Account hacker - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Server (https://sampforum.blast.hk/forumdisplay.php?fid=6)
+--- Forum: Server Support (https://sampforum.blast.hk/forumdisplay.php?fid=19)
+--- Thread: Account hacker (/showthread.php?tid=284497)

---

Account hacker - Biesmen - 19.09.2011

A note: This is regarding the forum of a server
Hello,

I am the co-owner of a server called swat4samp. Recently we have had several forum admin accounts getting hacked on our forum. I've tried everything I could think of to prevent this. Really important threads got removed due to the hacker. The hacker tried to hack every admin, but somehow he failed. Every admin on the forum got an email someone wanted to reset his/her password. Then the first hacker came. They didn't reset the password by the way. After I got rid of the hacker by blocking his IP and his IP range, I made topics about every admin should change their password with special symbols in it. They did it, but then the next one got hacked. (That admin didn't change his password). Then more important threads got removed. I had almost every admin to change their password after that. We thought the hacker was gone. but after 4 days he came back and hacked the next admin (today), which removed even more important threads from the admin section.This day we all received a password reset mail again, and we ignored it.

I did some research and found out those IPs hacked admin accounts:
74.63.112.144 (Range banned)
204.45.*.*
184.154.*.*
173.0.0.205 (Range banned)

First I thought they were proxies, but when I did a proxy check they weren't. They are all direct to Chicago, USA.
So this guy might be setting up VPN's to hide his password.

I am afraid more admins will get hacked, so how will I prevent them from getting hacked again? One of them had their password as secret question, which was the way how he hacked them. But somehow if people receive a password reset mail, they get hacked.

The guy also tries to send keyloggers, I told everyone to not download files they don't trust or enter websites they don't trust. They all said they didn't, but they do get hacked.

How can I stop this, prevent this?

Thanks for your help.

p/s I'd like people to help me who know what they are doing and knowing stuff about hacking.

---

Re: Account hacker - Venice - 19.09.2011

I suggest to Firewall ban Don't range ban
Firewall ban is powerfull who banned they Not join in server it show server down

and don't make everyone as admin

---

Re: Account hacker - Biesmen - 19.09.2011

1) Firewall ban? How the hell would I do that?
2) Did you forget you're helping a server you copied including the forum?

---

Re: Account hacker - Venice - 19.09.2011

1) Contact ur ServerFFS support team to ban this ips
2) ...........

---

Re: Account hacker - suhrab_mujeeb - 19.09.2011

Hey, you can do these talks on your own forums too! Now answer me these simple questions, what do you want to be done to the player? How many players do you get from the same country as the hacker? Is he in the server now?

---

Re: Account hacker - En - 19.09.2011

Contact your ServerFFS team, they'll ban IPS totally to prevent them trying again this time worser,

---

Re: Account hacker - suhrab_mujeeb - 19.09.2011

Joking? ServerFFS got the worst service! They will reply after your server gets closed.

---

Re: Account hacker - |_ⒾⓇⓄN_ⒹⓄG_| - 19.09.2011

its true
serverffs have the worst support..

---

Re: Account hacker - robintjeh - 19.09.2011

He does not have one IP?
Try to scan the admins for keyloggers, and make sure your SQL database is safe. Try to use MSCONFIG for getting unknown programs.

---

Re: Account hacker - Oh - 19.09.2011

Well everyones missing the point here it's not serverffs' fault.
What forum software are you using?

It could be vulnerable to a 0day.

People could easily change their ip in a matter of seconds with programs like tor and hotspot shield.

You don't have a chance of stopping him from accessing the website.

---