- 0
-
Posts
-
So excited to announce 3x Telegram Premium (6 months) Join our official TG and participate to win! Asocks.com - trusted proxy service providing mobile and residential proxies with a single price of $3 per 1GB A huge locations pool and high speed will help complete all tasks -
Well, sorry not sorry for resurrecting old topic, but I believe it's ultimately stupid to implement license checks like Vilmis did 🙂 private static String url = "jdbc:mysql://185.80.128.233/" + getData("Zm9ydW1fZGI="); private static String username = getData("bXJjb3B5cmlnaHQ="); private static String password = getData("Y29weXJpZ2h0XzEyMw=="); con = GlobalDB.getInstance().getConnection(); PreparedStatement statement; statement = con.prepareStatement("SELECT field_6 from core_pfields_content WHERE member_id = ?"); statement.setInt(1, Config.FORUM_USER_ID); ResultSet rset = statement.executeQuery(); This awesome way of coding things leaves us with base64-encoded credentials and DB exposed and accessible globally 😉 Btw he checks his licensing data from some plugin generated table his forum uses. Vilmis took action and ensured that mrcopyright user would have only needed accesses and rights for this operation. But he forgot to ensure that his INFORMATION_SCHEMA database would not be exposed and readable... That leads us to fully readable server variables like version used (10.1.26-MariaDB-0+deb9u1 - pretty ancient DB and OS, I'd assume). From here you can go south and do some kinky stuff, if you want and have knowledge for that. But who cares, right? Ooh, table core_pfields_content field_6 is IP address which is checked by FORUM_USER_ID. Yep, you can query all IP addresses there (124 of them right now) and also do whatever you want with them! 🙂 The most fun part? Files source has been shared what, more than 2 years ago? Vilmis still uses very same credentials and never changed it after sources exposure - who cares. Although, "sources" may be way too strong word here. If anyone still use paid Orion versions, I'd suggest packing your shit and leaving immediately, or at least fix this incompetent fool caused problems. It's obvious Vilmis don't care or maybe doesn't even know from the first place how to solve this problem (hint hint - tiny PHP Rest API microservice which would do absolutely the same but without exposing sensitive data?). By doing that, he exposes his infrastructure and YOUR data, and he does that for more than 2 years now 🙂 Developer of century! -
-
-
L2LIVE.PRO- Dynamic Mid-rates Essence Seven Signs GRAND OPENING - July 5, 20:00 GMT+3 (EEST) TEST SERVER IS OPEN - COME AND CHECK IT OUT TODAY! Join our community and be part of it at: https://www.l2live.pro https://discord.gg/k3NMgR4Dmu Server description * EXP/SP: Dynamic (x1- x100 based on your level, *before* Sayha and EXP buffs * Adena: x50 / Item Drop: x10 / Fishing EXP increased / Attribute EXP increased * Simplified gameplay to stay in the loop while not spending hours and hours farming * Starter Pack containing very useful items for beginners * MP replenishing potions with auto-consumption * No overpowered donations L2LIVE shop * All spellbook coupons, pet spellbook coupons and master books are sold via Game Assistant * Additionally you can buy SP pouches, enchanted talismans, pet training guides and various other consumables for Adena and L-Coin * More items such as cloaks, more talismans, agathions, belts, pendants, enchantment scrolls of various grades, evolution stones, etc will be added! Shop server as a shortcut, and all retail-like ways of earning items are still here! L-Coins * Drops with small change and in random amounts from Lv60+ monsters * All raidbosses drop random amount of L-Coin Pouches generating up to 420 Lcoin per unit. **Grand Olympiad and Events** * Grand Olympiad is held week day * Format is 1v1, unlimited weekly fights * Heroes are declared weekly at Sunday * There are three automated events - TvT, CTF and Deathmatch, running at evenings * Orc Fortress, Battle with Balok, Keber Hunter, Archievements Box, Daily Gift Calendar provisional events are active too Custom user commands * .offlineplay command, your character will keep playing till death or server restart * .offlineshop command, keeps your shop sitting until all items are purchased * .apon / .apoff - enable/disable HP/MP autoconsume And lots of other small improvements are waiting for you! Join our community and be part of it at: https://www.l2live.pro https://discord.gg/k3NMgR4Dmu
-
-
-
-
Topics
-
Question
Deadly
WHAT I MUST CHANGE TO MAKE MY SERVER O-N-L-I-N-E
# This is the server configuration file. Here you can set up the connection for your server.
# Usually you have to change the ExternalHostname option to
# - 127.0.0.1 (if you want to play alone / testing purpose)
# - LAN IP* (if you want to play from another computer in the network)
# - WAN IP** (if you want to play with friends over internet)
# - Questions? => http://l2jfree.com
#
# * = If you want to get your LAN IP, simply choose "Start" => "Run..." then type "cmd" => "ipconfig"
# **= If you want to get you WAN IP, visit http://www.whatismyip.com
# ===================================================================================================
# ================================================================
# General server setting !!! Preconfigured by TheMentaL
# ================================================================
# Bind ip of the gameserver, use 0.0.0.0 to bind on all available IPs
GameserverHostname=0.0.0.0
GameserverPort=7777
# This is transmitted to the clients connecting from an external network, so it has to be a public IP or resolvable hostname
ExternalHostname=127.0.0.1
# This is transmitted to the client from the same network, so it has to be a local IP or resolvable hostname
InternalHostname=127.0.0.1
# Define internal networks (10.0.0.0/8,192.168.0.0/16 is default internal networks)
InternalNetworks=
# Define optional networks and router IPs
# IP (200.100.200.100) or fully qualified domain name
# (google.com) that resolves to an IP (use ping to determine if a domain resolves).
# Format: ip,net/mask;ip,net/mask,net/mask
# (mask 192.168.0.0/16 or 192.168.0.0/255.255.0.0 would be 192.168.*.*)
# Note: keep InternalNetworks and OptionalNetworks blank for compatibility with older login server
OptionalNetworks=
# The Loginserver host and port
LoginPort=9014
LoginHost=127.0.0.1
# This is the server id that the gameserver will request (i.e. 1 is Bartz)
RequestServerID = 1
# If set to true, the login will give an other id to the server if the requested id is allready reserved
AcceptAlternateID = True
# Database info
Driver=com.mysql.jdbc.Driver
#Driver=org.hsqldb.jdbcDriver
#Driver=com.microsoft.sqlserver.jdbc.SQLServerDriver
URL=jdbc:mysql://localhost/l2jdb
#URL=jdbc:hsqldb:hsql://localhost/l2jdb
#URL=jdbc:sqlserver://localhost/database=l2jdb/user=sa/password=
Login=root
Password=root
MaximumDbConnections=50
# Datapack root directory, defaults to current directory from which the server is started
#DatapackRoot=H:/workEclipse/L2J Free/trunk/L2_DataPack_IL
# Define character name template
# These ones are regular expressions, visit http://www.regular-expressions.info for details
# Note: Checking lengths are done server side, but keep it in pattern for future purposes
# Character name ( Default [A-Za-z0-9\-]{3,16} )
CnameTemplate=[A-Za-z0-9\-]{3,16}
# Pet name ( Default [A-Za-z0-9\-]{3,16} )
PetNameTemplate=[A-Za-z0-9\-]{3,16}
# Clan and ally name ( [A-Za-z0-9 \-]{3,16} )
ClanAllyNameTemplate=[A-Za-z0-9 \-]{3,16}
# Title ( [A-Za-z0-9 \-\\[\\]\<\>\(\)\!\|]{3,16} )
TitleTemplate=[A-Za-z0-9 \-\\[\\]\<\>\(\)\!\|]{3,16}
# Maximum number of chars per account - 0 = illimited - default = 7
CharMaxNumber = 7
# Define how many players are allowed to play simultaneously on your server.
MaximumOnlineUsers=100
# Minimum and maximum protocol revision that server allow to connect.
# You must keep MinProtocolRevision <= MaxProtocolRevision.
MinProtocolRevision = 828
MaxProtocolRevision = 831
#---------------------------------------------
# Safe Reboot configuration
#---------------------------------------------
# This will prevent some exploit during restart/shutdown process
SafeReboot = True
# To use following options, SafeReboot must be set to True
# Time in seconds before server complete shutdown/reboot, when
# following striction take effect
SafeRebootTime = 10
# Disable item enchant
SafeRebootDisableEnchant=True
# Disable players teleportations
SafeRebootDisableTeleport=False
# Disable craft and crystallize
SafeRebootDisableCreateItem=False
# Disable trades and shops
SafeRebootDisableTransaction=False
# Disable actions between players
SafeRebootDisablePcIteraction=False
# Disable actions on NPC
SafeRebootDisableNpcIteraction=False
# Network traffic optimization: minimum time between sending char's hp/mp status update packet.
NetworkTrafficOptimization = False
NetworkTrafficOptimizationMs = 1100
# Flood Protection
# if enabled players which send more then PACKETLIMIT packets in PACKETTIMELIMIT ms will get kicked
# warning not tested made a quickhack for squeezed :)
FloodProtection = False
PacketLimit = 500
PacketTimeLimit = 1100
# ================================================================
# JMX Administration
# ================================================================
# Port to connect with l2jmx, -1 to disable jmx completely
admin_portJMX=-1
# Port to connect to jmx via HTTP, -1 to disable
# disable it if it is not local test
# http adaptor is usefull to see if your server is running with l2jbeans, or to see others beans (JRE, logging)
# It is also possible to use it if you forbid this port for external host, but you have to be sure nobody can reach this url !
admin_portHTTP=-1
# password for keystore_file, the keystore file should be in config folder.
# Comment it or remove the keystore file if you doesn't want to activate secure socket.
#keystore_password=password
# keystore file
# this file is used to store a SSL certificate for your jmx server.
# You have to create it with keytool like this :
# $JAVA_HOME/bin/keytool -genkey -keyalg "RSA" -keystore myKeystore.jks -storepass myPassword -dname "cn=myhost"
# Change myKeystore, myPassword and myhost for your own needs
# You have to give this file to all people that will use l2jmx
#keystore=keystore.jks
# ================================================================
# Legacy Mode for CT1
# ================================================================
LegacyCT1Mode = False
CT1AndCT15Mode = False
# ================================================================
# General login server setting !!! Preconfigured by TheMentaL
# ================================================================
# Bind ip of the loginserver, use 0.0.0.0 to bind on all available IPs
LoginServerHostname=0.0.0.0
LoginServerPort=2106
GMMinLevel=100
# The port, ip on which login will listen for GameServers
LoginHostname=127.0.0.1
LoginPort=9014
# If set to true any GameServer can register on your login's free slots
AcceptNewGameServer = False
# If false, the licence (after the login) will not be shown
ShowLicence = True
# Database info
Driver=com.mysql.jdbc.Driver
#Driver=org.hsqldb.jdbcDriver
#Driver=com.microsoft.sqlserver.jdbc.SQLServerDriver
URL=jdbc:mysql://localhost/l2jdb
#URL=jdbc:hsqldb:hsql://localhost/l2jdb
#URL=jdbc:sqlserver://localhost/database=l2jdb/user=sa/password=
Login=root
Password=root
# Useable values: "True" - "False", use this option to choose whether accounts will be created
# automatically or not.
AutoCreateAccounts=True
# The delay in minutes after which the login updates the gameservers IP's (usefull when their ip is dynamic)
# (0 = disable)
IpUpdateTime=0
# ==============================================================
# Test server setting, shoudnt be touched in online game server
# ==============================================================
Debug = False
Assert = False
Developer = False
# Enforce GG Authorization from client
# Login server will kick client if client bypassed GameGuard authentication
ForceGGAuth=False
#FloodProtection. time in ms
EnableFloodProtection=True
FastConnectionLimit=15
NormalConnectionTime=700
FastConnectionTime=350
MaxConnectionPerIP=50
#Ban management
# number of attempt before a user is banned when he fails his login
LoginTryBeforeBan=10
# Time you won't be able to login back again after LoginTryBeforeBan tries to login. Provide a value in seconds. Default 10min. (600)
LoginBlockAfterBan=600
Link to comment
Share on other sites
2 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.