Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[benlakaz]

is there any script to avoid session hack in mccodes v2?
because I experienced my mccodes v2 being hacked by a user an he became admin.. thanks

[Cronus]

I really doubt he used a session hack.
There are a lot more options that seem far more likely.

[benlakaz]

what should i do to avoid this?

[ChrisJonesCJ]

"what should i do to avoid this?"

1: Dont use an obvious password make sure it's something long and complex such as random letters numbers.
Use a diffrent username to your login name.

2: Obvious but dont share your account details with ANYONE ! not a coder who is offering your help or a close friend.

3: Learn to code.


From MY experience with mccode I dont think you where session hacked but why not search mccode related forums for security updates (just search the word security)

that would be a good easy start.

[Danny696]

i bet you were forum hacked.

[strats]

Secure your forum. Here a some secure forums :
http://www.cronwerks.com/forum/cronwerks-free-mccode-mccodes-mods/(mccode)-secured-advanced-forums/
I found this one very easy to use :
http://dev-forum.net/index.php/topic,666.0.html


Also making sure you secure pages like your login.php, authenticate.php
register.php  x 2 and header.php

To secure these pages you must find,

Code: [Select]

$IP = ($_SERVER['HTTP_X_FORWARDED_FOR'])
? $_SERVER['HTTP_X_FORWARDED_FOR']
: $_SERVER['REMOTE_ADDR'];
And replace with,

$IP = $_SERVER['REMOTE_ADDR'];


There are many other pages with small bugs and un secure pages you would have to search through them all.

[Danny696]

For MTG's forums you will need Php5

[strats]

I was hacked the other day through the preference page.
The best thing for that is to make it so users have to upload pictures from their computer to your site.
This way users can not abuse the display pic thingy lol

[ryantommo]

It is session hijacking people did it on my game untill i found it out what they do is

put this as there display picture > staff_special.php?action=user_level=blah n so on

so that when you visit there profile it makes them admin there is ways to stop this using a few different things you can post MTG's mod where it doesnt let them do it or one where it makes sure they type in a .jpg file is a nasty glitch and is pretty gutting to a site when users can make themself admin i suggest u fix it :/

[gambino]

if you PM me, I will help you on securing your site. I have scripts that really do work.

[Danny696]

No script will secure a site. Get it in your head.

[gambino]

dude. you just don't know because I had people give them self lots of money, crystals, high stats, donater days, give other people stuff, and change them selfs into admins. I found out what they are using to get that and I created a code that blocks it and no one can do any hack. just PM me and I will give you the code.

[Jordan]

dude. you just don't know because I had people give them self lots of money, crystals, high stats, donater days, give other people stuff, and change them selfs into admins. I found out what they are using to get that and I created a code that blocks it and no one can do any hack. just PM me and I will give you the code.

Due to the amount of script kiddies around I highly doubt that

[gambino]

you can hold on the security for a sec. someone planned to take my friends codes away and planned to sell them illegally just to keep his server up and running. we are trying to get an other server running when we can.

not giving the code out until resolved with a new server and the lawyer and McCodes takes care of them.

[gambino]

actually, since I had the code active, it will take me a while to recover it. I will make it a file and have it as an include file for the header. since my friend had his server taken away by the last hosting provider, my friend is tired of having his game named the way he had it, he deleted his domain name and discontinued selling and having it up. my friend handed me a contract and what it is, is a partnership contract. meaning if he doesn't want his site anymore, I'm the owner of the site. he is making the site the way I want it named and we both are coding it.

expect the game to be good because it will be online when we can get it running first.