vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   So if flashchat 4.7.2 now secure? (https://vborg.vbsupport.ru/showthread.php?t=127325)

wacnstac 09-23-2006 02:00 AM
So if flashchat 4.7.2 now secure?
 
I got hacked with an old release and left the un-needed CMS files in my flashchat directory. Is it now safe? Will it ever be? Seems that the flashchat boards are now down too.

My users are screaming for a secure chat room.

SCRIPT3R 09-23-2006 02:49 AM
just remove the unused CMS files - problem solved.

Paul M 09-23-2006 03:05 AM
Nothing is ever 100% secure, including vbulletin, and 3rd party add-ons (a hole in two top statistics mods was exploited the other week as well) - the important thing is when someone discovers a hole and exploits it, does it get fixed - in the case of VB, Flashchat (and the stats programs) the answer is/was yes.

JFYI, The insecure Flashchat CMS file(s) were fixed in 4.70 (or 4.62, can't remember which now).

I believe their forums being down was/is some sort of hosting issue, the main site was restored from a backup taken last week.

wacnstac 09-23-2006 12:43 PM
Has anyone been running with the upgraded flashchat and the removed CMS files for any length of time without being hacked again?

davidw 09-23-2006 02:16 PM
Quote:
Originally Posted by Paul M
Nothing is ever 100% secure
Brilliantly said.

A year and a half ago - when I first noticed flashchat, I naively praised it, but after reinstalling it a half-dozen times because of exploits, I have permanently suspended using it. The last two times my site was defaced, it was due to a flashchat exploit being "exploited," if you will. (I also wasn't using the latest-and-greatest either - therefore I share part of the responsibility for the defacement for failure to fix the exploit). They may eventually make it bug free and more power to them, but my personal view is that I will not use it - I can't afford that chance. Twice down is enough for me.

Flashchat does get fixed, and it has been. Sometimes improvements to the core create instability; sometimes improvements to the other areas cause vulnerabilities. It happens. The important thing is to recognize that things do happen and fixes need to be made.

pds 09-24-2006 02:59 AM
Quote:
Originally Posted by wacnstac
Has anyone been running with the upgraded flashchat and the removed CMS files for any length of time without being hacked again?
For about a month now.


All times are GMT. The time now is 05:00 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01199 seconds
  • Memory Usage 1,718KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (6)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete