Log in

View Full Version : Hacked through FlashChat integration plugin for vb 3.5.2

wacnstac
09-04-2006, 06:50 PM
We've been hacked and our database screwed by an apparent vulnerability of the FlashChat integration with vb. Is there an update of the hack with the vulnerability fixed? Any help during this trying time would be very much appreciated.

steve
Delphiprogrammi
09-04-2006, 07:25 PM
you mean the meta refresh redirection exploit ? that whas not flashchat but the plugin called "topXstat" and yes that plugin has been updated to fix the holes here (https://vborg.vbsupport.ru/showthread.php?t=93065) flaschat contains a hole to through here (https://vborg.vbsupport.ru/showthread.php?t=125457) is more information about the flashchat hole
steven s
09-04-2006, 07:27 PM
Updated FlashChat
http://forum.tufat.com/showthread.php?t=24619

This is interesting.
I caught it just in time.
[Mon Sep 4 15:20:11 2006] [error] [client 200.82.226.80] File does not exist: /home/username/public_html/forum/chat//inc/cmses/aedatingCMS2.php
I would have been hacked if that file was still there.
Traxdata
09-04-2006, 08:15 PM
Updated FlashChat
http://forum.tufat.com/showthread.php?t=24619

This is interesting.
I caught it just in time.
[Mon Sep 4 15:20:11 2006] [error] [client 200.82.226.80] File does not exist: /home/username/public_html/forum/chat//inc/cmses/aedatingCMS2.php
I would have been hacked if that file was still there.
Indeed, I get these "errors" about 20 times a day since Friday last week.
steven s
09-04-2006, 08:15 PM
Indeed, I get these "errors" about 20 times a day since Friday last week.
Different ip address?
wacnstac
09-04-2006, 08:20 PM
Wish these punks would find something better to do.
Traxdata
09-04-2006, 08:50 PM
Different ip address?


Of course, all Turkish IP's. Today they tried about 70 times! Not bad.

Just found on zone-h! It seems that some other FlashChat files are also insecure!!! Thanks God I have removed this piece of you-know-what.



http://www.zone-h.org/component/option,com_attacks/Itemid,45/filter_defacer,CyberLord/page,2
iran.gs
09-04-2006, 09:32 PM
content="0;url=http://ts.somee.com"> """"


this is their ip
IP: 85.104.221.179 Country: Turkey City: Istanbul, Istanbul

I think VB must do a IP range ban all these turkish delights I lost i whole day try to fix this and it was on saturday my most busy day at my forum :hurt:
I blame the VB Stuffsf or this, something like this should be mail to all vb members and all the forum members after all this is not a free software we did not just get this bicuz it looks good we go it since the name of the software is gr8