Page 1 of 2

big bug all verison poker mavens 4.18,4.17,...

PostPosted: Mon Apr 21, 2014 1:19 am
by maghlub
my php files has no buges but ,someone can inject money to the site.
i think rhe software api has a bug.i made a whitelist only for my ip but he still can make change in users.

Re: big bug all verison poker mavens 4.18,4.17,...

PostPosted: Mon Apr 21, 2014 9:24 am
by Kent Briggs
maghlub wrote:my php files has no buges but ,someone can inject money to the site.
i think rhe software api has a bug.i made a whitelist only for my ip but he still can make change in users.


API calls will show up in the Event Logs. Do your event logs show activity from someone other than you?

Re: big bug all verison poker mavens 4.18,4.17,...

PostPosted: Mon Apr 21, 2014 3:10 pm
by maghlub
is it possible to send balance raising command using web socket?

he claimed that he can makes the hand shown during the game.

i don't know how but i was watching the accounts list and suddenly an account created with 4.000.000 balance in front of my eyes. :shock:

also owners of other servers told me they have seen this too.

Re: big bug all verison poker mavens 4.18,4.17,...

PostPosted: Mon Apr 21, 2014 3:15 pm
by maghlub
also, read the comments of attachments :roll:

Re: big bug all verison poker mavens 4.18,4.17,...

PostPosted: Mon Apr 21, 2014 3:29 pm
by Kent Briggs
"Remote" events are not the API, they show when someone uses the Remote Admin interface. You should change the "Administration password" immediately or disable "Allow remote administration". You can also change the default "admin" path and implement an IP whitelist.

Re: big bug all verison poker mavens 4.18,4.17,...

PostPosted: Sun May 04, 2014 1:02 pm
by datis
Dear kent
one of my user can cheat in my server
for example when he want to buy credit , he buy 20000 credit but double of this add to his account by via API? what can i do ?
please help me

TNX

Re: big bug all verison poker mavens 4.18,4.17,...

PostPosted: Sun May 04, 2014 1:16 pm
by Kent Briggs
datis wrote:what can i do ?


Change all your passwords.

Re: big bug all verison poker mavens 4.18,4.17,...

PostPosted: Sun May 04, 2014 1:21 pm
by datis
when he is in her account can do this

Re: big bug all verison poker mavens 4.18,4.17,...

PostPosted: Sun May 04, 2014 1:44 pm
by Kent Briggs
datis wrote:when he is in her account can do this


Show me the evidence. What does the event log show?

Re: big bug all verison poker mavens 4.18,4.17,...

PostPosted: Sun May 04, 2014 2:00 pm
by datis
in her account ( in my web site) he click on the buy credit and pay 20000 call back event add to her accounte double 20000 with the same anything date hour and ... but for the others it work true only this id can cheat in my web site . he is a client but he can cheating in buy credit.