Hatake Kakashi Posted December 15, 2011 Posted December 15, 2011 (edited) i need a security to avoid SQL injections. or firewall from those hackers. please help thanks damn here's hacker ip. ban his ip guys. so that never happen in your server. 112.200.171.112 Edited December 15, 2011 by hatake Quote
JayPee Posted December 18, 2011 Posted December 18, 2011 Try to lessen the commands that the application can execute in SQL like only allowing them to Select, Update, Delete and Insert which are the basic sql commands. I also found this in our Hostgator webpanel it offers website security: http://www.sitelock.com/landing/hostgator.php Quote
CalciumKid Posted December 21, 2011 Posted December 21, 2011 Ceres and FluxCP are completely safe if used correctly. If settings are left at their defaults and modifications are applied that are not penetration tested correctly, bad things happen. There is absolutely nothing wrong with either CP package, merely the idiots who use them incorrectly. If you were hacked, you were obviously foolish enough to leave a security exploit to begin with such as a default password or misconfiguration security setting. It is not our job to teach you common sense- perhaps if you lack the proper understanding of basic security measurements server hosting is not for you. A game server as *Athena may be, basic security features/practices still apply to it. 5 Quote
XkAcY- Posted January 7, 2012 Posted January 7, 2012 Ceres and FluxCP are completely safe if used correctly. If settings are left at their defaults and modifications are applied that are not penetration tested correctly, bad things happen. There is absolutely nothing wrong with either CP package, merely the idiots who use them incorrectly. If you were hacked, you were obviously foolish enough to leave a security exploit to begin with such as a default password or misconfiguration security setting. It is not our job to teach you common sense- perhaps if you lack the proper understanding of basic security measurements server hosting is not for you. A game server as *Athena may be, basic security features/practices still apply to it. +1 The fluxcp safe just so he said not safe for addons such as CMS just try without addons to see us be able to hack you Quote
Hayate Yoshida Posted January 23, 2012 Posted January 23, 2012 (edited) ok fine, i dont need help anymore for this issue. f**k all those want a money only for doing helping people regarding with this issue. sorry mods for my foul language, because i want to spread my feelings. thank you.. Seriously what's with the animosity? Someone gave you the best help, they pointed you to knowledge. In the future please research things. Don't expect people to do something for you. Most things on not having time is priority, you make time for what's important to you.As for things like sql injection phpacademy on youtube has some basic tutorials on how to do sql injection and how to prevent it. There are several resources out there. I actually would not recommend writing your own CP until you get pretty advanced in PHP or some other serverside scripting as you could actually end up making something even less secure. The best tool you can have against hacking is knowledge. Learn it. Edited January 23, 2012 by Sinon Yoshida Quote
iSkiddo Posted January 25, 2012 Posted January 25, 2012 Hatake Kakashi : actually every CP is not secured . even SGCP , FluxCP , CeresCP , they aren`t secured . just depends on your website.. check for vulnable and plant something inside .. thats should help Quote
Asura Posted February 10, 2012 Posted February 10, 2012 (edited) Ceres and FluxCP are completely safe if used correctly. If settings are left at their defaults and modifications are applied that are not penetration tested correctly, bad things happen. There is absolutely nothing wrong with either CP package, merely the idiots who use them incorrectly. If you were hacked, you were obviously foolish enough to leave a security exploit to begin with such as a default password or misconfiguration security setting. It is not our job to teach you common sense- perhaps if you lack the proper understanding of basic security measurements server hosting is not for you. A game server as *Athena may be, basic security features/practices still apply to it. Hi Hatake Kakashi, The only person in this whole topic which is speaking the absolute truth is CalciumKid. SQL Injection is not possible for FluxCP because of the way it parses the SQL requests in it's panel system. If you had your own website, and tried to improperly integrate Flux; then I can see there might be a chance of vulnerability for SQL Injection. Or if there was an add-on you used, which was poorly coded. A firewall will not protect you from a SQL Injection, nor blocking ports. Edited February 10, 2012 by Asura Quote
KeyWorld Posted February 10, 2012 Posted February 10, 2012 No. My exploit isn't related to SQL injection, it allow to use other users privileges to perform specify actions in the panel. If Calcium' wants to fix it, he can contact me; but I don't know about the future of FluxCP with paradox laziness and rathena new features. Quote
johnbond2 Posted March 22, 2012 Posted March 22, 2012 (edited) Ceres and FluxCP are completely safe if used correctly. If settings are left at their defaults and modifications are applied that are not penetration tested correctly, bad things happen. There is absolutely nothing wrong with either CP package, merely the idiots who use them incorrectly. If you were hacked, you were obviously foolish enough to leave a security exploit to begin with such as a default password or misconfiguration security setting. It is not our job to teach you common sense- perhaps if you lack the proper understanding of basic security measurements server hosting is not for you. A game server as *Athena may be, basic security features/practices still apply to it. +1 The fluxcp safe just so he said not safe for addons such as CMS just try without addons to see us be able to hack you Ceres and FluxCP are completely safe if used correctly. If settings are left at their defaults and modifications are applied that are not penetration tested correctly, bad things happen. There is absolutely nothing wrong with either CP package, merely the idiots who use them incorrectly. If you were hacked, you were obviously foolish enough to leave a security exploit to begin with such as a default password or misconfiguration security setting. It is not our job to teach you common sense- perhaps if you lack the proper understanding of basic security measurements server hosting is not for you. A game server as *Athena may be, basic security features/practices still apply to it. Hi Hatake Kakashi, The only person in this whole topic which is speaking the absolute truth is CalciumKid. SQL Injection is not possible for FluxCP because of the way it parses the SQL requests in it's panel system. If you had your own website, and tried to improperly integrate Flux; then I can see there might be a chance of vulnerability for SQL Injection. Or if there was an add-on you used, which was poorly coded. A firewall will not protect you from a SQL Injection, nor blocking ports. My fluxcp has a CMS add on as well as helloworld and vote_for_credits. Do you think these made my flux vulnerable to sql injection attacks? So do you mean that by using default flux addons or no addons then it will already be secured? I just want verification so I will revert everything back to default if needed just to be secured. Because right now my database is being attacked. He was able to generate items using query. He can search for accounts and know the password/s and he can even change a character name to a name with special characters like !@#$%^&*() which is not supported by character creation by default. He also can unban a banned account. Clearly he has access to my database! Please give me enlightenent. Thank you. Edited March 22, 2012 by gunman Quote
Asura Posted March 23, 2012 Posted March 23, 2012 Hi Gunman, I would suggest that you remove any add-ons which may not be up to date; also change all your passwords/account names for MySQL access. This will be the only absolute way that you can remove any possibility of this person further damaging your database. Quote
Olrox Posted March 23, 2012 Posted March 23, 2012 (edited) lol with this guy really... He says "I dont have the time to read, or to learn bla bla bla" and he asks other users to make the work for him, just because he wants and he is upset if someone will charge for that... Excuse me but, what a loser. Protect something agains PHP/SQL Hacking methods, it is not like requesting a script, or simple things... It is something very extensive that if you want to be 100% sure, you can't trust anyone to do that work for you. It is something made progressly, and it is necessary to be up to date to date with it, every time... so who will have the time to do this for you everyday? no one. Start to learn if you feel disrespected with paying for the time of SOMEONE and good luck. Edited March 23, 2012 by Olrox 2 Quote
ngek202 Posted March 23, 2012 Posted March 23, 2012 lol with this guy really... He says "I dont have the time to read, or to learn bla bla bla" and he asks other users to make the work for him, just because he wants and he is upset if someone will charge for that... Excuse me but, what a loser. Protect something agains PHP/SQL Hacking methods, it is not like requesting a script, or simple things... It is something very extensive that if you want to be 100% sure, you can't trust anyone to do that work for you. It is something made progressly, and it is necessary to be up to date to date with it, every time... so who will have the time to do this for you everyday? no one. Start to learn if you feel disrespected with paying for the time of SOMEONE and good luck. +1000000 LOL totally agree ( where's Super Girl) Quote
Olrox Posted March 23, 2012 Posted March 23, 2012 oh well she is in my heart <3! hahaha I'm not sure I think this one is cute too, don't you think? D: Quote
solid2005 Posted March 23, 2012 Posted March 23, 2012 · Hidden by Emistry, March 23, 2012 - Post with just a word "LOL" Hidden by Emistry, March 23, 2012 - Post with just a word "LOL" LOL.
ngek202 Posted March 23, 2012 Posted March 23, 2012 she looks ok, but Super Girl is just Super !! sorry offtopic LOL.. Quote
Hayate Yoshida Posted March 24, 2012 Posted March 24, 2012 (edited) lol with this guy really... He says "I dont have the time to read, or to learn bla bla bla" and he asks other users to make the work for him, just because he wants and he is upset if someone will charge for that... Excuse me but, what a loser. Protect something agains PHP/SQL Hacking methods, it is not like requesting a script, or simple things... It is something very extensive that if you want to be 100% sure, you can't trust anyone to do that work for you. It is something made progressly, and it is necessary to be up to date to date with it, every time... so who will have the time to do this for you everyday? no one. Start to learn if you feel disrespected with paying for the time of SOMEONE and good luck. I totally agree. I guess some people just aren't willing to have the patience or do the research. His loss I guess. Edited March 24, 2012 by Shinon Yoshida Quote
Question
Hatake Kakashi
i need a security to avoid SQL injections. or firewall from those hackers. please help thanks
damn here's hacker ip. ban his ip guys. so that never happen in your server.
112.200.171.112
Edited by hatake40 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.