Jump to content

Hacked. "HaCkEd By HeRo"

eaglelegend

By eaglelegend
in PHP Coding Help

Recommended Posts

eaglelegend Regular Member

eaglelegend

Posted
Posted

anyone esle got that on their site?

 

this is kind of an emergency, I have just been hacked, while my site was in testing mode, and it was vanruble, however I want to code to limit what the users can do for when I close the site ie. they can only login (as they may be admin, and of course admin, being me, I am allowed to go around and test everything...)

 

now its would be like (I assume)

 

mysql_query("GET 'Closed' WHERE 'edit_game'  WHERE id = '$game'") or die(mysql_error());

if $closed="1" { Site is closed due to maintinance, admin however may login <a href="login.php">
}else{
(view the rest of the header)
}

 

would it be there or will I throw myself in an error? here is the header anyway...

 

<?php





/*





Header include (header.inc.php)





*/


ob_start();


include "global.inc.php";


include "ghetto_cron.inc.php";





if (ereg("217.44.214",$REMOTE_ADDR))


{


die();


}








if ($referer)


{


        setcookie("referer",$referer,time()+2678400);


}





// START GUESTS ONLINE





if (!$getInfo[username])


{


        $findOnline = fetch("SELECT id FROM online WHERE userid = '$REMOTE_ADDR' AND game = '$game' AND online_type = '1'");


        if ($findOnline[id])


        {


                mysql_query("UPDATE online SET last_visit = '$timestamp' WHERE userid = '$REMOTE_ADDR' AND game = '$game' AND online_type = '1'");


        }


        if (!$findOnline[id])


        {


                mysql_query("INSERT INTO online VALUES ('', '$REMOTE_ADDR', '$game', '1', '$timestamp')");


        }


}





// END GUESTS ONLINE








if ($getInfo[username])


{


        // START IP LOGGER





        $getIP = fetch("SELECT id,ip_addr FROM ip_log WHERE userid = '$userid' AND ip_addr = '$REMOTE_ADDR'");


        if (!$getIP[id])


        {


                mysql_query("INSERT INTO ip_log VALUES ('', '$userid', '$REMOTE_ADDR','$game')");


        }





        // END IP LOGGER





        // START USERS ONLINE





        $findOnline = fetch("SELECT id FROM online WHERE userid = '$userid' AND online_type = '0'");


        if ($findOnline[id])


        {


                mysql_query("UPDATE online SET last_visit = '$timestamp' WHERE userid = '$userid' AND online_type = '0'");


        }


        if (!$findOnline[id])


        {


                mysql_query("INSERT INTO online VALUES ('', '$userid', '$game', '',     '$timestamp')");


        }





        // END USERS ONLINE





        $activePet = fetch("SELECT id,name,level,attitude,hunger FROM user_pets2 WHERE owner = '$userid' AND id = '$getInfo[active_pet]' AND game = '$game'");


        $activePetID       = $activePet[id];


        $activePetName     = $activePet[name];


        $activePetLevel    = $activePet[level];


        $activePetAttitude = $activePet[attitude];


        $activePetHunger   = $activePet[hunger];





        if (!$activePetID) { $activePetID = "X"; }


        if (!$activePetName) { $activePetName = "None"; }


        if (!$activePetLevel) { $activePetLevel = "X"; }





        $num_pets = fetch("SELECT count(id) AS id FROM user_pets2 WHERE owner = '$userid' AND game = '$game'");


        $num_pets = $num_pets[id];





        if (($num_pets == 0) AND ($getInfo[username])) { $getPetLine = "$noPetsLine"; }





        $system_message = fetch("SELECT * FROM messages2 WHERE userid = '$userid' AND game = '$game' ORDER BY id LIMIT 1");





        if ($system_message[message])


        {


                if (($system_message[message_time]) AND ($getInfo[username]))


                {


                        $dayWritten = date("M j", $system_message[message_time]);


                        if ($dayWritten == $datestamp2) { $dayWritten = "Today"; }


                        $dateWritten = date(" @ g:i",$system_message[message_time]);


                        $showDate = "<b>$dayWritten$dateWritten</b> ";


                }





                $message = "$systemMessageStart$showDate$system_message[message] (<a href=$base_url/systemmessage.pro.php?game=$game&id=$system_message[id]>OK</a>)$systemMessageEnd";


        }





        if (($getInfo[viewed_update] == 0) AND ($getInfo[username]))


        {


                $updateLine = $updateTemplate;


        }


}





include "package_check.inc.php";





#############





if (!$page_title) { $page_title = "Home"; }





if ($error) { $error = strip_tags(stripslashes($error), "<p><a><b>"); $error = "$errorTemplate"; }





if (!$getGame[design]) { $getGame[design] = "simply_blue"; }





if ($getGame[design] != "custom") { include "designs/$getGame[design].inc.php"; }





include "random_events.inc.php";





$onlineTimeLimit = $timestamp - $secondsToKeepUsersOn;


$usersOn = mysql_query("SELECT id FROM online WHERE last_visit >= '$onlineTimeLimit' AND game = '$game'");


$countUsersOn = mysql_num_rows($usersOn);





$numMembers = fetch("SELECT count(id) AS id FROM members2 WHERE rank > '1' AND game = '$game'");





if ($getGame[design] == "custom")


{


        include "custom.inc.php";


}





$openHTML = "$openHTML $extraTable $adCode $adCode2 $getPetLine $message $randomEvent $error $voteLine";





if ($rank >= 5)


{


        $EXcloseHTML = "$policeModLine";





        if ($rank >= 7) { $EXcloseHTML .= "$adminLine"; }





        $EXcloseHTML .= "</p>";


}





$bottomLine = "$bottomLine";





if ($getInfo[premium] != "1") { $bottomLine .= $noPremium; }





$bottomLine .= "</p>";





$closeHTML = "$extra2 $closeHTML</td></tr></table>$EXcloseHTML $bottomLine $adcode4 $adCode468";








function check_secure_avatars($place)


{


   global $username;





   $u = fetch("SELECT `avatar_selected`, `avatar_find` FROM `members_profiles2` WHERE `username` = '$username'");





   $s = explode("|", $u['avatar_find']);





   $srch = "'',";





   foreach($s as $sa)


      if(!empty($sa))


      {


         $srch .= "'$sa',";


         $res  .= "$sa|";


      }





   $secret = str_replace(",)", ")", "AND `ID` NOT IN ($srch)");





   $q = mysql_query("SELECT `ID`, `IMAGE` FROM `avatar` WHERE 1 $secret AND `PLACE` = '$place' AND `SECRET` = '1' LIMIT 1");





   $num = mysql_num_rows($q);





   if ($num == 1)


   {


      $f = mysql_fetch_array($q);


      $res .= "$f[iD]|";





      mysql_query("UPDATE `members_profiles2` SET `avatar_find` = '$res' WHERE `username` = '$username'") or die(mysql_error());





      $msg = "<center><img src='uploads/$f[iMAGE]' width=40 height=40> You Find A Secret Avatar, Congratulations!</center>";


   }


   else


      $msg = '';





return $msg;





}





?>

 

please help, it is a dire emergendcy and help is needed asap :S Thanks in advance

Link to comment
https://forums.phpfreaks.com/topic/138424-hacked-hacked-by-hero/
Share on other sites
redarrow Advanced Member

redarrow

Posted
Posted

Look first thing, getting hacked dose not mean you was hacked on purpose,

 

I have noticed you like using the GET[''] in your select statements well that a floor already.

 

I strongly recommend you redesign your scripts using sessions instead off GET[''].

 

Secondly you defiantly need to setup your database properly for user information ( log in details that is).

 

Sorry but i think your website is floored, due to your database schema.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.