Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Agon]

There needs to be a well written security thread made for Mccodes. I think it should be here.

It needs to be easy to read and in terms that new developers can understand.

Issues that need to be addressed.

Multiple Accounts.

Referral exploits/cheat.

Form exploits.

Injection Attacks.

Attack exploit/cheat.

Securing SQL query.

Securing Login, register, authenticate, header, globals, forums, signature, shoutbox, etc.

I think the information needs to be readily available here.

[Cronus]

I agree, I will be adding an area where we can all tackle the mccode bugs soon enough =)

[smkin]

that sounds cool as security is my down side at the min i.e not sure where to start

[JoshuaDams]

The problem with this is.


To post security holes and fixes you must inform users just how the security issues are done.  Which opens the board up to a wide range of users that now know how to hack or learn from it.

If one was to take the time to browse all forums and google there are many many helpful related threads on how to secure your site.

However, securing a site well is not easy.  Securing a few hacks is simple, but what's to stop someone from writing a new one?  It's done daily I assure you.

I have about 29 hacks in my notepad and that is nothing compared to some people I know.


Secure all GET/POST variables.
Secure your Session using either htaccess,congif or globals.
Secure the $IP variable
Slap a password Protect on your staff panel hash it.
Maybe add an extra table in users like I did that is for staff passwords.  If the user is logged in staff panel and their password table is blank, or not the right password, it auto feds them.

There are many things to do to secure a game, that's why I charge money :p It really is work.

[Agon]

Search the internet "Secure Mccodes"

You'll find plenty of places exposing the security exploits, some kinda helping in a half ass way, others just laughing at the folks asking questions, and even worse, many posts saying search for "secure mccodes"

IRONIC

A good security thread is needed. And that is my point.

[Danny696]

Use cronus multipull logins, itll logg people out after 15 mins, and everything, just brill

[JoshuaDams]

dev-forum.net has good security tips as well as a few on makewebgames.com

[Agon]

Use cronus multipull logins, itll logg people out after 15 mins, and everything, just brill

Again, you fail to see my point.

[Agon]

dev-forum.net has good security tips as well as a few on makewebgames.com

Yet another pointless security thread that tells you to search other threads.
You also fail to see my point.

[Agon]

In my opinion. It's extortion. I've seen it with my own eyes. People posting "help me secure my game"

Being fed security information that is outdated, shoddy, or just false. Followed up by a "I'll help you secure it for X amount of dollars"

My point is, stop the extortion, give out the security patches for free, and further the development and greater good of the game engine.

I'm working on securing Lite, and I'll be more than glad to post reliable information here as soon as I learn it.

It is a shame my ability is not as good as people who already know how to secure the game engine. But, thats ok. I will do my best to find the up to date patches and educate the new users of the engine. I've read a good 100 security threads over the month, and have a lot of the junk and bs filtered out.

I just want to make it easy for everyone to get the engine secure and have the knowledge publicly available HERE. That way people know it's coming from the source and can have more trust in knowing the information is accurate.

It is completely appalling that a newb like me has to take on the task of securing this engine, especially since there are guys out there with ten years + experience that could easily explain the fixes.

Let's educate instead of extort.

Probably boost the sales of the game engine too!

Thank you for your time.

[JoshuaDams]

Yes, because I want to boost the sales of the game engine a.k.a my competitors.

You are missing the point.

There are no "patches" to secure a site

That's why it's just stupid to post fixes for known hacks.

Their will be more.

Secure Your site the hard way, or don't own a site.  In all honesty, that's the way it should be and has to be.  I can go through your site in 10 minutes and fix all "known" hacks that people use.

But in a week, there will be 10 more.

You need to grasp the concept there is no quick fix or "patch".

[Agon]

Yes, because I want to boost the sales of the game engine a.k.a my competitors.

You are missing the point.

There are no "patches" to secure a site

That's why it's just stupid to post fixes for known hacks.

Their will be more.

Secure Your site the hard way, or don't own a site.  In all honesty, that's the way it should be and has to be.  I can go through your site in 10 minutes and fix all "known" hacks that people use.

But in a week, there will be 10 more.

You need to grasp the concept there is no quick fix or "patch".

No shit sherlock. There is no quick fix, and I never claimed there is one. Oh... but you're in on the extortion racket anyways. "I'll help you fix it for X amount of dollars"

You make me sick.

[JoshuaDams]

Extortion Racket?

News Flash.

Any large company pays people to secure their businesses.  It's ethics.

I'm not going to take time out of my day, you know, that thing that puts diapers on a baby.

to sit here and explain to 1000000 kids how to secure their site for free.

For one, I dont want to spend 5 days typing a write-up out that people wouldn't read anyways because they just jumped into some mccodes engine thinking hey i'll make a quick buck off my illegal version of mccodes.

For Two.  If you arent willing to spend money on your site, it'll fail anyways.

For three.  I have my own site to run and my own business to run which so far my customers are kept happy.  Some of which frequent these boards.

So before you get all Preachy, perhaps you should look at both sides of the fence.

It's not my job to teach PHP to kids, i'm not a teacher.  I help when I can, and oh, i release free mods when I can.

But i have a life, a wife and a daughter, Helping out 12 year olds for free doesnt put diapers on the baby or food in her belly.

[JoshuaDams]

For further information.

I do post a bit of stuff on my own personal site for my users.

Cronus, if this is against your rules just remove this

http://www.immortal-darkness.com/Forums/index.php?topic=41.0

[Danny696]

I could give you 2 personal and 1 worldwide function, that will secure from HTML, PHP, JS, and css hacks i think, the other one will  strip links being inputted, and the other will strip mettas