Hello, I am having an issue. "Hackers" are able to use a packet editing program to send the admin message packet:
<msg t='sys'><body action='dmnMsg' r='0'><user id='177252' /><txt><![CDATA[admin message]]></txt></body></msg>.
They can put any user's ID in there and it will send the admin message to them.
Could you guys please tell me the different ways in which I can fix this issue?
Thanks.
Admin messages
Re: Admin messages
The hacker should be connected to SmartFoxServer as an administrator to be able to send admin messages.
Even if he sends that xml, the server discards it because the user credentials are checked against the server settings.
Even if he sends that xml, the server discards it because the user credentials are checked against the server settings.
Paolo Bax
The SmartFoxServer Team
The SmartFoxServer Team
Return to “SmartFoxServer 1.x Discussions and Help”
Who is online
Users browsing this forum: No registered users and 34 guests