Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #11  
Old 09-02-2006, 01:26 PM
FLMom's Avatar
FLMom FLMom is offline
 
Join Date: Feb 2006
Location: Florida
Posts: 386
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I am running 3.5.4, so now I know which ones to remove...didn't even think about those numbers meaning that..oops!

Thanks for the help everyone!
Reply With Quote
  #12  
Old 09-02-2006, 03:40 PM
MPDev's Avatar
MPDev MPDev is offline
 
Join Date: Oct 2003
Location: Virginia
Posts: 885
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The little buggers used the hole to install a shell script and an IRC relay service; they then went through my web directory and replaced all my index files with "you've been hacked" files. It took me a few hours to get everything off the server; but then they struck again via a security flaw in SiteBuilder - fortunately I caught that one live and stopped them before they could do anything.

You are only as secure as your weakest script; if you are like me and like to offer your users a variety of add-ons to your websites, then it makes sense you would want to keep up on any updates to those pieces. I was a version or two behind on FlashChat (update a mere few months ago).
Reply With Quote
  #13  
Old 09-03-2006, 12:50 AM
puertoblack2003's Avatar
puertoblack2003 puertoblack2003 is offline
 
Join Date: Aug 2005
Location: Philadelphia
Posts: 1,073
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

is not only thru flashchat i don't even have that installed a new user subscribed to my forum and pluged this in the post look at this post here https://vborg.vbsupport.ru/showthread.php?t=125628 and look at the picture of what that user did but i beat him to the punch i was down for like 3 mins and back online
Reply With Quote
  #14  
Old 09-03-2006, 01:32 AM
Transverse Styles Transverse Styles is offline
 
Join Date: Jul 2004
Location: Florida
Posts: 50
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That's why I built www.flasherize.com, the chat can't be hacked.
Reply With Quote
  #15  
Old 09-03-2006, 02:08 AM
steven s's Avatar
steven s steven s is offline
 
Join Date: Aug 2004
Location: Greenville, SC
Posts: 572
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by transverse
That's why I built www.flasherize.com, the chat can't be hacked.
Don't jinx yourself.:surprised:
Reply With Quote
  #16  
Old 09-03-2006, 07:35 AM
Adramelech Adramelech is offline
 
Join Date: Aug 2006
Posts: 8
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Paul M
Please don't post full exploits where everyone can see them (and then go try them ....).

Anyone with Flashchat integrated with their VB should remove all the files from /chat/inc/cmses/ except the vbulletin##CMS.php file they are using (where ## is either 30, 35 or 36) as they are not used.
So let me get this right. I just deleted EVERY file inside the directory you specified EXCEPT vbulletin36cms.php due to I run vBulletin 3.6. So this will fix the hole in Flashchat so I don't get hacked? Thanks!
Reply With Quote
  #17  
Old 09-03-2006, 09:32 AM
gavinzac's Avatar
gavinzac gavinzac is offline
 
Join Date: Jan 2006
Posts: 95
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

deleted this piece of crap after my site was hacked and all index pages replaced.
Reply With Quote
  #18  
Old 09-03-2006, 11:11 AM
b6gm6n's Avatar
b6gm6n b6gm6n is offline
 
Join Date: Aug 2002
Location: UK
Posts: 691
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Im gonna remove flashchat anyways now...

-b6
Reply With Quote
  #19  
Old 09-03-2006, 11:14 AM
GoTTi GoTTi is offline
 
Join Date: Jun 2002
Posts: 1,346
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

if you have high traffic, use IRC server. its much better and stable for high high high traffic forums.

i went from holding 100+ users in the flash chat and laggy as hell to 600+ users in the irc server smooth sailing.
Reply With Quote
  #20  
Old 09-03-2006, 12:11 PM
puertoblack2003's Avatar
puertoblack2003 puertoblack2003 is offline
 
Join Date: Aug 2005
Location: Philadelphia
Posts: 1,073
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

hey guys it 's not only flash it's the topXstat hack too i was hacked as well and i was able to recover from it i was told by steve at .com that the topXstat also has a hole so i uninstalled it and i should be ok i don't know if it had an effect of the newer for 3.6 for i still using .4.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:41 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04223 seconds
  • Memory Usage 2,246KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete