There is a serious issue with the toplist, I'm not sure how, but a few of the top servers have been hacked and their links changed to a site.

Do NOT click the links on the toplist, if I could disable it, I would.

We will fix this asap, but bare with us, as I found out when Ikiliki was asleep and I have no real ability to moderate the toplist yet.

The link is 74.213.178.160 so if it's that, do NOT trust it.

Edit: When you put your topist advertisement up, please use a good password that isn't used on any other site please.

Ikiliki edit:
Caught ya!
It's all fine again guys ;)

Yeah whatever you do, don't download what it says to!

Can you edit Server on the toplist, Yes, Please delete them.

If I could, I would have hours ago rather then trying to contact the owners.

If I could, I would have hours ago rather then trying to contact the owners.



mmm you n Ikiliki should get Navicat :P and then you can solve that problem, well it won't solve it but you can alter it whats on the rows.

But still, dayum o;

Looking into this.

Thanks for the warning Marc.

Changed my links as soon as I noticed it (Like 10 hours ago)

Restart the toplist?

Restart the toplist?

A toplist isn't a server.

A toplist isn't a server.

LOL. True dat.

Thanks for the warning marc.

LOL. True dat.

But you can delete every server.

But you can delete every server.
How is that going to fix a security issue?

How is that going to fix a security issue?

I used to be partial blackhat to learn security for web-servers at one point, most web security issues are through a shell. i.e. (c99 etc). The only other way someone could of edited this is if they had direct access to you're database using a shell or direct cPanel access.

(By the way not trying to be Mr Know It All, but yeah, Thought I'd try and help a little bit)

Hope you find a solution

Iki I think I know who made it and I have prof

Here

Only the registered members can see the link.
Only the registered members can see the link.

Only the registered members can see the link.
Only the registered members can see the link.

That doesn't make much sense loll

err its saying that who ever own's runexile is using this infected site to trick people I guess idk what ever marc was saying I realize that it was on this server so I posted the pictures with the time

That doesn't make much sense loll

The first picture shows their website has a owner/domain manager's ip they used while making the website, it's same as the one Marc warned us about. That proves a bit, but the rest of the pics i dont get either. Anyways, I suggest iki change your passwords and etc, just to make sure?

You don't understand the situation really.
The IP address is someone else's IP address, looking at the title of the second screenshot "RSPS Time", it's probably another server.
Makes me think someone has managed to get certain passwords of servers and edit their details secretly and make them link to their own private server to profit and get more players (which seems to be a bad idea because the link is blank).

I looked up the IP address in the database and RuneXile isn't the only server who has gotten their details modified, but Near Reality and some unknown servers with +/- 0-5 votes have also been hacked.
It's quite weird because I wouldn't expect a hacker to modify details of an unknown server, but just the top servers. So I pretty much have the feeling as if somebody has gotten another status page or toplist (for example) and simple tests the passwords/ip combinations from his own site with the ones on RuneLocus without even bothering checking how much votes the server has gotten or if it's 0% uptime or whatsoever.
I'm not sure if this theory is correct, but looking back in how everything used to be in the past, this happened on Moparscape a lot. Moparscapes status page moderation panel displayed all the passwords, resulting into moderators checking the passwords on other sites too.

The images just show that RuneXile was one of the targeted? Confusing.

You don't understand the situation really.
The IP address is someone else's IP address, looking at the title of the second screenshot "RSPS Time", it's probably another server.
Makes me think someone has managed to get certain passwords of servers and edit their details secretly and make them link to their own private server to profit and get more players (which seems to be a bad idea because the link is blank).

I looked up the IP address in the database and RuneXile isn't the only server who has gotten their details modified, but Near Reality and some unknown servers with +/- 0-5 votes have also been hacked.
It's quite weird because I wouldn't expect a hacker to modify details of an unknown server, but just the top servers. So I pretty much have the feeling as if somebody has gotten another status page or toplist (for example) and simple tests the passwords/ip combinations from his own site with the ones on RuneLocus without even bothering checking how much votes the server has gotten or if it's 0% uptime or whatsoever.
I'm not sure if this theory is correct, but looking back in how everything used to be in the past, this happened on Moparscape a lot. Moparscapes status page moderation panel displayed all the passwords, resulting into moderators checking the passwords on other sites too.

Ah thanks for explaining, i was a bit confused.(as usual), have you got any idea's to solve this issue?

You don't understand the situation really.
The IP address is someone else's IP address, looking at the title of the second screenshot "RSPS Time", it's probably another server.
Makes me think someone has managed to get certain passwords of servers and edit their details secretly and make them link to their own private server to profit and get more players (which seems to be a bad idea because the link is blank).

I looked up the IP address in the database and RuneXile isn't the only server who has gotten their details modified, but Near Reality and some unknown servers with +/- 0-5 votes have also been hacked.
It's quite weird because I wouldn't expect a hacker to modify details of an unknown server, but just the top servers. So I pretty much have the feeling as if somebody has gotten another status page or toplist (for example) and simple tests the passwords/ip combinations from his own site with the ones on RuneLocus without even bothering checking how much votes the server has gotten or if it's 0% uptime or whatsoever.
I'm not sure if this theory is correct, but looking back in how everything used to be in the past, this happened on Moparscape a lot. Moparscapes status page moderation panel displayed all the passwords, resulting into moderators checking the passwords on other sites too.

Ikiliki, I have to talk to you about something, I think I know how this is happening and who is doing this, I requested you on msn, and No, It's not regretscape, he doesn't have the brains, no offense.

Well I still don't know the exact problem, so I'll continue looking for it and saving more logs with IP addresses on certain actions.
But until then, when you edit details of a server you'll be asked for additional verification details such as the e-mail used on registration etc. The hacker shouldn't know this, unless he's friends with the server owner.

Edit:
Aaron, you're pretty much starting to annoy me.
You're causing so much hating on the forum with your Regret-RuneXile fights. Why would Regret even be involved?
Just because RuneXile is one of the 20 hacked servers it doesn't mean it's Regret.

Ah thanks for explaining, i was a bit confused.(as usual), have you got any idea's to solve this issue?

There is loads of ways you can actually prevent this, It's just a matter of developing it. Such as also having a password, also have a option for a pin upto 6 digits with a time-out after 3 failed tries for 30 seconds, I don't think anyone will spend weeks or months trying to crack a 6 digit pin.

Loads of ways to increase the security.

Could aswell e SQL injection. I just don't understand why somebody would SQL inject unknown or dead pages.

Well I still don't know the exact problem, so I'll continue looking for it and saving more logs with IP addresses on certain actions.
But until then, when you edit details of a server you'll be asked for additional verification details such as the e-mail used on registration etc. The hacker shouldn't know this, unless he's friends with the server owner.

Edit:
Aaron, you're pretty much starting to annoy me.
You're causing so much hating on the forum with your Regret-RuneXile fights. Why would Regret even be involved?
Just because RuneXile is one of the 20 hacked servers it doesn't mean it's Regret.

What the heck, I said IT'S NOT REGRETSCAPE....

Could aswell e SQL injection. I just don't understand why somebody would SQL inject unknown or dead pages.
Could have been them testing to see if it would work. Best way to try is to practice on something that wouldn't be seen.

Could have been them testing to see if it would work. Best way to try is to practice on something that wouldn't be seen.
Servers he/she targets is looks so random. Not the top server, not the worst etc.

Servers he/she targets is looks so random. Not the top server, not the worst etc.

perhaps and i could be wrong but if its random servers hes targeting it would make sense that the owners of those servers got a keylogger or something when trying out some other server. That would be the common i'd assume.

perhaps and i could be wrong but if its random servers hes targeting it would make sense that the owners of those servers got a keylogger or something when trying out some other server. That would be the common i'd assume.

Agreed but most 12 year old's who use keyloggers don't have the common sense to FUD Crypt it or bind it correctly. Therefore the targets would of been either not so clever or have no anti-virus software. But yeah a keylogger is a common way. Keylogger or a RAT.

Agreed but most 12 year old's who use keyloggers don't have the common sense to FUD Crypt it or bind it correctly. Therefore the targets would of been either not so clever or have no anti-virus software. But yeah a keylogger is a common way. Keylogger or a RAT.

if a server with enough money hired someone who could do it think that's logical? I think there is some people who are skilled enough around and these people with their junk servers have the money. I've heard of this before that's why i ask.

nice avy.

Oh My Godness, hates this kind of people, have nothing better to do?

hopefully this will be fixed Soon. thank you for the report.

well its pro hackers.

i think like ikiliki said, its a new toplist around here.. and i wont tell any names beacuse i dont want to advertise the site, the toplist is only runescape. and its new they have pmed me really much on other forums as i wont say any names only to staff on this site beacuse i dont wanna advertise, and i was the toplist much of these server was added there but atm the site dont work i dont know why. so its hopefully a site as check the passwords and try on this site.

Ahh, Thanks for the warning hope i My server doesn't get hacked ;)

I had the same thing, changed the password, but I can truly say I don't use the same password anywhere that I use on the toplist. It could of been an inner job.

Thanks for the warning.

Might be a good idea to remove Only the registered members can see the link. from the ip in Marc's original post/make it not a link so no one accidentally clicks it. Just a thought.

Thanks for the warning.

Yeah good idea xLightning.

Yeah good idea xLightning.

It has enough digits to be verified as a IP address, so you can still click it without the Only the registered members can see the link. ...

osht no, you can still click because it used to be a clickable link, sec. nothing to do with digits

My firefox lets me click any number that looks like a ip address :l i can still click lol

I have resolved the problem. For whoever wondering who the attacker is; 207.216.19.57
I didn't expect this, but SQL injection was used to evade the restrictions. I could've seen this one coming, the previous toplist was immune for this but because I was in such a hurry I didn't have time to fix it on this one.

Can't blame yourself Iki, Pretty understandable when you lost pretty much all of that data and rushed to get it back asap. Good job on finding it though. :]

Atleast its fixed intime for a cuppa.

Oh for whoever loaded the Java applet, you might want to search your computer for a file called Lap.jar.

If I could, I would have hours ago rather then trying to contact the owners.

I would suggest resetting all the top servers their password and sending it to the owners e-mail address.

EDIT: Never mind, glad you guys fixed it.