If you guys haven't noticed there's a spam bot plaguing Coasters2k at the moment. He has already hacked both my and TCs account there. If you guys could have a look and suggest some potential solutions that will be great. The hacker is currently hosting Six Flags Fiesta's account.[V]
I closed my account on C2K when I gave up my controlling interest to TConwell. I think its showing up my name because I am the user #1, and that's what will show up if you inject SQL.
yeah, sql injection = unsanitized coding somewhere.He can delete everything, load a backup and load a backup db but that means it will only happen again since the exploit is still there.
Yup. I've been trying to figure out what's up and have messaged the Snitz folks. Oscar, as info for you, we even reloaded the forums from SCRATCH and still it exists. Gotta be a SQL injection somewhere (I agree) ... but where is most definitely the question. We've been keeping up with updates, etc., -- but yeah, this is an issue for the experts.
Sometimes the best thing to say is nothing at all.
Restore the db, lock all the tables relating to the user or security (anything with passwords or permissions information) then monitor the logs for access errors. You should be able to spot an error thrown from a routine that shouldn't be accessing those tables.
Man, Shaggy needs to ditch that 'stash. I'm hearing Shaggy but I'm seeing Lando Calrissian.
Be sure you're not looking in a mirror before you start pointing fingers.