12-17-2003, 08:53 AM | #1 |
FFR Player
|
Advanced Flash Hack Prevention. (rf)
Ok, I know we already have one of these on the board, but I felt that we should put one in the Critical Thinking section. That way, we can have people that really want to solve this problem, and know what they are talking about, ediscuss this topic.
I have thought a bit a bout this and have come up with some possible solutions, but it would be nice to have many people think together, so we can cover all the bases. If you think this is a bad idea don't flame the thread, just leave it. This is for people who are serious about stoping the hacking sutuation. ^_^ Enjoy. |
12-17-2003, 09:08 AM | #2 |
Administrator
Founder, System Administrator
Join Date: Nov 2002
Location: United States of America
Age: 50
Posts: 3,052
|
I have read your ideas on hack prevention and we have implented complicated server side prevention processes to elminate most of this problem. I tend to keep quiet about this issues however because if everyone knows my methods then they will also know weaknesses.
Cheers, Synthlight |
12-17-2003, 09:10 AM | #3 | |
FFR Player
Join Date: Aug 2003
Location: the land of the missing asain
Posts: 403
|
i am not that computer smart with programming and stuff like that but couldnt you see what the highest possible score is for a song and make that the max. If anyone gets above that ban them immediatly and not let them in top 10
__________________
Quote:
|
|
12-17-2003, 09:22 AM | #4 |
★★★★★
|
I'm agree with heyhey's opinion.
It's not a fundamental solution, but I think easy to try. |
12-17-2003, 09:56 AM | #5 |
Summer!!
|
but hey hey
what about hidden arrows, and gliched ones you could get higher than the max score by accedent so, just dont put them on the top 10, but DON NOT ban them.
__________________
|
12-17-2003, 10:16 AM | #6 |
★★★★★
|
Umm, surely to ban at once isn't efficient.
If banned, they hackers will change their IP through proxys. Then the banned IP is only one of their proxys, risk is higher than effect. |
12-17-2003, 11:53 AM | #7 |
FFR Player
|
well wait a sec, youdon't want to rob tehm of thier achievmentrs, so if we implement a way to know if the song has been beaten fairly, then we assume ther wewre some glithces, and give them the title they earned. But if we know that the song hasn't been played through all the way, then we deny the title and ban them. the only trouble would be testing this. you must make sure it works 100%, because we don't want to ban people for no reason. Plus if we want to start small, we can use basic boolean logic to atleadst stop the smalltime hackers. Unless they can get a copy of the source, they won't know what needs to be set to what, and there could also be an infinite possiblity. So in most cases this would stop most people. THEN we can worry about the people that have NOTHING better to do with there lives.
Or you couls give me the IPs of the people that we know are hackers, and i could send them i "friendly "message". and synth, i agree, would it be possible to have this discussion through PMs, AIM, e-mail, or matbe a PRIVATE forum? just a thought. ^_^ |
12-17-2003, 04:28 PM | #8 |
FFR Player
|
The thing that's annoying is that most people think that by hiding behind a commercial hack protection program, they are perfectly safe. They need to know that hacking and viruses are serious problems, and that if you do get hacked, they probably won't catch the guy who did it. The Judicial system is years behind technology, and with no suitable laws or guidelines to eliminate the problem, the problem will continue to run unchecked. We need to educate people on computer safety, and we need to get the judicial system's head out of it's ass and catch up with the modern world.
|
12-18-2003, 07:44 AM | #9 |
FFR Player
|
very true. but the only problem is, when n00bs try to get into this stuff, they all make one BIG mistake. They go out and by/read some book released by a "hacker". "all of the secrets of the pro's" that kinda crap.when common sense would tell you, that if a book like that was out anb about, the go'vt would have recalled it in a heartbeat. yeah those books are telling the truth, but those hacks are on average 2 or more years old. Anyone with even mild experience would know that ALOT WILL change in 2 years. so much that it will be a completely different task to hack into the same system. ^_^
(but i thought we should have a private forum for say, all the moderaters, myself, and a couple of RELIABLE members who would like to partake in the topic. that way, we know that only trustworthy people knokw of our discussion, and no hackers, besides me will know of the methods used for defense.) ^_^ |
12-18-2003, 09:08 AM | #10 | |
FFR Player
Join Date: Aug 2003
Location: the land of the missing asain
Posts: 403
|
well if they just happened to hit a glitch or secret arrow then those should be reported and added to the high scores
__________________
Quote:
|
|
12-18-2003, 10:11 AM | #11 |
FFR Player
|
yes, we all know that(not trying to be mean) but that is why we should use boolean logic to check.
|
12-18-2003, 10:13 AM | #12 |
FFR Player
|
yes, we all know that(not trying to be mean) but that is why we should use boolean logic to check.^_^
|
12-18-2003, 10:23 AM | #13 |
FFR Player
|
why the fuck did it double post?? oops, now i made it a triple post, crap! ^_^
|
12-19-2003, 11:33 PM | #14 |
Administrator
Founder, System Administrator
Join Date: Nov 2002
Location: United States of America
Age: 50
Posts: 3,052
|
HNJhack,
I challenge you to hack the score.. forgot glitched arrows, that is bad conversion and can be corrected. I mean legitimate hacking. I have implemented security measures far beyond what you think I have. Good luck Cheers, Synthlight |
12-22-2003, 07:36 AM | #15 |
FFR Player
|
i'll go for it.(it will have to be during my free time though, which i kinda lack at the moment with school.)
but i accept. any particular way you wish for me to hack, linux, windows,certain things you want me to do? ^_^ |
12-22-2003, 08:13 AM | #16 |
FFR Player
|
Lol cool. Try and hack yourself onto the number one spot on all the scores, just to see if you can.
Also, about that secret anti-hacking section that nobody could read...what it someone hacked it? |
12-22-2003, 09:34 AM | #17 |
FFR Player
|
well, that isn't that important, cuz they'd have to know where to look. if synth creates a thread that only appears for us when we log on, then nobody should know. and we would delete this thread.
right now, i'm just gonna see if he was dumb enough to leave ftp access on. and then find his open ports. if not, then i'll have to actually think about it. ^_^ |
12-22-2003, 04:31 PM | #18 |
FFR Player
|
most of the hackers just watch for packets that are x'ed thru the user to the server, so if u were to encrypt the code thats being x'ed from the user to server they couldnt decrypt it and send a hacked packet
|
12-23-2003, 08:24 AM | #19 |
FFR Player
|
YES!!!!! we have another person that knows what they are talking about!!!!!!!!!
But there is one flaw with that theory. If you ping the server(case people don't know what it is, it's sending chunks of info ,usually 64kb in size, repeatedly to the server. It's only real purpose is to bog the server.) the data will be left "at the door" giving people time to retrieve and change it. Or they could just m,ake a quick copy of it, and send the original back to the server, and see which port is open.(let alona a port scanner is way more efficient.Then once they have the time, they will write an algorithym that will de/encrypt the data. after that it's easy to send files in and out, if you played the song or not. The one thing I am concerned about is if they get to the source code. Then all hell would break loose. got to go, be back later to finish this post. ^_^ |
12-23-2003, 08:50 AM | #20 |
FFR Player
Join Date: May 2002
Posts: 1,088
|
One way to cut down on this is to change your algorithym weekly, but that would be a royal pain in the ass. You COULD use some serious encryption, say 128 bit+.(there is one thing that puzzles me, how little of a life do you have to have in order to hack ffr? relly now, do something important with your time like playing it, ya know, het the scores for real). cryle is a good one for you. ^_^
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|