topXstats has been fixed, so I'm not sure what relevance your continual digs at it being "unsupported" have, or are trying to achieve.

CyB, although the specifics may pertain to Xstats - the hack being used by some snotty script kiddie is having an affect on this hack that you've written. Honestly - I know I had your hack installed, and I know my site got snotted on while using it, which I don't hold you responsible for in any manner... But, it is equally affected by this hack.

karlm,

Yes, this hack has that bug too. I have fixed it immediately when NeutralizeR reported issue (v3.5 - Aug 30. 2006.). I have sent update info to users who have installed plugin too.

btw that's why it's important that users click "install" when using some hack.

So I'm not blaming another hack/coder for this. I'm just saying that this hack was fixed few days before Staff posted announcement about vulnerabilities (Sep 2nd 2006.). Small number of sites with Cyb Stats installed could be "hacked" except they didn't installed hack here and didn't received info about it's updates.

I didn't know it's fixed. Thanks for the info.

I said it's unsupported because there was no any updates for a while.

InfiniteWebby, respected author of TopXStats hack, said also:

Regards,

Cybernetec

Installed, thank you :)
suggestion: option to show the latest thread in the same way latestopic,
can be useful when someone whas not at board for a time
an one other, option to exclude some user (with user id in the same way to exclude forum)
from top stat, this where nice to have the forumteam out and leave this just for regular user

Nice Mod everything is working fine even the things with placing the stats where i want them. Nice work - Thanks

Got a question ... i like to edit the Language on the Titles ... Like TOP 10 an so on ... where can i edit them...??!

Cant find it... or i am just looking too much on this screen ... :)

Thanks 4 help.

Greetings Drjot

Edit: just got it under "Plug - ins" " Cyb - Advanced Forumhome Statistics - FH" i hope so :)

Edit: no was wrong.... argh... help pls :)

As for all language changes search for it in Phrase Manager. :)

Great... that simple... and i was looking in nearly every Template :)

Thats the way we use to learn things ...

Thanks!

greetings from germany

I have to give props Cybernetec, as I did recieve the E-mail regarding the security update Friday evening...I put it on the "to do" list for the weekend (usually Sunday is when I have time for general maintenance), and I got hit Saturday afternoon.

I think what Cybernetec was trying to say is that he was doing his best to keep his version of forum stats up-to-date with the security issue. I got notified by E-mail by Cybernetec on Friday , and I didn't act on it immediately. That was nobody's fault except my own.

I'm still using it (now that I upgraded it) and enjoying the it, in addition that it was a real easy install & upgrade.

LOL!...I just had another script kiddie from turkey (all these lamers using that code have been from Turkey), try an attempt it while writing this very post, and even though I installed some additional code to prevent any variations, this hack now upgraded has no problem. https://vborg.vbsupport.ru/external/2011/01/19.gif

I can't believe these little idiots are still attempting it...I would be to embarrased in the first place to use that script kiddie code (I doubt they even know what meta refresh even is), but then to give out their name and websites in the post and redirect on top??...but hey, I guess even lamers have no standards. ;)

The only thing I would have suggested Cybernetec, is I think I would have chosen something a little more dramatic than "small" security bug fixed. ;)

*clicks install*

future release going to have usergroup permissions ?

I did click the 'installed' link, but upon removing it "temporarily" from my index, i followed accordingly by clicking the 'uninstalled' link too.
My apologies for my own ignorance, I had received an email regarding the update - but alas it was in my junk thanks to Norton... Anyhow, I reinstalled the update and a third hacker has attempted to hack - this time, I'm glad to say, without any success :D

Same problem here. I disabled the hack in two places (vBulletinOptions and Manage Products) before I edited the FORUMHOME template. After the edit I enabled the hack in both places and have two boxes still, one where I want it (At the bottom of the 'what's going on' box) and one where it was to begin with (above the 'what's going on' box).

I followed the instructions to a 't' in this thread. Can someone tell me how to delete the stat box above the 'what's going on' box??

there is a big vulnerability in this modification....my site was just hacked....THREE times.

this allows someone to place a code of script in the title of a post and it redirected my page...

even though there is this line of the fix:
v2.8 - Jul 08. 2006.
-Security bug fixed where some codes can be executed on site if entered as thread title. Upgrade

still didn't work. I ran the upgraded version since saturday, and today (tuesday), my site was hacked again. I disabled the hack, and the redirect went away, so I know it was related to this one.

Any fixes for this?

Same thing just happened to me. I removed the hack and the problem was gone. I was however (stupidly) not running the latest version of the hack. After reading the above post I think I'll wait before installing the latest version though.

TorGa3iGhT,

By info you have sent me via PMs you have no latest version of this hack installed.

Please be sure to check ALLOW OVERWRITE option when upgrading hacks on your forums.

If you are unsure how to do this you can create temp admin account for me and I'll do it for you.

So for all those who are not sure is it safe to use this hack, just check twice you have the latest version installed and no worry.

Cybernetec

I haven't had anymore problems since I upgraded, and I've had multiple attempts each day since.

I do know for a fact that they are varying the original meta refresh script that they intially used.

Like I said the updated version works fine, but if it will help here is an extra little step I added.

There is no need for the above listed words and or characters to be used in a discussion on a vB board, unless it's a computer related board discussing code.

Also, something to think about is that a lot of people have "test" forums on their servers to try out new hacks and upgrades before installing them on their "live" board. Please remember that if you installed Cyb-Advanced Stats, TopXStats or FlashChat on your test board and they are still on there and/or unpatched then you are still at risk, especially with FlashChat as they are gaining directory access through holes before version 4.6.2.

If you have been hit with these exploits (and you are able to log into your AdminCP)...go to vBulletin Options ---> Plugin/Hook System--->Enable Plugin/Hook System=NO and either upgrade or try the suggestion I have listed above.

Hope this helps. :)

I just got hit today with this same type of attack. I was running 3.0 still, updated the hack to 3.5..made all of the other changes noted on vB.org for this sort of attack.

Of course, now I have to figure out why my forumhome template block for this mod is out of alignment after the upgrade....

Believe it or not, that kid from Turkey today tried to play his childish games on my forums too. Of course, he had no luck. I have installed 3.5 version of this product. I'm sure he can't do such tricks with current script so don't worry about it. All you need to do next time is to ban him with big smile on your face.

Just FYI for folks upgrading (a great idea to do that BTW)...but there are template changes in the 3.5 update...maybe before that as well. So if your block looks wacky after updating, check your templates...revert them to the default and start over with your custom mods if need be.

Fixed my problems right up.

Indeed, and great as always! Thanks!!!

The stats box creates a half inch space right above it, where ever I place it. How can I get rid of it?

I got the hack attempt too a couple days ago. Luckily I was on v3.5 before that and thank god for it. I just banned the loser laughing :D

Yeah, I can confirm that the latest version fixes that hole. I still get the shivers thinking what would have happened had I not updated.

Once again, thanks Cyber, for keeping your hacks up to date. Good show! :up:

I got hacked yesterday - but now I am going to implement the new version than - inshaAllah everything will be okay...

Thanks a lot cyber ...

Hello..

I am using this version
but I got hacket again !! :(
Why?

make sure you download the zip again as the file was updated earlier this week and update the modification on your site accordingly.

How does one integrate this into vbAdvanced CMPS portal???

^^^^ I'd like to know this too please

Suggestion for the next version: Top Thread Starters (Top Thread Owners)

Installed, but got a database error:hurt: , so uninstalled straight away

Some more info about a db error?

hey cyb...got a question...great hack btw

go to www.mmaworld.org


if you look at the top 10 stats....on the drak style (not me default...you will have to change it ;))

you can not see the text for join date and date and time...and I am guessing anything that uses that color text.....can I change the color text just on that style or something so that you can see it?

brvheart,

You can't change the text color for that style only.

I see it regularly, but if you wish to make it little darker try #8d8d8d as old-color.


btw new version is comming with some fixes, improvements, new stuff,... ;)

you the man :) did you change the style when you viewed my site so that you can see what I was referring to?

Yes, I tried all of them (3) BUT there was no new registrations and posts for me to see what's the problem. :p I see now - in those situations text wil be black = unvisible, except it's selected.

I don't know,... text color can't be changed in styles,... so my suggestion is to try some variations with new/old colors until you find some combination which would be fine for all styles. :)

ok thanks :) thx for all you hard work and support on the hacks! It is greatly appreciated :)

great stuff..

q: how do you put it BELOW the what's going on box?

also, I get this massive space between forumsbits and AFDisplay. anyideas who to get rid of that space? and move this lower?

Just wait for the next version.

There will be option to move Stats box without editing templates, in just few clicks.

ok cool. any ETA on that? no rush, just wondering what to expect-ish...a day? a week? a month? ...

in any case, in the meantim, how DO I get rid of that space below my forumsbits.... and how DO I move it?
It appears now...but I WANT to use the template edit and stick the "$cybtopstats" in where I want it... but if I do that now, it appears twice. :/

How about a top VBBux. My forum could really use that. I checked your xml code and i'm scared to mess around with it and waste an hour not knowing what i'm doing. I know php somewhat to edit code but never to make my own. So let me know if this is possible. Or if you want I can pay you to add it in specially for me. The field is under the user and its called vbbux. Anyhow, really useful mod, thanks man.

v3.6 - Sep 09. 2006.
-Added: "Top Thread Starters" (NOTE: Requires MySQL version 4.0.4 or higher)
-Added: You can choose in Settings where Stats box will be shown on forumhome (4 options + disable)
-Added: You can have Stats shown anywhere on your forum/external page (must include global.php). Just put "$cybtopstats" where you wish to have stats shown.
-No more need to set filename for "index.php" if it was changed. Now misc.php is used, which nobody has need to rename.
-Tables improved (some space saved)
-Small bug fixed (no full thread title on mouseover in "Latest Forum News" when thread titles are trimmed)

==========

To upgrade: Import XML, allow overwrite.
Thanks to Paul M for help with db query for "Top Thread Starters"