HugoBoss

Members
  • Content Count

    61
  • Joined

  • Last visited

  • Feedback

    0%

Community Reputation

0 Neutral

About HugoBoss

  • Rank
    Heir
  • Birthday 05/09/1991

Contact Methods

  • Website URL
    www.l2ignite.gr

Profile Information

  • Current Mood
    Nerdy
  • Gender
    Male
  • Country
    Greece
  • Location
    255.255.255.255
  • Interests
    L2

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Οτι ναναι είναι οι routers των παρόχων αν θέλεις να κάνεις καμια δουλειά παραπάνω.. Σε τέτοιες περιπτώσεις κοιτάμε δύο πράγματα όσον αφορά το router του παρόχου. Firewall και Port Forwarding. Αν δεν ξέρεις ακριβώς πως παίζει το firewall στο router του παρόχου, εγώ λέω κλείσ'το για αρχή και εφόσον φτάσεις σε μια κατάσταση που "παίζει", το κάνεις και πιο secure. Άρα πρώτα κλείσε το firewall του router. Μετά θες port forwarding. Θες να πεις στο router ό,τι έρχεται στο εξωτερικό interface (Internet) σε συγκεκριμένη θύρα να το στέλνει σε συγκεκριμένη εσωτερική IP και σε συγκεκριμένη θύρα. Στην περίπτωση μας, μας ενδιαφέρουν 2 ports η 7777 και η 2106 (Εκτός και αν έχεις βάλει customs). Σε l2OFF αυτές είναι TCP οπότε δεν μπαίνω καν στον κόπο να κοιτάω για UDP. Αυτό είναι το UI του router της Cosmote (Internet->Security->Port Forwarding): Έστω ότι θέλουμε να κάνουμε port forward την TCP 7777 στην 192.168.0.103 (τον σερβερ σου). Name: Δίνεις ένα όνομα (Ιδανικά TCP_7777_L2, αλλά έχει max characters 10......) Protocol: TCP WAN Connection: (Internet -> Status -> DSL Connection Status) Βλέπεις ποιό έχει Online Duration. Σε εμένα είναι το ATM_DSL Πχ. WAN Host IP Range: Το αφήνεις έτσι. Αυτό σημαίνει όλες οι IPs όταν έρχονται στο router να τις κάνει port forward. LAN Host IP Address: Η IP του server σου. WAN Port Range: 7777 LAN Host Port Range: 7777 Και πατάς Apply. Μετά φτιάχνεις και νέο κανόνα αντίστοιχα για την Port 2106 (Ουσιαστικά αλλάζεις μόνο την WAN Port Range και την LAN Host Port Range). Και εδώ τελειώσαμε με τον router του παρόχου. Μετά όπως είπε και ο @Nightw0lf παίζει ρόλο το firewall του ίδιου του σερβερ. Έστω ότι είναι Windows, πας Control Panel βρίσκεις το firewall: Windows Defender Firewall with Advanced Security -> Windows Defender Firewall Properties Domain Profile -> state το βάζεις Off Private Profile -> state το βάζεις Off Public Profile -> state το βάζεις Off και πατάς OK. Με αυτό κλείνουμε τελείως το firewall των Windows αλλά αφού δούμε ότι παίζει μετά το ανοίγεις και παίζεις και με τους κανόνες για να επιτρέψεις μόνο τις επικοινωνίες που θες. Τέλος, αν έχεις antivirus μπορεί να έχει και αυτό δικό του firewall. Πχ το ESET που έχω εγώ το κάνει. Κλείστο και αυτό τελείως για να κάνεις τους ελέγχους σου. Τέλος, όταν πάρεις πρόσβαση στις πόρτες που θες πρέπει να φτιάξεις "σωστά" τα Router/Windows/Antivirus firewalls.
  2. I have ordered several services from him for marketing (thousands of euros) and he didn't scam me, we have good discussion every day for what i requested from him. He goes above and beyond to provide the best services money can buy. Regarding your donations panel, it seems there is no TOS so it's not prohibiting anyone from reselling it or using it however he sees fit. I strongly recommend @Pigasos-Dev and team Athena-Project for budget managment for your anyones upcoming server. They are professional marketing specialists. My two cents.
  3. HTML missing could be just that, html files missing. If there is a db thing, then taking regular backups should at least provide them a point in time that they could restore it. Worse case should be 1 day back or even 1 hour back. Depending on how often they took backups. If it's a files missing issue / corruption, then DB backup will not do anything. They would need to have the server files backed up somewhere. Server files don't change that often except if you do manual changes to the server code. I understand it's a java server so even though i haven't used l2j (yet) i guess you could store all of the code somewhere in the cloud like for example, github. Then this is also your backup for the code. In any case, im sorry this happened to your server and i hope they get this sorted.
  4. No i haven't. Have you tried it? Did you get any interesting results for lineage2?
  5. If you mean sqli for the game itself, like doing something specific and triggering the exploit that might be pretty hard to find. if you mean sqli for the site of a X private server, like doing something specific on that site and triggering the exploit that should be easier to find but it's per case. Since you are practically attacking the site itself and it's logic then what you find on one site most probably will not work on another. Except if these sites have both been created by the same dev team. In both cases what you would be looking to find is an input that you can manipulate. And you would start with something simple like a field taking alphanumeric characters. So if we searched for sqli on the game itself then; The first thing that comes to mind is the username of your character. But this field has input validation so it doesn't allow special characters. Then there is the characters title which i thing accepts special characters? But even if it did, then very important is how the server executes the query. Does it take the input blindly and placing it in the middle of the query or does it do some parsing first before executing it? If you had access to the code maybe you could spot more easily if there is a possibility of an sql injection happening or not, because in the end they might have coded it that way so all queries are parsed before execution. I think it would be cool if there was an sql injection present in this game, even after all this time (talking about older chronicles).
  6. Hello, Looking for a client developer who can import skills for me from one chronicle to another. PM me your price and a video of your similar work if available.
  7. Hello, i am new to L2 Servers and i wanted to discuss security about html bypasses. So let's take as an example this class change bypass: <a action="bypass -h class_change?class_name=1">Warrior</a> Since this is present on client side, i am thinking that someone could replace the value of class_name to something else and exploit it. So my first questions is; Can someone manipulate the html on the client side? If yes, do you place code on the ai that checks again the response from the client if it is valid? For example let's say that a Human Fighter goes to the class changer. The class changer calculates the available classes based on his current class and presents him three options: <a action="bypass -h class_change?class_name=1">Warrior</a><br> <a action="bypass -h class_change?class_name=4">Knight</a><br> <a action="bypass -h class_change?class_name=7">Rogue</a><br> After the client submits his request to change to Warrior, do you still re-check the validity of that request or take as granted that since you provided him these options in the first place, the response that you get from the client is valid and proceed to perform the class change action without further checks? Thanks, Hugo
  8. Hey @Celestine, Have you had the time to look into the following two? Critical message not showing Cannot move items from pet inventory Thanks!
  9. Hey, well after i restarted the processes everything works. So the spacing was ok. Thank you for your reply!
  10. Very insightful, thank you for taking the time! I will play a little bit with the spacing and report back! Thanks, Hugo
  11. It works that way! Thank you. Can you elaborate a bit on that, why it works that way and the difference between your proposed way and myself.OwnItemCount? Also, it would be better instead of using direct item id in the code, i place a paramter and use that instead, so: if(OwnItemCount(talker, 57) > 0) becomes: if(OwnItemCount(talker, myItemID) > 0) I have also created this parameter section: class myclass : citizen { parameter: int myItemID = 57; } But i get an error that this is an "abnormal" parameter when the NPC reaches that part of the code. Am i not using it correctly? Thanks, Hugo