Warning to FlashChat users - security hole

[Nuguru]

Quote:

Originally Posted by puertoblack2003

hey guys it 's not only flash it's the topXstat hack too i was hacked as well and i was able to recover from it i was told by steve at .com that the topXstat also has a hole so i uninstalled it and i should be ok i don't know if it had an effect of the newer for 3.6 for i still using .4.

Hello,

I am using Top X Stats 1.6.1a on vb 3.5.4., is there a way to keep this mod and fix the security issue?


Thank You,

Nuguru

[The Finman]

Quote:

Originally Posted by Nuguru

Hello,

I am using Top X Stats 1.6.1a on vb 3.5.4., is there a way to keep this mod and fix the security issue?


Thank You,

Nuguru

Yes, this will take care of both problems

These little script kiddies are using some really lame (actually calling them "script kiddies" is being overly generous for these lamers) tricks (more like an annoyance), but here is a very simple fix.

Go into you AdminCP and under vB Options choose Censorship Options.

In the Censored Words window add this.

Code:

{meta} >>>> {http-equiv} "Refresh" """"

That will put an end this nonsense.

[Kohhal]

I got hit aswell, removed Flashchat now as it's not worth having for the risks involved...

[Nuguru]

Quote:

Originally Posted by The Finman

Yes, this will take care of both problems

These little script kiddies are using some really lame (actually calling them "script kiddies" is being overly generous for these lamers) tricks (more like an annoyance), but here is a very simple fix.

Go into you AdminCP and under vB Options choose Censorship Options.

In the Censored Words window add this.

Code:

{meta} >>>> {http-equiv} "Refresh" """"

That will put an end this nonsense.

Hello Everyone,

I gotta say, it's times like this when we are all under the pressure of getting matters quickly dealt with that you can really see how users at vbulletin.org come together and help one another. Great job to all for the excellent exchange in communication and support. We'll beat those little shits!

Regards,

Nuguru

[trilOByte]

I got hit as well last night.

The little nobs overwrote files all accross my site, they killed off virtuanews, photopost and vbulletin for a time and left just this message...

"by Thehacker own3d **** israel n0 war"

I was running flashchat, which I have now removed. The scarry thing is once they were in, it seems they had the freedom to roam right accross my domain. They replaced every index.html file in virtuanews with a hacked version and there are dozens in all the sub directory's.

Therer were several other people also hit from my host last night, with the same message.

[Rickie3]

thanx for the heads up and fixes people,really appreciate it

[b6gm6n]

I've removed FC for good because of this... i know it's not their fault...but still... don't want the hassle... anyways...another thing you can do to stop these kiddy-fiddlers is remove the version number from your vBulletin... it's legal and can stop these ++++nuts googling your forum for the right version or whatever... just incase

-b6

[trilOByte]

An update. The hackers came back tonight and somehow gained access again, even after uninstalling the flashchat plugin and all associated plugins, and totally removing all the flashchat files and deleting the chat dir. It seems they must have left some script behind to keep the door open. The first thing that happened was that my chat dir re-appeared and a new set of flashchat files dropped in from the ether.

If we can pin down this backdoor, script, pl file or whatever it is, I'll let you know.

[wacnstac]

Please keep us updated, I've been hacked through flashchat too.

[F5-MVH]

One of the other issues to deal with is new installs after the cleanups occur. For now we have new cronjobs looking for flashchat installs and removing the unneeded files.