Advanced Flash Hack Prevention. (rf)

HNJhack · 12-17-2003, 08:53 AM

Ok, I know we already have one of these on the board, but I felt that we should put one in the Critical Thinking section. That way, we can have people that really want to solve this problem, and know what they are talking about, ediscuss this topic.

I have thought a bit a bout this and have come up with some possible solutions, but it would be nice to have many people think together, so we can cover all the bases. If you think this is a bad idea don't flame the thread, just leave it. This is for people who are serious about stoping the hacking sutuation. ^_^

Enjoy.

**Synthlight** · 12-17-2003, 09:08 AM

I have read your ideas on hack prevention and we have implented complicated server side prevention processes to elminate most of this problem. I tend to keep quiet about this issues however because if everyone knows my methods then they will also know weaknesses.

Cheers,

Synthlight

heyhey11 · 12-17-2003, 09:10 AM

i am not that computer smart with programming and stuff like that but couldnt you see what the highest possible score is for a song and make that the max. If anyone gets above that ban them immediatly and not let them in top 10

**jimerax** · 12-17-2003, 09:22 AM

I'm agree with heyhey's opinion.

It's not a fundamental solution, but I think easy to try.

**lightdarkness** · 12-17-2003, 09:56 AM

but hey hey
what about hidden arrows, and gliched ones
you could get higher than the max score by accedent
so, just dont put them on the top 10, but DON NOT ban them.

**jimerax** · 12-17-2003, 10:16 AM

Umm, surely to ban at once isn't efficient.

If banned, they hackers will change their IP through proxys.
Then the banned IP is only one of their proxys, risk is higher than effect.

HNJhack · 12-17-2003, 11:53 AM

well wait a sec, youdon't want to rob tehm of thier achievmentrs, so if we implement a way to know if the song has been beaten fairly, then we assume ther wewre some glithces, and give them the title they earned. But if we know that the song hasn't been played through all the way, then we deny the title and ban them. the only trouble would be testing this. you must make sure it works 100%, because we don't want to ban people for no reason. Plus if we want to start small, we can use basic boolean logic to atleadst stop the smalltime hackers. Unless they can get a copy of the source, they won't know what needs to be set to what, and there could also be an infinite possiblity. So in most cases this would stop most people. THEN we can worry about the people that have NOTHING better to do with there lives.

Or you couls give me the IPs of the people that we know are hackers, and i could send them i "friendly "message".

and synth, i agree, would it be possible to have this discussion through PMs, AIM, e-mail, or matbe a PRIVATE forum? just a thought. ^_^

Anticrombie0909 · 12-17-2003, 04:28 PM

The thing that's annoying is that most people think that by hiding behind a commercial hack protection program, they are perfectly safe. They need to know that hacking and viruses are serious problems, and that if you do get hacked, they probably won't catch the guy who did it. The Judicial system is years behind technology, and with no suitable laws or guidelines to eliminate the problem, the problem will continue to run unchecked. We need to educate people on computer safety, and we need to get the judicial system's head out of it's ass and catch up with the modern world.

HNJhack · 12-18-2003, 07:44 AM

very true. but the only problem is, when n00bs try to get into this stuff, they all make one BIG mistake. They go out and by/read some book released by a "hacker". "all of the secrets of the pro's" that kinda crap.when common sense would tell you, that if a book like that was out anb about, the go'vt would have recalled it in a heartbeat. yeah those books are telling the truth, but those hacks are on average 2 or more years old. Anyone with even mild experience would know that ALOT WILL change in 2 years. so much that it will be a completely different task to hack into the same system. ^_^

(but i thought we should have a private forum for say, all the moderaters, myself, and a couple of RELIABLE members who would like to partake in the topic. that way, we know that only trustworthy people knokw of our discussion, and no hackers, besides me will know of the methods used for defense.)
^_^

heyhey11 · 12-18-2003, 09:08 AM

well if they just happened to hit a glitch or secret arrow then those should be reported and added to the high scores

HNJhack · 12-18-2003, 10:11 AM

yes, we all know that(not trying to be mean) but that is why we should use boolean logic to check.

HNJhack · 12-18-2003, 10:13 AM

yes, we all know that(not trying to be mean) but that is why we should use boolean logic to check.^_^

HNJhack · 12-18-2003, 10:23 AM

why the fuck did it double post?? oops, now i made it a triple post, crap! ^_^

**Synthlight** · 12-19-2003, 11:33 PM

HNJhack,

I challenge you to hack the score.. forgot glitched arrows, that is bad conversion and can be corrected. I mean legitimate hacking. I have implemented security measures far beyond what you think I have.

Good luck

Cheers,

Synthlight

HNJhack · 12-22-2003, 07:36 AM

i'll go for it.(it will have to be during my free time though, which i kinda lack at the moment with school.)
but i accept. any particular way you wish for me to hack, linux, windows,certain things you want me to do? ^_^

Anticrombie0909 · 12-22-2003, 08:13 AM

Lol cool. Try and hack yourself onto the number one spot on all the scores, just to see if you can.

Also, about that secret anti-hacking section that nobody could read...what it someone hacked it?

HNJhack · 12-22-2003, 09:34 AM

well, that isn't that important, cuz they'd have to know where to look. if synth creates a thread that only appears for us when we log on, then nobody should know. and we would delete this thread.

right now, i'm just gonna see if he was dumb enough to leave ftp access on. and then find his open ports.

if not, then i'll have to actually think about it. ^_^

Ridge · 12-22-2003, 04:31 PM

most of the hackers just watch for packets that are x'ed thru the user to the server, so if u were to encrypt the code thats being x'ed from the user to server they couldnt decrypt it and send a hacked packet

HNJhack · 12-23-2003, 08:24 AM

YES!!!!! we have another person that knows what they are talking about!!!!!!!!!

But there is one flaw with that theory. If you ping the server(case people don't know what it is, it's sending chunks of info ,usually 64kb in size, repeatedly to the server. It's only real purpose is to bog the server.) the data will be left "at the door" giving people time to retrieve and change it. Or they could just m,ake a quick copy of it, and send the original back to the server, and see which port is open.(let alona a port scanner is way more efficient.Then once they have the time, they will write an algorithym that will de/encrypt the data. after that it's easy to send files in and out, if you played the song or not.

The one thing I am concerned about is if they get to the source code. Then all hell would break loose. got to go, be back later to finish this post. ^_^

Anonymous · 12-23-2003, 08:50 AM

One way to cut down on this is to change your algorithym weekly, but that would be a royal pain in the ass. You COULD use some serious encryption, say 128 bit+.(there is one thing that puzzles me, how little of a life do you have to have in order to hack ffr? relly now, do something important with your time like playing it, ya know, het the scores for real). cryle is a good one for you. ^_^

12-17-2003, 08:53 AM	#1
HNJhack FFR Player Join Date: May 2003 Posts: 101	Advanced Flash Hack Prevention. (rf) Ok, I know we already have one of these on the board, but I felt that we should put one in the Critical Thinking section. That way, we can have people that really want to solve this problem, and know what they are talking about, ediscuss this topic. I have thought a bit a bout this and have come up with some possible solutions, but it would be nice to have many people think together, so we can cover all the bases. If you think this is a bad idea don't flame the thread, just leave it. This is for people who are serious about stoping the hacking sutuation. ^_^ Enjoy.

12-17-2003, 09:56 AM	#5
lightdarkness Summer!! Join Date: Jul 2003 Location: New York Age: 35 Posts: 11,308	but hey hey what about hidden arrows, and gliched ones you could get higher than the max score by accedent so, just dont put them on the top 10, but DON NOT ban them. __________________

12-17-2003, 11:53 AM	#7
HNJhack FFR Player Join Date: May 2003 Posts: 101	well wait a sec, youdon't want to rob tehm of thier achievmentrs, so if we implement a way to know if the song has been beaten fairly, then we assume ther wewre some glithces, and give them the title they earned. But if we know that the song hasn't been played through all the way, then we deny the title and ban them. the only trouble would be testing this. you must make sure it works 100%, because we don't want to ban people for no reason. Plus if we want to start small, we can use basic boolean logic to atleadst stop the smalltime hackers. Unless they can get a copy of the source, they won't know what needs to be set to what, and there could also be an infinite possiblity. So in most cases this would stop most people. THEN we can worry about the people that have NOTHING better to do with there lives. Or you couls give me the IPs of the people that we know are hackers, and i could send them i "friendly "message". and synth, i agree, would it be possible to have this discussion through PMs, AIM, e-mail, or matbe a PRIVATE forum? just a thought. ^_^ __________________ - 無秩序の神

12-18-2003, 07:44 AM	#9
HNJhack FFR Player Join Date: May 2003 Posts: 101	very true. but the only problem is, when n00bs try to get into this stuff, they all make one BIG mistake. They go out and by/read some book released by a "hacker". "all of the secrets of the pro's" that kinda crap.when common sense would tell you, that if a book like that was out anb about, the go'vt would have recalled it in a heartbeat. yeah those books are telling the truth, but those hacks are on average 2 or more years old. Anyone with even mild experience would know that ALOT WILL change in 2 years. so much that it will be a completely different task to hack into the same system. ^_^ (but i thought we should have a private forum for say, all the moderaters, myself, and a couple of RELIABLE members who would like to partake in the topic. that way, we know that only trustworthy people knokw of our discussion, and no hackers, besides me will know of the methods used for defense.) ^_^ __________________ - 無秩序の神

12-18-2003, 10:11 AM	#11
HNJhack FFR Player Join Date: May 2003 Posts: 101	yes, we all know that(not trying to be mean) but that is why we should use boolean logic to check. __________________ - 無秩序の神

12-17-2003, 09:08 AM	#2
Synthlight Administrator Founder, System Administrator Join Date: Nov 2002 Location: United States of America Age: 50 Posts: 3,052	I have read your ideas on hack prevention and we have implented complicated server side prevention processes to elminate most of this problem. I tend to keep quiet about this issues however because if everyone knows my methods then they will also know weaknesses. Cheers, Synthlight

12-17-2003, 09:22 AM	#4
jimerax ★_★★^★★ Join Date: Nov 2003 Location: Tokyo Posts: 8,185	I'm agree with heyhey's opinion. It's not a fundamental solution, but I think easy to try.

12-17-2003, 10:16 AM	#6
jimerax ★_★★^★★ Join Date: Nov 2003 Location: Tokyo Posts: 8,185	Umm, surely to ban at once isn't efficient. If banned, they hackers will change their IP through proxys. Then the banned IP is only one of their proxys, risk is higher than effect.

12-17-2003, 04:28 PM	#8
Anticrombie0909 FFR Player Join Date: Jul 2003 Posts: 4,683	The thing that's annoying is that most people think that by hiding behind a commercial hack protection program, they are perfectly safe. They need to know that hacking and viruses are serious problems, and that if you do get hacked, they probably won't catch the guy who did it. The Judicial system is years behind technology, and with no suitable laws or guidelines to eliminate the problem, the problem will continue to run unchecked. We need to educate people on computer safety, and we need to get the judicial system's head out of it's ass and catch up with the modern world.

12-18-2003, 10:13 AM	#12
HNJhack FFR Player Join Date: May 2003 Posts: 101	yes, we all know that(not trying to be mean) but that is why we should use boolean logic to check.^_^ __________________ - 無秩序の神

12-18-2003, 10:23 AM	#13
HNJhack FFR Player Join Date: May 2003 Posts: 101	why the fuck did it double post?? oops, now i made it a triple post, crap! ^_^ __________________ - 無秩序の神

12-19-2003, 11:33 PM	#14
Synthlight Administrator Founder, System Administrator Join Date: Nov 2002 Location: United States of America Age: 50 Posts: 3,052	HNJhack, I challenge you to hack the score.. forgot glitched arrows, that is bad conversion and can be corrected. I mean legitimate hacking. I have implemented security measures far beyond what you think I have. Good luck Cheers, Synthlight

12-22-2003, 07:36 AM	#15
HNJhack FFR Player Join Date: May 2003 Posts: 101	i'll go for it.(it will have to be during my free time though, which i kinda lack at the moment with school.) but i accept. any particular way you wish for me to hack, linux, windows,certain things you want me to do? ^_^ __________________ - 無秩序の神

12-22-2003, 08:13 AM	#16
Anticrombie0909 FFR Player Join Date: Jul 2003 Posts: 4,683	Lol cool. Try and hack yourself onto the number one spot on all the scores, just to see if you can. Also, about that secret anti-hacking section that nobody could read...what it someone hacked it?

12-22-2003, 09:34 AM	#17
HNJhack FFR Player Join Date: May 2003 Posts: 101	well, that isn't that important, cuz they'd have to know where to look. if synth creates a thread that only appears for us when we log on, then nobody should know. and we would delete this thread. right now, i'm just gonna see if he was dumb enough to leave ftp access on. and then find his open ports. if not, then i'll have to actually think about it. ^_^ __________________ - 無秩序の神

12-22-2003, 04:31 PM	#18
Ridge FFR Player Join Date: Jul 2003 Location: joisey Posts: 234	most of the hackers just watch for packets that are x'ed thru the user to the server, so if u were to encrypt the code thats being x'ed from the user to server they couldnt decrypt it and send a hacked packet

12-23-2003, 08:24 AM	#19
HNJhack FFR Player Join Date: May 2003 Posts: 101	YES!!!!! we have another person that knows what they are talking about!!!!!!!!! But there is one flaw with that theory. If you ping the server(case people don't know what it is, it's sending chunks of info ,usually 64kb in size, repeatedly to the server. It's only real purpose is to bog the server.) the data will be left "at the door" giving people time to retrieve and change it. Or they could just m,ake a quick copy of it, and send the original back to the server, and see which port is open.(let alona a port scanner is way more efficient.Then once they have the time, they will write an algorithym that will de/encrypt the data. after that it's easy to send files in and out, if you played the song or not. The one thing I am concerned about is if they get to the source code. Then all hell would break loose. got to go, be back later to finish this post. ^_^ __________________ - 無秩序の神

12-23-2003, 08:50 AM	#20
Anonymous FFR Player Join Date: May 2002 Posts: 1,088	One way to cut down on this is to change your algorithym weekly, but that would be a royal pain in the ass. You COULD use some serious encryption, say 128 bit+.(there is one thing that puzzles me, how little of a life do you have to have in order to hack ffr? relly now, do something important with your time like playing it, ya know, het the scores for real). cryle is a good one for you. ^_^

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)