staff accounts keep getting hacked??

chrisissick · Jul 1, 2014

every day some one on my staff team gets hacked by some one? how are they hacking the account without changing the pws or getting to the db? sickhotel.net is my hotel someone give me some advice to prevent this?

Wickd · Jul 1, 2014

You have RevCMS exploits,patch them up.

chrisissick · Jul 1, 2014

Wickd said:
You have RevCMS exploits,patch them up.

could you point them out or help me patch them i could pay you?

Jerry · Jul 1, 2014

There is a new RevCMS exploit that released out there called the forgot php script look on the Habbo Releases section, you'll see 'Important RevCMS Exploit Fix!'.

chrisissick · Jul 1, 2014

Visual said:
There is a new RevCMS exploit that released out there called the forgot php script look on the Habbo Releases section, you'll see 'Important RevCMS Exploit Fix!'.

i followed your tut. how do i know if i did it correctly? could you double check it any way?

CoderX0X · Jul 17, 2014

I would fix it for you hm u paying?

CoderX0X · Jul 17, 2014

Would only want 5-10 but i would fix ur exploits so yes or no?

Jerry · Jul 17, 2014

Go to class.users.php
find

PHP:

final public function forgotten()

Replace the whole code with that with this;

PHP:

final public function forgotten()
    {
        global $template, $_CONFIG, $core;
       
        if(isset($_POST['forgot']))
        {       
            die("Stop trying to \'hack\' us you little skid, we already patch this..");
        }
    }

GarettM · Jul 17, 2014

Problem said:

Go to class.users.php
find

PHP:

final public function forgotten()

Replace the whole code with that with this;

PHP:

final public function forgotten()
    {
        global $template, $_CONFIG, $core;
      
        if(isset($_POST['forgot']))
        {      
            die("Stop trying to \'hack\' us you little skid, we already patch this..");
        }
    }

I think I'd be wise to just delete the function from the class.user.PHP and remove the function call from the class.core.php

GarettM · Jul 17, 2014

GarettIsHere said:
I think I'd be wise to just delete the function from the class.user.PHP and remove the function call from the class.core.php

By the way the forgotten function should be fixed not just deleted :/ your deleting parts of revcms that should help users

calmabro · Jul 17, 2014

GarettIsHere said:
By the way the forgotten function should be fixed not just deleted :/ your deleting parts of revcms that should help users

The CMS also won't work by just removing it u will get white screen, so it won't work like that.
I've just deleted the function from class.core.php and it seems to be fixed.

Khalil · Jul 20, 2014

calmabro said:
The CMS also won't work by just removing it u will get white screen, so it won't work like that.
I've just deleted the function from class.core.php and it seems to be fixed.

You'll get a white screen or an error message because the function is still being called in 'interface.users.php', so remove the function from class.users.php then go to interface.users.php and remove it from there too, problem solved.

Please, do note that rev uses interfaces, so whenever you remove a function from a class, make sure to go to that class's interface and remove it from there too.

staff accounts keep getting hacked??

chrisissick

Member

Wickd

The first member of the Knights of the Pink Table

chrisissick

Member

Jerry

not rly active lol

chrisissick

Member

CoderX0X

Member

CoderX0X

Member

Jerry

not rly active lol

GarettM

Posting Freak

GarettM

Posting Freak

calmabro

Member

Khalil

IDK

Users who are viewing this thread

Latest posts

Connect with us

Newest members