Security to all hackers.

Hatake Kakashi · December 15, 2011

i need a security to avoid SQL injections. or firewall from those hackers. please help thanks

damn here's hacker ip. ban his ip guys. so that never happen in your server.

112.200.171.112

Edited December 15, 2011 by hatake

JayPee · December 18, 2011

Try to lessen the commands that the application can execute in SQL like only allowing them to Select, Update, Delete and Insert which are the basic sql commands.

I also found this in our Hostgator webpanel it offers website security: http://www.sitelock.com/landing/hostgator.php

CalciumKid · December 21, 2011

Ceres and FluxCP are completely safe if used correctly.

If settings are left at their defaults and modifications are applied that are not penetration tested correctly, bad things happen.

There is absolutely nothing wrong with either CP package, merely the idiots who use them incorrectly.

If you were hacked, you were obviously foolish enough to leave a security exploit to begin with such as a default password or misconfiguration security setting.

It is not our job to teach you common sense- perhaps if you lack the proper understanding of basic security measurements server hosting is not for you. A game server as *Athena may be, basic security features/practices still apply to it.

XkAcY- · January 7, 2012

Ceres and FluxCP are completely safe if used correctly.

If settings are left at their defaults and modifications are applied that are not penetration tested correctly, bad things happen.

There is absolutely nothing wrong with either CP package, merely the idiots who use them incorrectly.

If you were hacked, you were obviously foolish enough to leave a security exploit to begin with such as a default password or misconfiguration security setting.

It is not our job to teach you common sense- perhaps if you lack the proper understanding of basic security measurements server hosting is not for you. A game server as *Athena may be, basic security features/practices still apply to it.

+1

The fluxcp safe just so he said not safe for addons such as CMS just try without addons to see us be able to hack you

Hayate Yoshida · January 23, 2012

ok fine, i dont need help anymore for this issue. f**k all those want a money only for doing helping people regarding with this issue. sorry mods for my foul language, because i want to spread my feelings. thank you..

Seriously what's with the animosity? Someone gave you the best help, they pointed you to knowledge. In the future please research things. Don't expect people to do something for you. Most things on not having time is priority, you make time for what's important to you.

As for things like sql injection phpacademy on youtube has some basic tutorials on how to do sql injection and how to prevent it. There are several resources out there. I actually would not recommend writing your own CP until you get pretty advanced in PHP or some other serverside scripting as you could actually end up making something even less secure. The best tool you can have against hacking is knowledge. Learn it.

Edited January 23, 2012 by Sinon Yoshida

iSkiddo · January 25, 2012

Hatake Kakashi : actually every CP is not secured . even SGCP , FluxCP , CeresCP , they aren`t secured . just depends on your website.. check for vulnable and plant something inside .. thats should help

Asura · February 10, 2012

Ceres and FluxCP are completely safe if used correctly.

If settings are left at their defaults and modifications are applied that are not penetration tested correctly, bad things happen.

There is absolutely nothing wrong with either CP package, merely the idiots who use them incorrectly.

If you were hacked, you were obviously foolish enough to leave a security exploit to begin with such as a default password or misconfiguration security setting.

It is not our job to teach you common sense- perhaps if you lack the proper understanding of basic security measurements server hosting is not for you. A game server as *Athena may be, basic security features/practices still apply to it.

Hi Hatake Kakashi,

The only person in this whole topic which is speaking the absolute truth is CalciumKid. SQL Injection is not possible for FluxCP because of the way it parses the SQL requests in it's panel system.

If you had your own website, and tried to improperly integrate Flux; then I can see there might be a chance of vulnerability for SQL Injection. Or if there was an add-on you used, which was poorly coded.

A firewall will not protect you from a SQL Injection, nor blocking ports.

Edited February 10, 2012 by Asura

KeyWorld · February 10, 2012

No.

My exploit isn't related to SQL injection, it allow to use other users privileges to perform specify actions in the panel.

If Calcium' wants to fix it, he can contact me; but I don't know about the future of FluxCP with paradox laziness and rathena new features.

johnbond2 · March 22, 2012

Ceres and FluxCP are completely safe if used correctly.

If settings are left at their defaults and modifications are applied that are not penetration tested correctly, bad things happen.

There is absolutely nothing wrong with either CP package, merely the idiots who use them incorrectly.

If you were hacked, you were obviously foolish enough to leave a security exploit to begin with such as a default password or misconfiguration security setting.

It is not our job to teach you common sense- perhaps if you lack the proper understanding of basic security measurements server hosting is not for you. A game server as *Athena may be, basic security features/practices still apply to it.

+1

The fluxcp safe just so he said not safe for addons such as CMS just try without addons to see us be able to hack you

Ceres and FluxCP are completely safe if used correctly.

If settings are left at their defaults and modifications are applied that are not penetration tested correctly, bad things happen.

There is absolutely nothing wrong with either CP package, merely the idiots who use them incorrectly.

If you were hacked, you were obviously foolish enough to leave a security exploit to begin with such as a default password or misconfiguration security setting.

It is not our job to teach you common sense- perhaps if you lack the proper understanding of basic security measurements server hosting is not for you. A game server as *Athena may be, basic security features/practices still apply to it.

Hi Hatake Kakashi,

The only person in this whole topic which is speaking the absolute truth is CalciumKid. SQL Injection is not possible for FluxCP because of the way it parses the SQL requests in it's panel system.

If you had your own website, and tried to improperly integrate Flux; then I can see there might be a chance of vulnerability for SQL Injection. Or if there was an add-on you used, which was poorly coded.

A firewall will not protect you from a SQL Injection, nor blocking ports.

My fluxcp has a CMS add on as well as helloworld and vote_for_credits. Do you think these made my flux vulnerable to sql injection attacks?

So do you mean that by using default flux addons or no addons then it will already be secured? I just want verification so I will revert everything back to default if needed just to be secured. Because right now my database is being attacked. He was able to generate items using query. He can search for accounts and know the password/s and he can even change a character name to a name with special characters like !@#$%^&*() which is not supported by character creation by default. He also can unban a banned account. Clearly he has access to my database!

Please give me enlightenent.

Thank you.

Edited March 22, 2012 by gunman

Asura · March 23, 2012

Hi Gunman,

I would suggest that you remove any add-ons which may not be up to date; also change all your passwords/account names for MySQL access. This will be the only absolute way that you can remove any possibility of this person further damaging your database.

Olrox · March 23, 2012

lol with this guy really...

He says "I dont have the time to read, or to learn bla bla bla" and he asks other users to make the work for him, just because he wants and he is upset if someone will charge for that...

Excuse me but, what a loser. Protect something agains PHP/SQL Hacking methods, it is not like requesting a script, or simple things... It is something very extensive that if you want to be 100% sure, you can't trust anyone to do that work for you.

It is something made progressly, and it is necessary to be up to date to date with it, every time... so who will have the time to do this for you everyday? no one. Start to learn if you feel disrespected with paying for the time of SOMEONE and good luck.

Edited March 23, 2012 by Olrox

ngek202 · March 23, 2012

lol with this guy really...

He says "I dont have the time to read, or to learn bla bla bla" and he asks other users to make the work for him, just because he wants and he is upset if someone will charge for that...

Excuse me but, what a loser. Protect something agains PHP/SQL Hacking methods, it is not like requesting a script, or simple things... It is something very extensive that if you want to be 100% sure, you can't trust anyone to do that work for you.

It is something made progressly, and it is necessary to be up to date to date with it, every time... so who will have the time to do this for you everyday? no one. Start to learn if you feel disrespected with paying for the time of SOMEONE and good luck.

+1000000 LOL totally agree ( where's Super Girl)

Olrox · March 23, 2012

oh well she is in my heart <3! hahaha I'm not sure I think this one is cute too, don't you think? D:

solid2005 · March 23, 2012

LOL.

ngek202 · March 23, 2012

she looks ok, but Super Girl is just Super !!

sorry offtopic LOL..

Hayate Yoshida · March 24, 2012

lol with this guy really...

He says "I dont have the time to read, or to learn bla bla bla" and he asks other users to make the work for him, just because he wants and he is upset if someone will charge for that...

Excuse me but, what a loser. Protect something agains PHP/SQL Hacking methods, it is not like requesting a script, or simple things... It is something very extensive that if you want to be 100% sure, you can't trust anyone to do that work for you.

It is something made progressly, and it is necessary to be up to date to date with it, every time... so who will have the time to do this for you everyday? no one. Start to learn if you feel disrespected with paying for the time of SOMEONE and good luck.

I totally agree. I guess some people just aren't willing to have the patience or do the research. His loss I guess.

Edited March 24, 2012 by Shinon Yoshida

Sign In

Security to all hackers.

Question

Link to comment

Share on other sites

40 answers to this question

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members