Results 1 to 12 of 12
  1. #1
    Zeffer's Avatar
    Join Date
    Jun 2013
    Gender
    male
    Posts
    160
    Reputation
    12
    Thanks
    83
    My Mood
    Blah

    Hunter Is Deleting Posts Allowing Dangerous Software

    http://www.mpgh.net/forum/showthread.php?t=1156518

    This trainer in the AQW hacks section at the moment is a blatant account stealer which is clearly unsafe and any attempts of me to mention it to the section moderator @Hunter have been deleted without reason and he has refused conference with me over the issue. I'd love to explain to him why it isn't safe, but since he doesn't seem to want to hear it I'll just tell you here.



    This is the post request sent when adding a bot with the trainer's add bot feature. The username and password there are my AQW login credentials being sent to noticemeae.cf which is the creator's personal website. Also take note of how my password is being sent completely unencrypted which means anyone connected to the same wifi as me could easily intercept and steal my password.



    Here is a message from the owner defending it saying that it deletes your password and does not store them. We can take this for a grain of salt though considering all the handling of the data is done within the PHP which is 100% server sided. Meaning it can be changed at any time without the knowledge of any of the users or staff who may have inspected it.
    Stupidly large.

  2. #2
    Hunter's Avatar
    Join Date
    Dec 2013
    Gender
    male
    Posts
    16,201
    Reputation
    3406
    Thanks
    5,388
    My Mood
    Happy
    Thanks for your concern, but @master131 analyzed the said file himself and deemed it to be safe so yeah, not going to do anything about the file in question as such.
    Last edited by Hunter; 08-20-2016 at 01:03 PM.
    If you need help with anything, feel free to PM/VM me about it.



     
    hunterr.94

    Please make sure to always ask me for a confirmation PM/VM before proceeding with any deal that supposedly involves me.

     

    MPGH History:
    Premium Seller - 11/17/16
    News Force - Global News - 11/16/16
    Global Moderator - 10/02/16
    Call of Duty Minion - 07/17/16
    Moderator - 06/21/16
    News Force Editor - 06/16/16 - 07/17/16
    News Force Interviewer - 04/11/16 - 07/17/16
    BattleOn Minion - 03/05/16
    News Force - Section of the Week - 01/31/16 - 02/02/16
    League of Legends Minion - 12/11/15
    News Force Editor - 11/27/15 - 02/02/16
    Steam Minion - 11/24/15
    News Force - User News - 11/22/15 - 02/02/16
    Pharaoh - 11/07/15 - 12/13/15
    Alliance of Valiant Arms (AVA) Minion - 10/21/15
    Event Management Publicist - 09/14/15
    News Force Interviewer - 08/02/15 - 02/02/16
    Donator - 08/01/14
    Member - 12/03/13

  3. #3
    Zeffer's Avatar
    Join Date
    Jun 2013
    Gender
    male
    Posts
    160
    Reputation
    12
    Thanks
    83
    My Mood
    Blah
    Quote Originally Posted by Hunter View Post
    master131 analyzed the file himself and deemed it to be safe so no offense, but I don't really care about what you say.
    I've provided all the proof required, all the data is handled on the server so even if he analyzed it and said that its safe, they could change the PHP to store passwords without your knowledge, none of it is handled client sided, what are you having trouble understanding?

    - - - Updated - - -
    @Hunter I appreciate your opinion but I don't believe you're qualified to weigh in on the matter, could you please get some other staff in here that will be able to discuss the logistics of the program's operations? You said you don't care about me so you're obviously playing biases hard.
    Last edited by Zeffer; 08-20-2016 at 01:07 PM.
    Stupidly large.

  4. #4
    Hunter's Avatar
    Join Date
    Dec 2013
    Gender
    male
    Posts
    16,201
    Reputation
    3406
    Thanks
    5,388
    My Mood
    Happy
    Quote Originally Posted by Zeffer View Post
    @Hunter I appreciate your opinion but I don't believe you're qualified to weigh in on the matter, could you please get some other staff in here that will be able to discuss the logistics of the program's operations? You said you don't care about me so you're obviously playing biases hard.
    Playing biases hard? Oh please, give me a break. Everyone knows I've no problem in punishing one for their wrongdoing regardless of who they may be. The thing is, master131 is our finest file analyzer and as such, I'd rather trust his judgement over yours. If he deems the said file not to be safe after all, then I'll delete its thread otherwise I won't do absolutely anything about it.
    Last edited by Hunter; 08-20-2016 at 01:22 PM. Reason: Typos.
    If you need help with anything, feel free to PM/VM me about it.



     
    hunterr.94

    Please make sure to always ask me for a confirmation PM/VM before proceeding with any deal that supposedly involves me.

     

    MPGH History:
    Premium Seller - 11/17/16
    News Force - Global News - 11/16/16
    Global Moderator - 10/02/16
    Call of Duty Minion - 07/17/16
    Moderator - 06/21/16
    News Force Editor - 06/16/16 - 07/17/16
    News Force Interviewer - 04/11/16 - 07/17/16
    BattleOn Minion - 03/05/16
    News Force - Section of the Week - 01/31/16 - 02/02/16
    League of Legends Minion - 12/11/15
    News Force Editor - 11/27/15 - 02/02/16
    Steam Minion - 11/24/15
    News Force - User News - 11/22/15 - 02/02/16
    Pharaoh - 11/07/15 - 12/13/15
    Alliance of Valiant Arms (AVA) Minion - 10/21/15
    Event Management Publicist - 09/14/15
    News Force Interviewer - 08/02/15 - 02/02/16
    Donator - 08/01/14
    Member - 12/03/13

  5. #5
    Zeffer's Avatar
    Join Date
    Jun 2013
    Gender
    male
    Posts
    160
    Reputation
    12
    Thanks
    83
    My Mood
    Blah
    Quote Originally Posted by Hunter View Post
    Playing biases hard? Oh please, give me a break. Everyone knows I've no problem in punishing one for their wrongdoing regardless of who they are. The thing is, master131 is our finest fine analyzer and as such, I'd rather trust his judgement over yours. If he deems the said file not to be safe after all, then I'll delete its thread otherwise I won't do absolutely anything about it.
    @master131

    Can you come and tell me how this program is safe given the information I've provided? Give me facts, all I've been given so far is that you've checked it, I've been given no facts on how it's actually safe considering the way the program operates.

    Last edited by Zeffer; 08-20-2016 at 01:17 PM.
    Stupidly large.

  6. #6
    Dave84311's Avatar
    Join Date
    Dec 2005
    Gender
    male
    Location
    The Wild Wild West
    Posts
    27,856
    Reputation
    3541
    Thanks
    36,157
    My Mood
    Devilish
    Sending a password/username to a third party server isn't safe.

    I'll investigate it.





    THE EYE OF AN ADMINISTRATOR IS UPON YOU. ANY WRONG YOU DO IM GONNA SEE, WHEN YOU'RE ON MPGH, LOOK BEHIND YOU, 'CAUSE THATS WHERE IM GONNA BE


    "First they ignore you. Then they laugh at you. Then they fight you. Then you lose.” - Dave84311HAD VIRTUAL DETOX

  7. The Following 2 Users Say Thank You to Dave84311 For This Useful Post:

    [MPGH]Hunter (08-20-2016),Zeffer (08-20-2016)

  8. #7
    Dave84311's Avatar
    Join Date
    Dec 2005
    Gender
    male
    Location
    The Wild Wild West
    Posts
    27,856
    Reputation
    3541
    Thanks
    36,157
    My Mood
    Devilish
    The file should not have been approved. The reason sounds like bullshit... to ensure that no spamming occurs? What does that even mean? @ToxLP





    THE EYE OF AN ADMINISTRATOR IS UPON YOU. ANY WRONG YOU DO IM GONNA SEE, WHEN YOU'RE ON MPGH, LOOK BEHIND YOU, 'CAUSE THATS WHERE IM GONNA BE


    "First they ignore you. Then they laugh at you. Then they fight you. Then you lose.” - Dave84311HAD VIRTUAL DETOX

  9. The Following 3 Users Say Thank You to Dave84311 For This Useful Post:

    chibizs (08-20-2016),[MPGH]NormenJaydenFBI (08-20-2016),Zeffer (08-20-2016)

  10. #8
    sa3m's Avatar
    Join Date
    Aug 2016
    Gender
    male
    Posts
    1
    Reputation
    10
    Thanks
    0
    ty hunter for reassuring us that the file is 100% safe
    Last edited by sa3m; 08-20-2016 at 02:22 PM. Reason: fixed grammar error

  11. #9
    ToxLP's Avatar
    Join Date
    Feb 2013
    Gender
    male
    Location
    Maybe
    Posts
    298
    Reputation
    81
    Thanks
    3,092
    My Mood
    Twisted
    Quote Originally Posted by Dave84311 View Post
    The file should not have been approved. The reason sounds like bullshit... to ensure that no spamming occurs? What does that even mean?
    Hey so lemme explain please in v0.01 when i did not add any security what users did was spam more than 10k bots luckily they had similar names like name-1,name-2 etc.

    I had to delete all that with a Delete where like sql query so in v0.02 i needed to implement a feature which stops spamming so i thought of this

    I made the user and pass get sent to the php post what i used the user and pass for is

    Make a curl post request to the actual game login with the user and pass supplied if the response was a success it meant the user is legit and can add a bot, if it wasn't it blocked the request

    I only saved the Username,BotName,BotData,Ip

    Ip,Username are used to ban users from adding to make sure there the right spammers,

    So the delete bot function can make sure the the correct user is deleting it,It also had the User,Pass sent there and made a curl request again to make sure spammers weren't spamming delete.

    Edit:
    In the end i never saved any password of any user,

    Only thing i saved that was there's is Just there Username And Ip.
    Last edited by ToxLP; 08-20-2016 at 02:24 PM.

  12. #10
    Zeffer's Avatar
    Join Date
    Jun 2013
    Gender
    male
    Posts
    160
    Reputation
    12
    Thanks
    83
    My Mood
    Blah
    Quote Originally Posted by ToxLP View Post
    - snip -
    You ever think of a captcha?
    Stupidly large.

  13. #11
    chibizs's Avatar
    Join Date
    Jul 2012
    Gender
    female
    Location
    In Your Computer
    Posts
    878
    Reputation
    261
    Thanks
    1,120
    My Mood
    Breezy
    Why was the pass even needed, check the current state of login and username.. Kek. A captcha, anything would work. And if you save a username and ip, if your app isn't secure, whats to say the server is? One db dump and you have fucked everyone using your bot. Might as well be a username collector for ae.


    Also, I can spam create aqw accounts and then spam your bot, so your security wouldn't have worked except for basic spamming.


    Edit: you could've also just checked character pages to see if the account existed.
    Last edited by chibizs; 08-20-2016 at 03:51 PM. Reason: Another thought
    Want an Adventure Quest, DragonFable, or Mechquest trainer. If you answered yes to any of these then click here.

    PkDude's Legacy V1.2

    If you need help with AQW Private server creation then click Here.

    If I have helped please press thanks. It doesn't take much effort and it means a lot to me.

  14. The Following User Says Thank You to chibizs For This Useful Post:

    Demaier (08-20-2016)

  15. #12
    Hero's Avatar
    Join Date
    Feb 2011
    Gender
    male
    Location
    MPGH.NET
    Posts
    33,737
    Reputation
    3155
    Thanks
    7,894
    Thread won't be undeleted and will remain that way. Reprimand will be handed out.



    Donator since 09•16•2011
    Minion since 10•10•2011
    Minion+ since 01•06•2012
    Moderator since 08•08•2012
    Global Moderator since 10•06•2012
    Editor from 06•14•2011 • 2014


    [ • ] [ • ] [ • ] [ • ][ • ]


  16. The Following 2 Users Say Thank You to Hero For This Useful Post:

    Demaier (08-20-2016),Original (1 Week Ago)

Similar Threads

  1. deleted post
    By Braulio Antunes in forum Call of Duty Modern Warfare 2 Help
    Replies: 1
    Last Post: 02-24-2013, 02:23 PM
  2. Deleted Post
    By `Luke in forum Staff Disputes
    Replies: 5
    Last Post: 07-11-2012, 04:29 PM
  3. Deleted posts
    By Ed in forum Staff Disputes
    Replies: 8
    Last Post: 10-16-2011, 05:23 PM
  4. [Info] Deleted posts?
    By moelex64 in forum CrossFire Discussions
    Replies: 8
    Last Post: 06-08-2011, 08:05 AM
  5. Deleted post & closed.
    By slickick in forum WarRock - International Hacks
    Replies: 53
    Last Post: 07-31-2009, 06:42 AM