Server got hacked

[ubeyou]

Hi, is there any ways to prevent server got hacked/ sql injected? 

 

Surprisingly the hacker only know how to delete the char table, and luckily i got perform daily backup.

 

Server: rAthena 17000+

CP: Flux CP

Edited March 6, 2013 by ubeyou

[orange]

purchase a SSL certificate and make your server cp secured. plus, seeing a https:// in your website wil make your players feel secured too and wil have confidence in you for keeping their data secured.

[Mystery]

Use a better secured password? Use multiple different passwords for different databases? No other way to really prevent something like that unless there is a security flaw inside your control panel or your passwords and usernames are easily guessable. 

[ubeyou]

but the problem is he only able to delete all the char data in the server. this is not the first time.

 

I checked the control panel & there is no login detected.

[Erazer]

I got a solution:

 

Get rid of the server

Move on

????

Win

[ubeyou]

That's not a solution haha. Actually the char deletion brings no harm to my server as I implemented a special backup system.

I just wanted to figure out a way to make the server more stable & immune to this char table deletion.

[Kichi]

change database & password

close ur CP for a while

[KeyWorld]

purchase a SSL certificate and make your server cp secured. plus, seeing a https:// in your website wil make your players feel secured too and wil have confidence in you for keeping their data secured.

Feel secured doesn't mean be secured.

Https don't protect from SQL injection and some hacks methods.

Surprisingly the hacker only know how to delete the char table, and luckily i got perform daily backup.

Maybe because he doesn't want to cheat but just want to annoyed your server.

As everyone said, it can come from any tool you add to your CP (forum, control panel, bug tracker) or in game npc (check for query_sql) or even from the hoster or your own team.

[Checkmate]

Find any malicious code in you server or winscp..
There should be some backdoor ^ ^

[Rayan]

Hi, is there any ways to prevent server got hacked/ sql injected? 

 

Surprisingly the hacker only know how to delete the char table, and luckily i got perform daily backup.

 

Server: rAthena 17000+

CP: Flux CP

well you can have security measures, firstly , are you using

phpmyadmin >?? if yes then might be your phpmyadmin version is low ,

check your php version first , by command

php -v

IF its below 5.2 , you MUST update php and hence phpmyadmin. As the before versions were vulnerable.

Next

is your database user/passowords , I recommend passwords generated

automatically, they are more secure than any of the other.

If 

you are using eAthena  , i would suggest you to move on to rathena .

But if you want to use eathena mobs and items and other things , just

copy paste them here to der, DONT DO THAT WITH SRC.

rAthena is way too much secure than eAthena and is advanced.

At

last is your flux, The flux for eathena have a Loop hole, I would never

use old flux if i were you, Rather switch to Calcium Kid's CP or

Xantara's CP.