Register | Login | |||||
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
| |
Acmlm's Board - I2 Archive - - Posts by Tuvai |
Pages: 1 2 3 4 5 6 7 8 9 10 11 |
User | Post | ||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 43/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Stop deleting the first post ni the topic, dum'ass. | |||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 44/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Originally posted by jasukan BTW, a friend told me there is no such thing as "unlimited" bandwith or something like that. There isn't. People who think they have more than they'll ever need always say "I have unlimited bandwidth", though. Nevertheless, there just isn't something like that. |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 45/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Well, about someone being able to login as everyone; then it's obviously a glitch in the login script itself. Haven't dived in Acmlm Board's code for months now, so I can't guarrantee I'll be too helpful on this. Anyway, I take it you're using AcmlmBoard 1.8a so I just took a look at 1.8a's login.php. And there is one thing I'm really worried about: - part from login.php: $userid=checkuser($username,$password); if($userid!=-1){ setcookie("loguserid",$userid,ctime()+900000000,$folder,$domain); setcookie("logpassword",$password,ctime()+900000000,$folder,$domain); $msg="You are now logged as $username."; } - checkuser() function in funcion.php: function checkuser($name,$pass){ $users=mysql_query("SELECT id FROM users WHERE name='".addslashes($name)."' AND password='".md5($pass)."'"); $user=@mysql_fetch_array($users); $u=$user[id]; if($u<1) $u=-1; return $u; } First of, replace the checkuser() function in function.php by this: function checkuser($name,$pass){ $u=mysql_result(mysql_query("select count(*) from users where name='".htmlspecialchars($name)."' and password='".md5($pass)."' "),0,0); return $u; } Then, replace the part from login.php I showed above by the following: if(checkuser($_POST[username],$_POST[password])==1){ setcookie("loguserid",$userid,ctime()+900000000,$folder,$domain); setcookie("logpassword",$password,ctime()+900000000,$folder,$domain); $msg="You are now logged as $username."; } Try that and let me know if it worked or not. Like I said above, it's most likely a problem with the login script, but there's no guarrantee. Furthermore, if the above doesn't work, try to find out how and where the person does this; monitor him/her. |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 46/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Originally posted by Vystrix Nexoth hallelujah! do you still write almost everything on one big line? PHP-wise, I do. I'm not bothered by the backslashed quotes too much; took me a day or two to get used to only. |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 47/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
No offence, but can there be any more stupid suggestion? Seriously, what good would a spam-only forum possibly do? Next to nothing, period. If you really want to flame someone, then don't even take it publicly on this board in the first place, but do that in a PM or on a messenger. |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 48/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
From what I know, Acmlm's wasn't hacked, but it was something to do with ZTNet; Acmlm had a 800+ MB posts table , so if you ask me, it's no wonder that the database eventually said "kaplowey!". And there's dozens of these little kids claiming they 'hacked' Acmlm's Board, or these people pointing fingers at others. You know what you people need to start doing? You need to stop pointing fingers and assuming stupid conclusions when there's NO solid proof at all, fuck you and your damn conclusions about who-ever did 'it', which are made up just because you don't like a person. What's even more immature is posting this on a forum, blaming someone for 'hacking' the board (which, as mentioned above, didn't even happen) and then posting an MSN address saying "here's his MSN, flame him!". Grow up, little kids. (edited by Tuvai on 03-16-04 10:35 AM) |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 49/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Yes, but let's just say Acmlm's Board was poorly put together in the beginning. The thing that caused the posts table to grow so big were the post layouts. Since the beginning posts layouts were stored along with EVERY posts somebody made, with the purpose that old layouts were stored as soon as a user got a new one. It only recently got changed, as far as I know. After 3 years. |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 50/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Originally posted by KawaiiImoto-e Originally posted by Tuvai Yes, but let's just say Acmlm's Board was poorly put together in the beginning. The thing that caused the posts table to grow so big were the post layouts. Since the beginning posts layouts were stored along with EVERY posts somebody made, with the purpose that old layouts were stored as soon as a user got a new one. It only recently got changed, as far as I know. After 3 years. Na.. but the postlayouts are still stored. maybe somwhere else, but they are still stored. Yes, they are obviously stored. But the way they're SUPPOSED to be stored is for example in the users table (where all other information such as user ID, email address, etcetera), that way it will only need to be stored once, instead of being stored sepparately along with every post made. |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 51/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Yup, I noticed; thought it already had been changed but I was wrong apperantly. I highly recommend to Acmlm to change that as soon as possible though, obviously it's not a good thing for the database to store something along with EVERY post, while it can be stored just once. ALL other boards out there do that, and there's a reason for it, an obvious one. |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 52/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
My computer. I'm not a computer addict, but my hobby AND my job is making websites and scripts, and you need a computer to do that. | |||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 53/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Mine. (edited by Tuvai on 03-16-04 11:01 AM) |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 54/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
It's not really something to do with LANs, but with cookies. If you're on a computer more people will use, and you're using a default profile to log on to that computer, cookies that aer stored when you login at a website are stored under the profile's cookie folder. So, if someone else uses the same computer and same profile after you, and you didn't delete your cookies, then that person can have access to your accounts. However, I don't think that's the problem Mike's having, considering his problem is apperantly someone being able to log in as anyone. |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 55/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Originally posted by Xeogred I think it's like that in 1.8, my SQL files for posts are extremely long in length. But yeah, like everyone said, the files got erased, not hacked. Yup, 1.8 and below still store post layouts along with posts, don't know about 1.9 though as I never used that copy. |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 56/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Originally posted by Mike Tuvai, my problem isn't with cookies... Did I say it was, then? I don't think so. And again, it's most probably a glitch in the login script, you just confirmed that by saying whatever password you use doesn't matter. |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 57/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Originally posted by Blades There's the fact the database is slightly smaller (Huge difference) ... for now. Like I already mentioned in some other recent threads, the board still stored all the post layouts along with every post made and that's just wrong, you for one should know what I'm talking about. |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 58/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Originally posted by K-Pel Anyway, check for a Bouche script - ie password stealing script. It was pretty clever, just a little javascript in a post (possibly through an iframe) which records the cookie data and sends it to his database for him to browse at a later time... that's the most likely culprit for your problem, but I thought it was fixed with the no javascript and no iframe rule being implemented into Acmlm Board, and you're using the latest public release.... *shrug* Don't refer to that as Bouche's script. Also, a cookie stealing script would do shit on AcmlmBoard 1.8 and higher, because passwords are encrypted and AcmlmBoard doesn't use them in sessions like Vbulletin does. DOH. |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 59/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Originally posted by orochi Most of the work just requires changing around the sql commands to fit acmlm, but then there is also this list that needs to be done Lol, so basically all you're planning on doing is converting an 'RPG system' for another board to make it compatible with Acmlm's Board, and you need help with that? Mehehe. Fact is, I really DOUBT anyone will help you on your board RPG/battle system. You know why? Because you'll find only halfasses going around "omfg i can maek a battel system im 1337 w/ PHP!1" and that won't do shit in the end, and people who CAN, but already got their own system to worry about. |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 60/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
You do know that you're just yet another one of the people whining about this, don't you? If this board is so 'communist' and 'too strict', then I wonder how I've been hanging out here for so long. I'm even more strict on my board, ha! You know what's even more annoying? People who screw up, get what they deserve and then whine about how strictly there was acted. Nonetheless, the fact that you're requesting a forum 'just to flame' shows how much of an intelligent person you are and how much you belong here. (edited by Tuvai on 03-16-04 06:32 PM) |
|||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 61/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
ono its teh hacker sum1 plz password me windoze!1 | |||
Tuvai Permanently banned for account hacking. Level: 24 Posts: 62/211 EXP: 74894 For next: 3231 Since: 03-15-04 Since last post: 566 days Last activity: 339 days |
| ||
Originally posted by Cellar Dweller I have a copy of AcmlmBoard 1.8a, and I can certify that it does not encrypt password in cookies. Not by default, but in this case they are: Originally posted by Tuvai - checkuser() function in funcion.php: function checkuser($name,$pass){ $users=mysql_query("SELECT id FROM users WHERE name='".addslashes($name)."' AND password='".md5($pass)."'"); $user=@mysql_fetch_array($users); $u=$user[id]; if($u<1) $u=-1; return $u; } It seems < EDIT: I see now, I was looking at the files of MY old AcmlmBoard, which had MD5() encryption. (edited by Tuvai on 03-17-04 05:04 AM) |
Pages: 1 2 3 4 5 6 7 8 9 10 11 |
Acmlm's Board - I2 Archive - - Posts by Tuvai |