10-06-2007, 03:17 AM
So as some of you webmasters know, there is HTTP Codes like 403 is Forbidden, 200 is OK, blah blah.
If someone wrote an outside script for my website, where it connects and allows them to do the same functions over and over again. Which HTTP code would that be? Any 3rd party illegal script.
10-07-2007, 03:07 AM
Nope ... if you have "hot-linking" disabled and other
config options, like only execute scripts from within your own
domain name. Things like that are set up with your webhost,
or from a control panel that your webhost provides.
If someone is maliciously accessing your website, files, directories, etc.
contact your webhost and explain what's happening.
10-07-2007, 04:41 AM
Thanks for the reply, I have access to hot-linking to enable or disable it. I don't have an option to execute only my website scripts :(
When I told them what was going on, they didn't understand what I meant. I couldn't explain well enough to them.
10-07-2007, 04:26 PM
What is someone doing to your website? Something malicious?
10-08-2007, 03:24 AM
Using the same functions, it's a community/game and stuff they do on the game part is bugging me. Like they write a script to do a certain thing over and over for like 12 hours until the database crashes.
10-08-2007, 05:56 AM
Here is the reply I just got from my webhost.
We are a shared hosting company and because of that this would not be possible. All
scripts on our servers are run under the context of the user who created them and as
such there would be no way for another users' script to gain permissions to your
data or your website. Let us know if you need anything else.
10-08-2007, 05:26 PM
I see ... so you have a script that allows them to do things to files or a database. You are essentially in control of your visitor's access.
What I think you need to do then is figure out the pace of your game so
that a particular IP address can't do something more than 2 or 3 times
within a specific time period.
Is this a community game where they must log-in?
I would start there. Don't let anyone have access unless they have
created a "member" account and you verified it with an email address.
You'll have to tell us more about the game and who is given access.
10-08-2007, 05:46 PM
Yes everyone must create an account and verify it by email. It was suppose to be mainly a game, but people generally login to chat on the message boards and in the real-time chatroom. That's where they spend all the time.
I need some kind of script that shows the ip address of an account that is connecting using an outside script. The website is www.rodgame.org and I have funding of $195.00 and if someone can make such a thing, i'd gladly pay for it.
10-08-2007, 09:33 PM
Is that outside script doing the same thing over and over again?
I mean ... like sending the same text each time?
I'm wondering if there can be some sort of compare to see if someone's
message or text is being repeated ... and THEN grab an IP address, log it,
and see if it returns later on.
10-09-2007, 04:18 AM
Hmm you may be onto to something. The only thing they are using it on is skills. Like you can go mining to get different types of ores. They check the source for the address to the button, and set it to click that button every time.
I setup an anti auto clicker script, and it stopped all of them from using auto clickers again. This is the only security problem yet.