MYSQL getting hacked

Avduf

Avduf

Member
Dec 24, 2012
153
5
So hello i'm using mysql and a guy is getting in to my habbo database and deletes it. Is there anyway to secure my database? I'm using IIS and a habbo retro.
 
Sort by date Sort by votes
Owen

Owen

Mar 20, 2013
1,208
614
Avduf said:
So hello i'm using mysql and a guy is getting in to my habbo database and deletes it. Is there anyway to secure my database? I'm using IIS and a habbo retro.
Click to expand...
Hey, heres some plugins that you can input into your hotel to see if it protects anyone from getting into your mysql.

Do this plugin in your client: (this is a client password staff plugin)
PHP: 
<?php


$staffbeveiliging ='password';


if(isset($_SESSION['user']))

{

$sql = mysql_query("SELECT rank FROM users WHERE id = ".intval(htmlentities(mysql_real_escape_string($_SESSION['user']['id']))));

$r = mysql_fetch_assoc($sql);


if(@htmlentities(mysql_real_escape_string($r['rank']))>=3&&(!isset($_POST['staffbeveiliging'])|| $_POST['staffbeveiliging']!= $staffbeveiliging))

{

echo '

<body>

<h4> Nieuw wachtwoord, kijk staff skype groepsgesprek!</h4>

<form method="post" action="" style=" background: #d21172; margin-left: 500px; width: 200px; border-radius: 2px;">

<b> Vul hier de geheime code in voor als je in de client wilt.</b>

<p>Medewerkers beveiliging!<br> 

<input type="password" name="staffbeveiliging" value=""</p>

<p><input type="submit"  value="Ga in client!" name="likeArticle" class="new-button"</div></p>

</form>

</body>

';

die;

}

}

?>

Place this script in your cms: (Protects people from getting staff ips)
PHP: 
<?php


$userid = $_SESSION['user']['id'];


$user = mysql_fetch_object(mysql_query("SELECT * FROM `users` WHERE `id`='$userid'"));

if($user->rank >3)

{

$ip = $_SERVER["REMOTE_ADDR"];

$query2 = mysql_query("SELECT * FROM staffip WHERE ip = '".$_SESSION['user']['ip_last']."'");

while($row2 = mysql_fetch_array($query2)){

$ipstaff = $row2["ip"];

}

if($ip == $ipstaff)

{

}

else

{

echo"geen toegang!";

die;

}

}



?>

THIS IS YOUR MYSQL SCRIPT:
Code: 
SET FOREIGN_KEY_CHECKS=0;




------------------------------

--Table structure for staffip

------------------------------

DROP TABLE IF EXISTS `staffip`;

CREATE TABLE `staffip`(

  `id`int(11)unsigned NOT NULL AUTO_INCREMENT,

  `ip` varchar(255) NOT NULL DEFAULT '0',

  PRIMARY KEY (`id`)

) ENGINE=InnoDB AUTO_INCREMENT=67 DEFAULT CHARSET=utf8;

Hope this helped. If it didn't then idk then.
 
Upvote 0 Downvote

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
🌙  Switch to Dark Theme

Latest posts

Top