Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions

Reply
 
Thread Tools Display Modes
  #1  
Old 12-09-2006, 07:44 AM
Scormen's Avatar
Scormen Scormen is offline
 
Join Date: Jun 2006
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Flashchat; safe or not?

Hi everyone,

I would like to use a chat on my website, currently I'm using the latest versions of vB (3.6.4) and flashchat (4.7.7).

But, I have read that a lot of boards are hacked due to flashchat. What do you think, is it safe to use or not? Yeah I know, it is coded by people, so it is never 100% save...

Do you suggest another chat system? What do you use?

Thanks,
Kris
Reply With Quote
  #2  
Old 12-09-2006, 06:46 PM
Saulie Saulie is offline
 
Join Date: Aug 2006
Location: London
Posts: 38
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I would say it's pretty safe, I use it on my forum and it's never been hacked so far.

If you have a moderately small forum it is allways best to use a shoutbox in my opinion something along the lines of vShout. Allways there so you can quickly have a look at whats going on while browsing the forum, whereas with flash chat you have load it up and you cant just flick throgh it all. But then on the other hand if you have a larger forum I guess a shoutbox would be too small.
Reply With Quote
  #3  
Old 12-11-2006, 05:03 PM
Scormen's Avatar
Scormen Scormen is offline
 
Join Date: Jun 2006
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks for your reaction, Saulie!

My forum will start at 16 dec, I'm curious how the chat will react on public.

Grtz,
Kris
Reply With Quote
  #4  
Old 12-14-2006, 06:48 PM
salata salata is offline
 
Join Date: Nov 2003
Posts: 252
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i thought you just had to delete some file in flashchat and that would solve the hacker problem
Reply With Quote
  #5  
Old 12-14-2006, 06:53 PM
Scormen's Avatar
Scormen Scormen is offline
 
Join Date: Jun 2006
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Do you mean the install folder and the files of the other CMS's we don't need?

Kris
Reply With Quote
  #6  
Old 12-14-2006, 07:01 PM
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Location: Nottingham, UK
Posts: 23,748
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If you read the various theads on the subject you will know that the AEDating CMS security hole was fixed months ago, sometime around Flashchat version 4.6.2, the current version is 4.7.7.

I would be very interested to hear why the people who voted 'No' have done so.
Reply With Quote
  #7  
Old 12-14-2006, 07:07 PM
Ntfu2 Ntfu2 is offline
 
Join Date: Feb 2006
Posts: 1,247
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I'd like to hear so to.

Flashchat is perfectly safe, and i'm using it on a forum with 12k members. No security holes, and you should delete the extra CMS files anyway
Reply With Quote
  #8  
Old 12-14-2006, 11:36 PM
davidw's Avatar
davidw davidw is offline
 
Join Date: Jul 2005
Location: Arkansas
Posts: 2,815
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

My .02 cents - It is safe (but only until an exploit is discovered). This goes with any software though.

I used it for 1 year and updated it several times. My site was defaced twice while using it, both times because of flashchat, both times because I failed to update it when a fix came out (update). Because of the lack of attention that I give to addons such as flashchat, I decided to remove it. For the most part it was safe, but twice was too much for me. My time is stretched too far to worry about something that was never used on my site, so I removed it. Had it been used more, I may have kept up with the updates when they came out. My failure. My responsibility.
Reply With Quote
  #9  
Old 12-16-2006, 08:39 AM
Scormen's Avatar
Scormen Scormen is offline
 
Join Date: Jun 2006
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
If you read the various theads on the subject you will know that the AEDating CMS security hole was fixed months ago, sometime around Flashchat version 4.6.2, the current version is 4.7.7.
Yes I did, because of that I still have deleted these files because we don't need them anyway.

So Christian, you where hacked beacuse you didn't installed the updates? It was no problem of FC...

Grtz,
Kris
Reply With Quote
  #10  
Old 12-16-2006, 11:12 AM
davidw's Avatar
davidw davidw is offline
 
Join Date: Jul 2005
Location: Arkansas
Posts: 2,815
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Scormen View Post
So Christian, you where hacked beacuse you didn't installed the updates?
That's right. There are people out there who look for exploits (more specificially my type of website unfortunately) in programs such as flashchat, see if you have IMPEX install files on your site, pretty much anything they can use against you - and if there's a vulnerability they will take advantage of that. If you are up to date, have removed your install files, etc., there are no worries. In my case, I had two outdated versions of flashchat (one with the more recent AEDating CMS security hole and the other I honestly don't remember - that was when I switched to vbulletin Aug/Sep 2005).
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:57 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05867 seconds
  • Memory Usage 2,251KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete