Page 1 of 1

Cheated Records problem

Posted: 28 Oct 2016 17:17
by L3cKy
Hej together ...

We found few cheated records on our server but the players dont have any loginname or nickname.
Seems they have just a blank name.

Screenshot

If we try to delete these records we just get this error ...

Code: Select all

[XASECO Warning] {RASP_ERROR} Could not remove time(s)! ()
sql = DELETE FROM rs_times WHERE challengeID=325 AND playerID=0
[XASECO Warning] Could not remove record! ()
sql = DELETE FROM records WHERE ChallengeId=325 AND PlayerId=0
Also the database dont store them (correctly) OR we cant find them ... because they dont have any PlayerID, Playerlogin or Playernickname.

Our temp solution:
we added in plugin.dedimania.php after line 371 ->

Code: Select all

	$check_nickname = stripColors($player->nickname);
	if ($check_nickname == '') {
		$aseco->client->query('Kick', $player->login);
	}
Of course seems not the best solutiuon -.-

Is there any news about these hack/injection and how can we prevent this?

So long L3cKy