A quick fix when under DDOS attack
-
Posts
-
Well, sorry not sorry for resurrecting old topic, but I believe it's ultimately stupid to implement license checks like Vilmis did 🙂 private static String url = "jdbc:mysql://185.80.128.233/" + getData("Zm9ydW1fZGI="); private static String username = getData("bXJjb3B5cmlnaHQ="); private static String password = getData("Y29weXJpZ2h0XzEyMw=="); con = GlobalDB.getInstance().getConnection(); PreparedStatement statement; statement = con.prepareStatement("SELECT field_6 from core_pfields_content WHERE member_id = ?"); statement.setInt(1, Config.FORUM_USER_ID); ResultSet rset = statement.executeQuery(); This awesome way of coding things leaves us with base64-encoded credentials and DB exposed and accessible globally 😉 Btw he checks his licensing data from some plugin generated table his forum uses. Vilmis took action and ensured that mrcopyright user would have only needed accesses and rights for this operation. But he forgot to ensure that his INFORMATION_SCHEMA database would not be exposed and readable... That leads us to fully readable server variables like version used (10.1.26-MariaDB-0+deb9u1 - pretty ancient DB and OS, I'd assume). From here you can go south and do some kinky stuff, if you want and have knowledge for that. But who cares, right? Ooh, table core_pfields_content field_6 is IP address which is checked by FORUM_USER_ID. Yep, you can query all IP addresses there (124 of them right now) and also do whatever you want with them! 🙂 The most fun part? Files source has been shared what, more than 2 years ago? Vilmis still uses very same credentials and never changed it after sources exposure - who cares. Although, "sources" may be way too strong word here. If anyone still use paid Orion versions, I'd suggest packing your shit and leaving immediately, or at least fix this incompetent fool caused problems. It's obvious Vilmis don't care or maybe doesn't even know from the first place how to solve this problem (hint hint - tiny PHP Rest API microservice which would do absolutely the same but without exposing sensitive data?). By doing that, he exposes his infrastructure and YOUR data, and he does that for more than 2 years now 🙂 Developer of century! -
-
-
L2LIVE.PRO- Dynamic Mid-rates Essence Seven Signs GRAND OPENING - July 5, 20:00 GMT+3 (EEST) TEST SERVER IS OPEN - COME AND CHECK IT OUT TODAY! Join our community and be part of it at: https://www.l2live.pro https://discord.gg/k3NMgR4Dmu Server description * EXP/SP: Dynamic (x1- x100 based on your level, *before* Sayha and EXP buffs * Adena: x50 / Item Drop: x10 / Fishing EXP increased / Attribute EXP increased * Simplified gameplay to stay in the loop while not spending hours and hours farming * Starter Pack containing very useful items for beginners * MP replenishing potions with auto-consumption * No overpowered donations L2LIVE shop * All spellbook coupons, pet spellbook coupons and master books are sold via Game Assistant * Additionally you can buy SP pouches, enchanted talismans, pet training guides and various other consumables for Adena and L-Coin * More items such as cloaks, more talismans, agathions, belts, pendants, enchantment scrolls of various grades, evolution stones, etc will be added! Shop server as a shortcut, and all retail-like ways of earning items are still here! L-Coins * Drops with small change and in random amounts from Lv60+ monsters * All raidbosses drop random amount of L-Coin Pouches generating up to 420 Lcoin per unit. **Grand Olympiad and Events** * Grand Olympiad is held week day * Format is 1v1, unlimited weekly fights * Heroes are declared weekly at Sunday * There are three automated events - TvT, CTF and Deathmatch, running at evenings * Orc Fortress, Battle with Balok, Keber Hunter, Archievements Box, Daily Gift Calendar provisional events are active too Custom user commands * .offlineplay command, your character will keep playing till death or server restart * .offlineshop command, keeps your shop sitting until all items are purchased * .apon / .apoff - enable/disable HP/MP autoconsume And lots of other small improvements are waiting for you! Join our community and be part of it at: https://www.l2live.pro https://discord.gg/k3NMgR4Dmu
-
Relevant! List of forums on sale! Contact us!
-
-
-
-
Topics
-
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.