Flash Flash Revolution: Community Forums

Flash Flash Revolution: Community Forums (http://www.flashflashrevolution.com/vbz/index.php)
-   Critical Thinking (http://www.flashflashrevolution.com/vbz/forumdisplay.php?f=33)
-   -   Advanced Flash Hack Prevention. (rf) (http://www.flashflashrevolution.com/vbz/showthread.php?t=5472)

HNJhack 12-17-2003 09:53 AM

Advanced Flash Hack Prevention. (rf)
 
Ok, I know we already have one of these on the board, but I felt that we should put one in the Critical Thinking section. That way, we can have people that really want to solve this problem, and know what they are talking about, ediscuss this topic.

I have thought a bit a bout this and have come up with some possible solutions, but it would be nice to have many people think together, so we can cover all the bases. If you think this is a bad idea don't flame the thread, just leave it. This is for people who are serious about stoping the hacking sutuation. ^_^

Enjoy.

Synthlight 12-17-2003 10:08 AM

I have read your ideas on hack prevention and we have implented complicated server side prevention processes to elminate most of this problem. I tend to keep quiet about this issues however because if everyone knows my methods then they will also know weaknesses.

Cheers,

Synthlight

heyhey11 12-17-2003 10:10 AM

i am not that computer smart with programming and stuff like that but couldnt you see what the highest possible score is for a song and make that the max. If anyone gets above that ban them immediatly and not let them in top 10

jimerax 12-17-2003 10:22 AM

I'm agree with heyhey's opinion.

It's not a fundamental solution, but I think easy to try.

lightdarkness 12-17-2003 10:56 AM

but hey hey
what about hidden arrows, and gliched ones
you could get higher than the max score by accedent
so, just dont put them on the top 10, but DON NOT ban them.

jimerax 12-17-2003 11:16 AM

Umm, surely to ban at once isn't efficient.

If banned, they hackers will change their IP through proxys.
Then the banned IP is only one of their proxys, risk is higher than effect.

HNJhack 12-17-2003 12:53 PM

well wait a sec, youdon't want to rob tehm of thier achievmentrs, so if we implement a way to know if the song has been beaten fairly, then we assume ther wewre some glithces, and give them the title they earned. But if we know that the song hasn't been played through all the way, then we deny the title and ban them. the only trouble would be testing this. you must make sure it works 100%, because we don't want to ban people for no reason. Plus if we want to start small, we can use basic boolean logic to atleadst stop the smalltime hackers. Unless they can get a copy of the source, they won't know what needs to be set to what, and there could also be an infinite possiblity. So in most cases this would stop most people. THEN we can worry about the people that have NOTHING better to do with there lives.

Or you couls give me the IPs of the people that we know are hackers, and i could send them i "friendly "message".

and synth, i agree, would it be possible to have this discussion through PMs, AIM, e-mail, or matbe a PRIVATE forum? just a thought. ^_^

Anticrombie0909 12-17-2003 05:28 PM

The thing that's annoying is that most people think that by hiding behind a commercial hack protection program, they are perfectly safe. They need to know that hacking and viruses are serious problems, and that if you do get hacked, they probably won't catch the guy who did it. The Judicial system is years behind technology, and with no suitable laws or guidelines to eliminate the problem, the problem will continue to run unchecked. We need to educate people on computer safety, and we need to get the judicial system's head out of it's ass and catch up with the modern world.

HNJhack 12-18-2003 08:44 AM

very true. but the only problem is, when n00bs try to get into this stuff, they all make one BIG mistake. They go out and by/read some book released by a "hacker". "all of the secrets of the pro's" that kinda crap.when common sense would tell you, that if a book like that was out anb about, the go'vt would have recalled it in a heartbeat. yeah those books are telling the truth, but those hacks are on average 2 or more years old. Anyone with even mild experience would know that ALOT WILL change in 2 years. so much that it will be a completely different task to hack into the same system. ^_^

(but i thought we should have a private forum for say, all the moderaters, myself, and a couple of RELIABLE members who would like to partake in the topic. that way, we know that only trustworthy people knokw of our discussion, and no hackers, besides me will know of the methods used for defense.)
^_^

heyhey11 12-18-2003 10:08 AM

well if they just happened to hit a glitch or secret arrow then those should be reported and added to the high scores

HNJhack 12-18-2003 11:11 AM

yes, we all know that(not trying to be mean) but that is why we should use boolean logic to check.

HNJhack 12-18-2003 11:13 AM

yes, we all know that(not trying to be mean) but that is why we should use boolean logic to check.^_^

HNJhack 12-18-2003 11:23 AM

why the fuck did it double post?? oops, now i made it a triple post, crap! ^_^

Synthlight 12-20-2003 12:33 AM

HNJhack,

I challenge you to hack the score.. forgot glitched arrows, that is bad conversion and can be corrected. I mean legitimate hacking. I have implemented security measures far beyond what you think I have.

Good luck

Cheers,

Synthlight

HNJhack 12-22-2003 08:36 AM

i'll go for it.(it will have to be during my free time though, which i kinda lack at the moment with school.)
but i accept. any particular way you wish for me to hack, linux, windows,certain things you want me to do? ^_^

Anticrombie0909 12-22-2003 09:13 AM

Lol cool. Try and hack yourself onto the number one spot on all the scores, just to see if you can.

Also, about that secret anti-hacking section that nobody could read...what it someone hacked it?

HNJhack 12-22-2003 10:34 AM

well, that isn't that important, cuz they'd have to know where to look. if synth creates a thread that only appears for us when we log on, then nobody should know. and we would delete this thread.

right now, i'm just gonna see if he was dumb enough to leave ftp access on. and then find his open ports.

if not, then i'll have to actually think about it. ^_^

Ridge 12-22-2003 05:31 PM

most of the hackers just watch for packets that are x'ed thru the user to the server, so if u were to encrypt the code thats being x'ed from the user to server they couldnt decrypt it and send a hacked packet

HNJhack 12-23-2003 09:24 AM

YES!!!!! we have another person that knows what they are talking about!!!!!!!!!

But there is one flaw with that theory. If you ping the server(case people don't know what it is, it's sending chunks of info ,usually 64kb in size, repeatedly to the server. It's only real purpose is to bog the server.) the data will be left "at the door" giving people time to retrieve and change it. Or they could just m,ake a quick copy of it, and send the original back to the server, and see which port is open.(let alona a port scanner is way more efficient.Then once they have the time, they will write an algorithym that will de/encrypt the data. after that it's easy to send files in and out, if you played the song or not.

The one thing I am concerned about is if they get to the source code. Then all hell would break loose. got to go, be back later to finish this post. ^_^

Anonymous 12-23-2003 09:50 AM

One way to cut down on this is to change your algorithym weekly, but that would be a royal pain in the ass. You COULD use some serious encryption, say 128 bit+.(there is one thing that puzzles me, how little of a life do you have to have in order to hack ffr? relly now, do something important with your time like playing it, ya know, het the scores for real). cryle is a good one for you. ^_^


All times are GMT -5. The time now is 05:52 PM.

Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Copyright FlashFlashRevolution