rare lastname in sweden) i allso got his ip address.

Do you think I should report him, as the punishment for hacking is high or should I give back with similar action?

BUT my main question is which services and what should I do to get a secure website and game server?

Appreciate the help very much because I have spent a lot of time and hard work to get this to done, and now see my work beign crashed sux!

Thanks in advance!
 
Sort by date Sort by votes
As of my experience do the following:

Uninstall XAMPP.
XAMPP is used for testing purposes, there are like 20 tutorials on "How to make XAMPP foolproof" because it's easily hacked.
Get rid of it and get something like Uniform Server or google something MORE SECURE.

Can't be of any help with your domain issue, maybe someone else can provide more info.

As of the "genius" who managed to connect to a database via root user and "just" make himself GOD (I'd make you start from scratch *evil* :> ) ignore him and get your system secured.
You can have like 5 AV programs and still be hacked because you downloaded some shit you didn't check beforehand or clicked some sexy chick and installed a trojan,... list goes on, just use your brain.
You were pretty lucky though ...

Oh yeah, dedicated services could help! If you can afford them...
 
Upvote 0 Downvote
Zyntax said:
As of my experience do the following:

Uninstall XAMPP.
XAMPP is used for testing purposes, there are like 20 tutorials on "How to make XAMPP foolproof" because it's easily hacked.
Get rid of it and get something like Uniform Server or google something MORE SECURE.

Can't be of any help with your domain issue, maybe someone else can provide more info.

As of the "genius" who managed to connect to a database via root user and "just" make himself GOD (I'd make you start from scratch *evil* :> ) ignore him and get your system secured.
You can have like 5 AV programs and still be hacked because you downloaded some shit you didn't check beforehand or clicked some sexy chick and installed a trojan,... list goes on, just use your brain.
You were pretty lucky though ...

Oh yeah, dedicated services could help! If you can afford them...
Click to expand...


thanks for the fast reply !!
i was just installing uniform :)
Im getting a wierd error :S, in my file UniServer/uni_con/uni_con_service.hta, it says the value in file uni_con_service.hta is null or undefined and not an funtion, any clue?

Ye i know about that trojan shit :S

I was thinking about using dedicated but i wanna get everyting running smooth first.

Anyone knows something more that i can do ?:)
 
Upvote 0 Downvote
as he said, xampp is a no no =d

he most likely gained access to your xampp directory and allowed himself access to your phpMyAdmin which will connect locally

also use encryption for passwords, yes it's not entirely undecryptable but most people that hack xampp and what not they are really just noobs that got a trick off the internet to destroy things for other people because they have no life and they are so bored and misserable with their own lives they try and make this for others =d

personally i use Internet Information Services of Windows, but i am going to start learning a bit about linux for best and most stable hosting which if you know anythin gabout is your best bet to use since youa re already starting nearly fresh so you wont have to redo EVERYThing that isn't specific enough for linux to understand

as for your domain service, it does not matter which you use, people will still be able to obtain your ip address unless the server is ran through a proxy which would create lagg unless you have your own proxy ran from a main datacenter, and a host connected directly through it

so basically use whatever you prefer

I've never used uniform server so 0.o I have no idea about the error...


but what value specificially is null? that would help
 
Upvote 0 Downvote
dchampag said:
as he said, xampp is a no no =d

he most likely gained access to your xampp directory and allowed himself access to your phpMyAdmin which will connect locally

also use encryption for passwords, yes it's not entirely undecryptable but most people that hack xampp and what not they are really just noobs that got a trick off the internet to destroy things for other people because they have no life and they are so bored and misserable with their own lives they try and make this for others =d

personally i use Internet Information Services of Windows, but i am going to start learning a bit about linux for best and most stable hosting which if you know anythin gabout is your best bet to use since youa re already starting nearly fresh so you wont have to redo EVERYThing that isn't specific enough for linux to understand

as for your domain service, it does not matter which you use, people will still be able to obtain your ip address unless the server is ran through a proxy which would create lagg unless you have your own proxy ran from a main datacenter, and a host connected directly through it

so basically use whatever you prefer

I've never used uniform server so 0.o I have no idea about the error...


but what value specificially is null? that would help
Click to expand...


Thanks for reply!

yeah i just searched at google and i now understands that XAMPP is unsecure :S, i tought that shit was good.

i just downloaded an older version of uniform server that was released in 2011 and that works. All their newer versions with the new controll panel dosent work.

about the error i looked in the file thats are messing and its so complex and the error just says its line XXX and is depends on with button i use.
The old verion from 2011 works but i discovered that it donsent have all new updates for like phpmyadmin etc, can that be an security issue?

yeah linux would me nice but when i started to learn about the new server style with sql and apache servers i was sceard of that shit it looks so complicated (last i had a server was when all were XML based) :)
but linux will be an later project :)

So you are saying that noip.com and cloudblabla and all those DNS/redict services is the same?

So i will be secure if restart the server form scratch and use a secure service like uniform? (i read only good about uniform)
And have a long and secure password for phpmyadmin?

Thanks again.
If someone knows even more you are welcome to reply. i want this shit as secure as it can be i got so fucking dissapointed about this when i worked so hard at this:)
 
Upvote 0 Downvote
Sorry for the caps but please listen if you ever go back to xampp in the future!!!


USE SHA1 NOT PLAIN IN YOUR CONFIG.LUA (SERVER FOLDER) AND ALSO ON YOUR ROUTER MAKE SURE YOU ARE NOT USING THE DEFAULT "ADMIN" "PASSWORD" JOB! ALSO WHEN YOU HAVE XAMPP REMOVE THE >> "NEWS ARCHIVES" << thats how so many people get mqsql injected...

hope you see my point of view!!!
 
Upvote 0 Downvote
Thanks for reply, yeah your right i understand now that XAMPP sux.
Specially because i use SHA1 and dont have default router passwords. But maby that news archives made the day :/
 
Upvote 0 Downvote
thats how all the hackers usualy get in (black hats) i've had it done to me befor its not nice at all, but if you do go back to xampp "please remember to remove them new archives"
 
Upvote 0 Downvote
Yeah but why care about XAMPP when there is other software, like uniform:)

On the new software frome uniform i get errors, do you guys think its a security risk to use an older version frome 2011?

EDIT: btw when you say news archives you mean the subfolder of news in AAC?
 
Upvote 0 Downvote
if the older uniform version was used and been said it was very stable "also check the website you download from" then ofc its like any other software you download it gets outdated but it was safe at the time.




-- Update --

im not 100% sure on how uniform works but what ever leads to > news archieve's < just remove them
 
Last edited:
Upvote 0 Downvote
I personally used Uniform a while back (2010?) and I've never been hacked (or noone tried seriously :D )

So, basically I could vouch for the 2011 version, as long as their are NO SECURITY issues (read the patchnotes from the newer version) you can use an older version.

But, to be on the safe side, fix that error and use the latest software, it can't be that hard, google the error, read their forums, you can't be the only one with that kind of problem!
 
Upvote 0 Downvote
[EDIT] LoL as its described cloud flare should work for pretty much anything but that is not the case. So just ignore this REPLY.

You can use dot.tk to setup something.tk domain with free ns usability and you can set it up with cloudflare if you so desire I can do this for you but you will need to have dedicated IP or still use no-ip then redirect that to cloudflare also this would mean a new no ip domain :) Contact me via PM i can help you :)

P.S. you can get a .com domain for as low as 3$ a year latter on max 10$
 
Last edited:
Upvote 0 Downvote
Smokiee Jo said:
Sorry for the caps but please listen if you ever go back to xampp in the future!!!


USE SHA1 NOT PLAIN IN YOUR CONFIG.LUA (SERVER FOLDER) AND ALSO ON YOUR ROUTER MAKE SURE YOU ARE NOT USING THE DEFAULT "ADMIN" "PASSWORD" JOB! ALSO WHEN YOU HAVE XAMPP REMOVE THE >> "NEWS ARCHIVES" << thats how so many people get mqsql injected...

hope you see my point of view!!!
Click to expand...

SHA1 is kind of obsolete.. A good cracker could still get your PW, unless you have something like "p4$Sw0R|>" ofc, it would take years xD
I'm gonna be a little bit encryption fanboy here and say the best thing ever if your server would get hacked. Hash it with SHA512 or smthing :3 ( would require some software edits ofc xD )
 
Upvote 0 Downvote
Now am i up and running again. I want you guys to see if i need something more!
Setup:
*Uniform server
*11 letters login name and 14 letters/numbers long password for phpmyadmin,adminpanel and ingame.
* Sha1 encryption
* deleted all default users AND changed password for user PMA (phpmyadmin)
* Changed router password

This is my admin panel:
http://oi45.tinypic.com/15s7dxf.jpg
im a little worried about "local view". that has no link and i cant change it :S, but on the other side i cant reach admin panel etc from my phone, it says access denied.

What do you think is this enough?
 
Upvote 0 Downvote

Similar threads

alelu541
  • Question
AAC AAC not connecting with my SQL
Replies
1
Views
387
slaw
slaw
Duzo
  • Solved
Zone ACC Version 1.5 Can't Register Account. TFS 1.0
Replies
6
Views
943
kibo433
K
D
  • Question
Setting up website for OT server
Replies
1
Views
528
Mateus Robeerto
Mateus Robeerto
Epsilons
  • Question
OTClient Stuck on "Please wait : Connecting to login server" (ERROR: got a network message with invalid checksum)
Replies
10
Views
885
Epsilons
Epsilons
Back
Top