Someone's exploiting my hotel

[Shatter]

I've patched all of the UberCMS exploits but the only thing i'm worried about now is that someone keeps ranking themselves to 1337 or whatever rank they want really.

They said it's a problem with the emulator and we're using PlusEMU and the only thing I can think of is that @Sledmore would be able to help me out.

Thanks in advance!

 

[Brad]

have you removed the getdoc file in allseeingeye/pages/

 

[Sarbaz]

I've patched all of the UberCMS exploits but the only thing i'm worried about now is that someone keeps ranking themselves to 1337 or whatever rank they want really.

They said it's a problem with the emulator and we're using PlusEMU and the only thing I can think of is that @Sledmore would be able to help me out.

Thanks in advance!

Uhh they aren't "exploiting your hotel" nor does it have to do with you emulator, that is impossible. They are either SQL injecting your ports and accessing your database, or someone got one of your staff members account information. Secure your server by simply removing accessible folders in your htdocs/wwwroot.

 

[Lee_01]

It's most likely that you have a common URL such as allseeingeye, ase or stafflogin
Try renaming the folder to a more complex URL such as habstafflogin877 and don't put it on the CMS in case one of your staff member's account has been hacked.
Text it to the staff members who should have access to it.
If it is a staff member though who is doing it themselves then take away the page on the housekeeping where you can change user details.

Another option is what @Sarbaz said, they're most likely exploiting the loop holes in your SQL database.
I haven't used uberCMS, but I don't know if .htaccess would also solve access to viewing the root folders or not.

 

[Shatter]

Figured out the problem.
Thanks for the help gentlemen.

 

[Legion]

Problem Solved, Thread closed.