vb.org Archive
Page 2 of 6 1 2 34 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Warning to FlashChat users - security hole (https://vborg.vbsupport.ru/showthread.php?t=125457)

FLMom 09-02-2006 01:26 PM
I am running 3.5.4, so now I know which ones to remove...didn't even think about those numbers meaning that..oops!

Thanks for the help everyone!

MPDev 09-02-2006 03:40 PM
The little buggers used the hole to install a shell script and an IRC relay service; they then went through my web directory and replaced all my index files with "you've been hacked" files. It took me a few hours to get everything off the server; but then they struck again via a security flaw in SiteBuilder - fortunately I caught that one live and stopped them before they could do anything.

You are only as secure as your weakest script; if you are like me and like to offer your users a variety of add-ons to your websites, then it makes sense you would want to keep up on any updates to those pieces. I was a version or two behind on FlashChat (update a mere few months ago).

puertoblack2003 09-03-2006 12:50 AM
is not only thru flashchat i don't even have that installed a new user subscribed to my forum and pluged this in the post look at this post here https://vborg.vbsupport.ru/showthread.php?t=125628 and look at the picture of what that user did but i beat him to the punch i was down for like 3 mins and back online

Transverse Styles 09-03-2006 01:32 AM
That's why I built www.flasherize.com, the chat can't be hacked.

steven s 09-03-2006 02:08 AM
Quote:
Originally Posted by transverse
That's why I built www.flasherize.com, the chat can't be hacked.
Don't jinx yourself.:surprised:

Adramelech 09-03-2006 07:35 AM
Quote:
Originally Posted by Paul M
Please don't post full exploits where everyone can see them (and then go try them ....).

Anyone with Flashchat integrated with their VB should remove all the files from /chat/inc/cmses/ except the vbulletin##CMS.php file they are using (where ## is either 30, 35 or 36) as they are not used.
So let me get this right. I just deleted EVERY file inside the directory you specified EXCEPT vbulletin36cms.php due to I run vBulletin 3.6. So this will fix the hole in Flashchat so I don't get hacked? Thanks!

gavinzac 09-03-2006 09:32 AM
deleted this piece of crap after my site was hacked and all index pages replaced.

b6gm6n 09-03-2006 11:11 AM
Im gonna remove flashchat anyways now...

-b6

GoTTi 09-03-2006 11:14 AM
if you have high traffic, use IRC server. its much better and stable for high high high traffic forums.

i went from holding 100+ users in the flash chat and laggy as hell to 600+ users in the irc server smooth sailing.

puertoblack2003 09-03-2006 12:11 PM
hey guys it 's not only flash it's the topXstat hack too i was hacked as well and i was able to recover from it i was told by steve at .com that the topXstat also has a hole so i uninstalled it and i should be ok i don't know if it had an effect of the newer for 3.6 for i still using .4.


All times are GMT. The time now is 08:07 PM.
Page 2 of 6 1 2 34 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01147 seconds
  • Memory Usage 1,735KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete