Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Maketextgames.com]

Never saw in ToS how it's against the rules to Refer another forum.  I see you spamming MWG all the time trying to sell your mods.  Er Mods you've purchased to sell.

Several times referring back to your site

[Cronus]

I don't spam ANYTHING.
There is a specific board on mwg for paid mods and I post there.
I even make sure to not put any of the links to cronwerks and i make users mail me first.

The only exception is when users post topics saying they are looking for a specific mod, which I then post links to my mod if I have the one they are asking for.

You, on the other hand, post all the time about your forum and how you refuse to stuff here but you will have it posted on your site. If you aren't posting it here then don't post about it here, simple as that. Every other post you have seems to have something to do with your forums.

[Maketextgames.com]

And how is what I'm doing not the same thing?

Someone is looking for a security thread

They can find it here Immortal-Darkness.com/Forums

That's the exact thing you do here

http://www.makewebgames.com/game-engines-and-modifications/mccode-dbscode-game-engine/paid-modifications/p154349-buying-custom-bounty-mod-7/?highlight=#post154349

It's not like I'm trying to "steal" people from the Forums.  people stay no matter what, hell I post on 4 differant boards.  Everyone of them has something Unique to offer.  When I design or Fix a mod, it's no fun for me to Post that mod on 4 differant Boards especially being on 56k modem right now and an outdated computer.  So i'm sticking them all on 1 or 2 forums and I direct them there.  Sometimes when I am tired of coding or doing other things I'll actually take the time to Post one of my Mods here as I understand not everyone knows about other Forums.

I just recently created mine and I feel that it was needed.  All the forums currently have a random amount of Crap mods and Good mods.  Users have to search through all the posts to find those worth a damn and they come with little or no support other than your average member who has no idea how the mod was made originally.
The mods I'm posting on my forum i know the ins-and-outs, iv'e secured everything to an extent and I have no problem helping people.  Same as I do on all the forums.  So i see no reason why it's such a big issue, but again, it is your forums, if my 2 cents worth aren't getting a pennys worth i'll just stop posting here and return to the other forums where people appreciate my help.



My mods as well as a compilation of Security tips i've aquired are on My forums.

The same thing you do,  You don't want to go to 4 differant forums and say this is the mod bla blah. it's a lot of typing and repeating yourself.

[Cronus]

You don't want to go to 4 differant forums and say this is the mod bla blah. it's a lot of typing and repeating yourself.

This is why the smart people at microsoft included a copy and paste function =)

[Maketextgames.com]

So you're saying because people are entirely to lazy to go to differant threads

If i have a large mod..like Richards Business Mod that i fixed and updated which takes up an entire page of replies just to post the mod on MWG with a large characther limit.

I have to fix that and post it here peice by peice?  And then when I find a bug do it all over again for 4 differant forums?

Yep, thats not going to happen.

[Programmer]

Someone just ban the annoying arguing bastard.

[dominion]

Someone just ban the annoying arguing bastard.

you dont ban someone for having an opinion if anything u should get a warning for Bad Language but then again that's just my opinion

[Programmer]

Someone just ban the annoying arguing bastard.

you dont ban someone for having an opinion if anything u should get a warning for Bad Language but then again that's just my opinion

hypocrite? I believe so.

[CrimGame.com]

Slap a password Protect on your staff panel hash it.

what kind of hash and stored where?

[Jordan]

lmao

[dominion]

Someone just ban the annoying arguing bastard.

you dont ban someone for having an opinion if anything u should get a warning for Bad Language but then again that's just my opinion

hypocrite? I believe so.

whats wrong with being a hypocrite? (rhetorical question)

[Danny696]

Shall we get back on topic now, Thanks....

[kingdkknox]

I just wanted to throw my two cents in but I believe most of the problem is that everyone is busy trying to get their own game up and running and make money anywhere they can. If someone want to charge for there services fine, however I think its funny some say it will give false hope of security but if you ask to pay them same people to secure your site they will do so with that same false hope. The difference is that they are being paid and they no longer care about your hopes. LOL! Well, I am paying someone thats teaching me all of this coding and languages and he is my personal tutor and I promise when I learn it enough I will be one of those who will post anything helpful anywhere I can because so many have helped me and so many need help like I did. Its posed to be a community and we need to help each other without. And of course people have to take their own initiative also to learn what they can but alot of this is very confusing. Thanks to all that have help me!

[ReignFire]

yeah so i was thinking...... it sounds like a good idea <---original thread topic--- and as for some comments on the first page about helping your competitors, well everyone here IS a competitor and we are all already collaboriting for free and for small cash amounts so if you have any more moot points to make please make use of your shower stall alone and rant and rave all by yourself with the door closed and radio on maximum volume because they dont help anybody here to any degree whatsoever and they prevent anything GOOD like this particular topic from ever getting off the ground.

I say lets get this done +1

[Agon]

I am no pro. Not one bit. Just posting what I know how to fix, and the ways I know how. If you can improve on it, PLEASE, be my guest.

TIPS AND TRICKS FOR NEW ADMINS

1. Don't tell anyone you are new. This instantly makes you a target.
2. Keep your site a secret from the community if you are new. Ironically most of the vandals and hackers lurk around for new folks.

PASSWORDS

1. Use a good password for your cpanel, ftp, ssh, mysql database, and admin panel. LONG password. Uppercase and lowercase letters, numbers, and symbols. Maybe use a password generator. The longer the password, the less success of a brute force attack.

http://www.thebitmill.com/tools/password.html#passwordbuilder

DAILY BACKUP

1. In my opinion, just an opinion. THE MOST IMPORTANT SECURITY.
 If someone hacks your game, so what? You got a copy from the day before. Simple enough. But I also can't stress this one enough. This is a great way to have at least SOME security, especially if you are new and learning how to code. Also comes in handy if you make a tragic mistake or error. Cpanel should have a backup setting in it (not sure, i don't use Cpanel)
Or if you use SSH to login to your bash shell, find a simple bash shell script to make a daily back up for you. Tons of them out there. Google is your friend!
Learn how to use the Export command on your phpmyadmin panel. Exporting your database to a file is simple. Just a click of a button and save the file.
After all, not sure about your games, but my entire game with the sql database is about 10mb of files. You can worry about doing a more advanced backup system in the future, when you learn a little bit more. Some files don't need a daily backup, others do.

SLOW DOWN THE BOTS

1. Use a captcha on at least your registration.php. I can't find the link to the program I use. But there are tons of free captchas out there. Captchas slow down bots. This stops bots from creating 100,000 players on you site in an afternoon.

2. Some people use the captcha on the gym.php and criminal.php to stop auto clicker scripts. The handicapped use auto clicker scripts, and so do game cheaters, and it is readily available to have a script record your clicks, and then go on a timer. There are also more simpler validate if you are human scripts. You will have to shop around. No one said securing your game would be easy!

EMAIL VALIDATOR

1. Validate the players email address. This slows down bots, and annoys hackers. There is a good one for sale on the cronwerks forums, but maybe the price should be dropped or it should be made free. Just a suggestion, after all it is a free market. I purchased the one from here, I like it, I use it.

USE LOGS

1. Ok, there are way to many log scripts out there for mccodes. You will also have to search on your own for these. Search "log" and "logs" here or at makewebgames.com. That should point you in the right direction. Logging user activity helps you spot the vandals, hackers, and cheaters. Choose wisely though, some logs are pointless and bog down your server.

FIND THE FREE FIXES.

Ones that I know of:

1. Secured Crystal Market http://www.cronwerks.com/forum/cronwerks-free-mccode-mccodes-mods/%28mccode%29-secured-crystal-market/

2. Secured Forums http://www.cronwerks.com/forum/cronwerks-free-mccode-mccodes-mods/%28mccode%29-secured-advanced-forums/

SECURE YOUR ADMIN PANEL

1. Move your admin files to a folder. An easy way to secure them is using .htaccess
You can password protect your admin folder using .htaccess.
I'm sure there is more than one way to password protect them, but this is the way I know. Here is an instructional guide to use .htaccess to password protect a folder.

http://www.javascriptkit.com/howto/htaccess3.shtml

2. Rename your admin files! Go through each and everyone and rename them, and adjust the code accordingly to point in the right direction. The hackers out there know the names of the admin files, slow them down by renaming them.

3. Secure your admin files so only YOU can view them.

Code: [Select]

if(($ir['userid'] != 1) && ($ir['userid'] != 2) { echo 'You are not allowed in here!'; $h->endpage(); exit; }
This snippet of code says you have to be user #1 or #2 to access the admin file. Post it at the top of your admin files, or learn how to do it in globals.

4. Auto log them out if they make themselves staff level:

 Find in header.php

Code: [Select]

global $db,$c,$userid, $set;
$ip = $_SERVER['REMOTE_ADDR'];
underneath paste:

Code: [Select]

//check if really an admin
if($ir['user_level'] > 1 && !in_array($userid, array('1','2','16')))
{ die("DEAD");}
//end check
and since we're on header.php, right under that, get a ban list going on. You don't like someone BAN em. Most of these script kiddies have no idea how to use a proxy.

Code: [Select]

$ban = array('00.000.000.000','00.000.00.000');
$count = count($ban);
for ($i=0; $i<$count; $i++)
if($ip == $ban[$i]) { die("You are banned from this server. $ip");}
Ok, there is more stuff. I'm out of time for today.

I hope this helps some of the new folks out there.

You guys who know more than me should be posting some fixes please.

To be continued....