+- Mirage Source (https://mirage-engine.uk/forums)
+-- Forum: Mirage Source (Nostalgia) (https://mirage-engine.uk/forums/forumdisplay.php?fid=61)
+--- Forum: Archive (2006-2011) (https://mirage-engine.uk/forums/forumdisplay.php?fid=18)
+---- Forum: Source Code Development (https://mirage-engine.uk/forums/forumdisplay.php?fid=51)
+----- Forum: Mirage Source 4 (Visual Basic 6) (https://mirage-engine.uk/forums/forumdisplay.php?fid=44)
+----- Thread: PHP Scripts. . . =( (/showthread.php?tid=2719)
PHP Scripts. . . =( - Cruzn - 10-04-2009
Just so you guys know, the default MS4/MS3.0.3/etc. are all susceptible to malicious PHP scripts.
PHP Code: This scriptlet creates 51 accounts with randomly generated usernames. The password is static simply because I was lazy and this is only for demonstration purposes. It only takes a few seconds for this script to create 500 accounts. Basically, it's not super harmful to gameplay other than taking up one socket, using some bandwith, and wasting space (but when you can buy 1TB harddrives, the account sizes are negligible). This script is for MS4, but simply change the packet sent to the server and it will work for all versions.
Images:
[spoiler]
![[Image: phpscript1.gif]](http://img58.imageshack.us/img58/3728/phpscript1.gif)
![[Image: phpscript2.gif]](http://img58.imageshack.us/img58/413/phpscript2.gif)
[/spoiler]Have fun.
Re: PHP Scripts. . . =( - ExoShox - 10-04-2009
I assume this teaches how to take a server out? (At least if you have more than one person doing this at once on different IPs/Computers)
Re: PHP Scripts. . . =( - Tony - 10-04-2009
Wow, so registration through browser is possible?
Re: PHP Scripts. . . =( - Pbcrazy - 10-04-2009
ummm.... i would guess so...
Re: PHP Scripts. . . =( - Dragoons Master - 10-04-2009
Change your server to sql based. Then make it only possible to create account from the website, then add a CAPTCHA. Fixed.
Re: PHP Scripts. . . =( - Cruzn - 10-04-2009
Senseika Wrote:I assume this teaches how to take a server out? (At least if you have more than one person doing this at once on different IPs/Computers)Sure, a person could easily max out all the sockets on a single script. It wouldn't crash the server, but nobody would be able to connect.
Tony Wrote:Wow, so registration through browser is possible?[code]
Re: PHP Scripts. . . =( - Tony - 10-04-2009
Dragoons Master Wrote:Change your server to sql based. Then make it only possible to create account from the website, then add a CAPTCHA. Fixed.
You make it sound so easy :\
Re: PHP Scripts. . . =( - Dragoons Master - 10-04-2009
Tony Wrote:My game is already in mysql, so all I need is change the registration from the client to the browser.Dragoons Master Wrote:Change your server to sql based. Then make it only possible to create account from the website, then add a CAPTCHA. Fixed.
You make it sound so easy :\
Re: PHP Scripts. . . =( - Tony - 10-04-2009
So umm hows it unsafe if you can check if the packet came from your website?
Re: PHP Scripts. . . =( - Jacob - 10-04-2009
You could be hardcore and limit the amount of accounts created per IP address.
Re: PHP Scripts. . . =( - phelpsy - 10-04-2009
you could just limit an ip to making only two accounts per day problem solved
or encrypt all the packets