[SHARE] How to "fix" the AuthD exploit.

[PyroMaker]

Ok guys... Lately a lot of servers got owned by this exploit where you just pick an account ID and pick any chars you want... Lots of servers got corrupted, people getting in GM accounts and summoning items, to sum it up, it's a total CHAOS. Anyways, this is how you should be able to temporarily fix it:

 

1 - First off, backup your lin2world and lin2db databases, if anything goes wrong, you'll be able to restore your databases and start it over again without being fucked over.

 

2 - Open your enterprise manager whatsoever in MSSQL, make a new query, put this into it and execute:

 

use lin2world
update user_data
set account_id = account_id + 621854

 

// This is just an example, you could use any other number you want, but with that number the noobs are gonna try to find the account ID's forever.

 

3 - After you've done that, unlock the lin2db database, make a new query, type this in and execute:

 

use lin2db
update user_account
set uid = uid + 621854

 

// Keep in mind the number should be the same in both, else it won't work.

 

4 - Reload the server.

 

 

Now script kiddies are gonna try to find the account ID's, they'll start by 1, 2, 3, 4, 5, 6, 7, 10k, 20k, 40k, 50k, 60k, 70k, until they go like WHAT THE FUCK and /wrist.

 

Hope it helps you, thank you Mac for helping me out with this.

 

Best regards.

[TheMentaL]

pyromaker in oneo darkrage made something dunno what and in order a gm to loggon he have to put or allready have the ip on the db ... can u explain me how does this work??

[PyroMaker]

It's called Amped.

 

For example:

 

[builder]

UseIPFilter=true

; list of allowed IPs or host names, delimited by ";"

; i.e.: 127.0.0.1;11.22.33.*;11.44.*.*;foo.no-ip.com

IP=pyromaker.no-ip.info;littlepyro.no-ip.info

[TheMentaL]

ohh ok thanks for ur fast reply ;)

[PyroMaker]

No problem.

[picoctmchile]

thx very much for de fix ....

 

 

 

 

[mcrabben7]

It's not really a fix, lol.  But it's better than nothing (I guess).

[PyroMaker]

Yep, it's not really a fix, it's like a bandage or something, hence why the title of the topic "fix".

[shinrage]

better use the .dll to fix that

[PyroMaker]

What DLL?

[zdark]

amped 2.0a

 

[23:11] <cypher|Emporio> that acct hacking exploit really pissssed me off ... so, here is the 2.0a

[23:11] <cypher|Emporio> i won't post on forums, so ...

[23:15] <cypher|Emporio> fixed acct shit (both exploits), crashes, skill enchanting, skill aquiring, gems exploits, suports runtime unloading (i leave u as homewhork to write an unloader) ... etc etc etc

[DaRkRaGe]

yes this is the permanent solution.

[Rob]

And where can we find that??

[Maxtor]

http://rapidshare.com/files/29629337/AmpeDx64_PP.zip

 

##################

## AmpeDx64 v2.0a

##################

- FIXED:

- account exploit (both exploits)

- crashes

- skill enchanting

- skill acquiring

- gems exploits

- supports runtime unloading

... etc etc etc

 

AmpeD © cypher

[Rob]

lot of thanks!!