English Protect Unrealsoftware

6 replies
Goto Page
To the start Previous 1 Next To the start
20.09.19 11:27:20 pm
Up
Grand Master
User
Offline Off
Firstly I'm not trolling or scaring pepole or something, this topic is about protecting unrealsoftware accounts from hacking/hijacking. Some days ago, I got a result. Hackers can hack the accounts by using that ways/methods,
1. The hack tool will enter an incorrect password, then there still may a connection between unrealsoftware and the hacker, then it will let the hacker to get the password from the database. It's what I think, also I am right I think.
2. Add a script what will not let the user connect to unrealsoftware till it gets the user browser, ip and other. You can add the browsers that you want to be in whitelist, then the system will only allow them. It can protect Unrealsoftware from ddosing/hacking in some ways, also same to accounts.
3. I am really not sure about MySQL tables and others, Could you check them again.
4. Can't you use oauth2 to protect Unrealsoftware accounts from hacking.
5. You have to use
Code:
1
htmlspecialchar
like
Code:
1
htmlspecialchar($_POST['name'])
to protect Unrealsoftware accounts from XSS Attacks.
6. You can use
Code:
1
2
preg_match
preg_match ( string $pattern , string $subject [, array &$matches [, int $flags = 0 [, int $offset = 0 ]]] ) : int
for the name input.

So to protect Unrealsoftware accounts from hijacking can't you add a system when we login and we enter the name, password, then it sends an account verification to our email. (it's the best way to protect Unrealsoftware accounts from hijacking and hacking)

√ If you use my methods to protect Unrealsoftware accounts from hacking and hijacking, Unrealsoftware accounts will never be hacked again, also it will not be possible for hijackers to hijack unrealsoftware accounts like now.
edited 5×, last 21.09.19 12:14:07 am
21.09.19 04:47:50 am
Up
Starkkz
Moderator
Offline Off
I don't think it's currently possible to implement OAuth2 on the UnrealSoftware forum. But even if it was implemented, the OAuth2 client credentials would still be embedded on the browser so I don't think it would make much of a difference.

If you have found a security vulnerability you should directly contact @user DC.
lol
21.09.19 07:12:26 am
Up
ohaz
User
Offline Off
You're listing a lot of Threats, but not a single Vulnerability. What is DC supposed to do with this? I think he knows about the Threats already, currently the only thing that would actually help is reporting Vulnerabilities
https://ohaz.engineer - Software Engineering
21.09.19 09:34:01 am
Up
Gaios
Security Supporter
Offline Off
Wtf is that thread about? We don't get any account hijacking here.. I don't see any vulnerability here.
All we can do yet is CSRF Protection.

@user Grand Master: If you're so hard, hack my account then.
21.09.19 10:03:27 am
Up
Grand Master
User
Offline Off
user Gaios > https://imgur.com/a/2nYiqbM
Can you tell me what is happening there

Hundreds accounts got hijacked/hacked, and you're still trying to hide them. At least find a solution.

Also all you can do yet is not only CRSF Protection. You can do many more things to protect Unrealsoftware accounts.
edited 1×, last 21.09.19 10:13:39 am
21.09.19 10:53:56 am
Up
Gaios
Security Supporter
Offline Off
@user Grand Master: Say this to user DC. I'm not allowed to edit unrealsoftware.de web code.

And I don't think he got hijacked.
Quote:
You will get a ban when you violate the rules. A banned account is very limited. It is not allowed to get a new account. Every person is only allowed to have one single account.

illegal http://unrealsoftware.de/rules.php
21.09.19 01:49:55 pm
Up
Grand Master
User
Offline Off
user Gaios has written:
You will get a ban when you violate the rules. A banned account is very limited. It is not allowed to get a new account. Every person is only allowed to have one single account.

illegal http://unrealsoftware.de/rules.php


The hacker(I don't want to mention his name here, PM me if you want to know) is playing with a new usgn everyday, so he violated the rules, he didn't even get ban yet, But we're not allowed to have multiple accounts.
To the start Previous 1 Next To the start