[PHPVMS security issues]

Hi Nabeel and all,

We have been hit several time now by hackers. However, as most people, I do only work for my VA when there is demand, and I cannot monitor the forum.

Would it be therefoe possible to establish a list of people to be informed whenever a vulnerability and a security issue is found ?

In order to make sure of the bona fide, we could check the person member of the list has a valid VATSIM/IVAO member number.

Do you think this would be good ?

Thanks,

Eric

[[NOTICE] - Open Flash Chart Exploit]

Hello all,

Just to inform, we found our PHPVMS hacked again today, despite removing the chart php script. We are investigating what was changed in our scripts.

Eric

[[NOTICE] - Open Flash Chart Exploit]

Hello,

Our VA got hacked too, they installed a massmailer and file controller. fortunately I have an older version of the site and did a check using MD5deep (a tool to compute md5 hash) bewteen the 2 versions. hence I could find our which files were added or modified.

to generate signatures from an old copy of phpvms:

md5deep -l -r phpvms > old.txt

To generate a report on the hacked version

md5deep -l -r -x old.txt phpvms_hacked

Quick and it will compare file content .... Now I would like to use the new ofc_upload_image.php is the correct version dated 30-09-2013 ?

I can find it in http://downloads.phpvms.net/phpvms.update.zip

Right ?

Thanks

Eric

Air Inter VA