Money hacker

Money hacker

« posted: May 22, 2017, 03:33 AM »
Last night a hacker was found in my server. That guy was able to bypass all the anti-hack mechanisms and manipulate the cmoney variable at will.

If it had not been for the HvT addon, It wouldn't have been possible for me to catch him. He literally hacked 50 million in seconds and deposited it into his bank account.

He was also able to teleport at will.

Is it possible for us to have a bank account balance change rate monitor to automatically log abnormal balance change?
  • Offline Matt76
  • Mercenary
  • *****
  • Posts: 403
  • co founder of customcombatgaming.com

Re: Money hacker

« Reply #1 posted: May 22, 2017, 07:57 AM »
Or you could change the cmoney variable to something random and set your BE logs to catch the cmoney variable ;)

Re: Money hacker

« Reply #2 posted: May 22, 2017, 09:41 AM »
Or you could change the cmoney variable to something random

What do you mean by random? Can't the hacker extract the pbo and find whatever you use for the cmoney variable?

and set your BE logs to catch the cmoney variable ;)

Did you mean by adding following code into setVariable.txt?

Code: [Select]
5="cmoney"
  • Offline Matt76
  • Mercenary
  • *****
  • Posts: 403
  • co founder of customcombatgaming.com

Re: Money hacker

« Reply #3 posted: May 22, 2017, 03:41 PM »
Most script kiddies aren't bright believe it or not  8)

It only takes the one BE log to catch them especially if you change it now and again.
  • Offline AgentRev
  • Developer
  • Veteran
  • ******
  • Posts: 2345

Re: Money hacker

« Reply #4 posted: May 22, 2017, 10:13 PM »
I think what Matt means is you should do a Replace All on all your scripts to change cmoney to something unique for your server, then set 5="cmoney", which will stop most kiddies. In Notepad++ you can do that via Ctrl+Shift+F

Re: Money hacker

« Reply #5 posted: May 23, 2017, 04:30 AM »
I think what Matt means is you should do a Replace All on all your scripts to change cmoney to something unique for your server, then set 5="cmoney", which will stop most kiddies. In Notepad++ you can do that via Ctrl+Shift+F

Will that affect cmoney value in the database?
  • Offline AgentRev
  • Developer
  • Veteran
  • ******
  • Posts: 2345

Re: Money hacker

« Reply #6 posted: May 23, 2017, 05:25 AM »
Will that affect cmoney value in the database?

Good catch, yes crate money will be affected, you can fix it this way:

Code: [Select]
UPDATE ServerObjects SET Variables = REPLACE(Variables,'"cmoney"','"yourvariable"') WHERE ID > 0;
  • Offline Matt76
  • Mercenary
  • *****
  • Posts: 403
  • co founder of customcombatgaming.com

Re: Money hacker

« Reply #7 posted: May 23, 2017, 11:44 AM »
Apart from what Rev mentioned above no, player money is not saved as CMONEY in the database

Re: Money hacker

« Reply #8 posted: May 23, 2017, 05:50 PM »
Good catch, yes crate money will be affected, you can fix it this way:

Code: [Select]
UPDATE ServerObjects SET Variables = REPLACE(Variables,'"cmoney"','"yourvariable"') WHERE ID > 0;

Do I need to stop the server before executing this query?
  • Offline AgentRev
  • Developer
  • Veteran
  • ******
  • Posts: 2345

Re: Money hacker

« Reply #9 posted: May 23, 2017, 07:46 PM »
Well duh :)

Re: Money hacker

« Reply #10 posted: May 24, 2017, 11:30 AM »
Well duh :)

Is it recommended to do the same thing to the bmoney variable?
  • Offline Matt76
  • Mercenary
  • *****
  • Posts: 403
  • co founder of customcombatgaming.com

Re: Money hacker

« Reply #11 posted: May 24, 2017, 01:22 PM »
Hackers can't use bmoney unless your BE filters are incorrect or you use some crappy add-on