[[NOTICE] - Open Flash Chart Exploit]

Sadly, when there is a vulnurability, you find out when it's too late. As I mentioned earlier a checksum would at least give us early indication that some files have been tampered with. Maybe it would be possible to automate site backups/restores based on that information.

By the way, before this happened, I got bots trying to get through the login system at phpVMS and phpBB for months. They finally managed to break into phpBB a few months ago. Afterwards I was able to reduce bot attcks by blocking a LOT of ip ranges, and reduce it further by implementing a "human check" on the register page, which by the way I think should be standard since some of their attempts have managed to overcome captcha.

Yeah, I saw the official "post" about patch for phpvms. But since the phpvms is not so widely used, as some other software (wordpress for example or similar), the week spots there are, will be patched after most of the users are already hacked. That is just something that we can not allow to happen anymore, since "sensitive" information can be lost. That is the reason why "dual" protection is used. Our phpvms users wont notice it anyways.

[[NOTICE] - Open Flash Chart Exploit]

That would be a nice feature, feel free to fork the repo and contribute.

Done that now, already made the code that produces the MD5 from all the files, will work on the script that will do the checks and then try to integrate that somehow ( in the admin panel? or a CRON outside script? )

[[NOTICE] - Open Flash Chart Exploit]

Gents,

Check for log.php in your root, looks like malicious code too,

Olly

Files I found at my site, worth to check if you guys have those:

x.txt

components.zip;unzip.1

e.php

kliverz.php

log.php

php.ini(multiple)

pijar.php

cwd.php

bim.php

default.php(multiple)

sunnah.html

[[NOTICE] - Open Flash Chart Exploit]

we could use this instead of that Flash thing :http://www.chartjs.org/

[[NOTICE] - Open Flash Chart Exploit]

I assume that would work for a "clean" install only? My installation was highly customized

Upload the install folder and run the file checkinstall.php, dont forget to delete it again afterwards.

[[NOTICE] - Open Flash Chart Exploit]

Well, my site has been hacked. Would be nice if we had a CRC check feature like some of the CMS have.

[accessing the DB]

Any built in mechanism for accessing the DB( looked at the docs, but maybe missed it ) , or the usual php way?

Thanks!

Semir

[A very big bug with phpvms]

Any news on this? i have been messing with error_reporting and display_errors at the php.ini and also changing the values at local.config as suggested here, with no results.

[Admin panel broken - and a notice]

servetas: Thanks, this fixed the problem

/Semir

[Admin panel broken - and a notice]

This is a fresh install, downloaded today ( well yesterday now ) it is 2.1.935

[Admin panel broken - and a notice]

Well, i managed to find where the double / is, and remove it, however that is not the issue, the problem persists.

Funny thing is that the rest of the site is working correctly.

[Admin panel broken - and a notice]

Hello,

I just made a new install of phpvms, it is not my first as i have installed it in the past ( older versions ), this time however i have a broken access panel and this notice when accessing tha admin panel after the successful install:

Notice: The template file "/home/semgeb/domains/myflyva.eu/public_html//admin/lib/layout/header.php" doesn't exist in /home/semgeb/domains/myflyva.eu/public_html/core/classes/TemplateSet.class.php on line 231
Notice: The template file "/home/semgeb/domains/myflyva.eu/public_html//admin/lib/layout/footer.php" doesn't exist in /home/semgeb/domains/myflyva.eu/public_html/core/classes/TemplateSet.class.php on line 231

Now I can see that there's a double "//" there in the URL before admin which I think is the problem, however I not sure where to change that, would appreciate some help on this one

Oh and one more thing, of course both header.tpl and footer.tpl are at the correct directories.

Thanks,

Semir

[admin panel problem]

nope, ubuntu server/apache/php5 on virtualbox

Using WAMP or XAMP? Might be something specific to that, I'm not sure

[admin panel problem]

SITE_URL is set to '192.168.2.5/va'

DBASE_SERVER is set to 'localhost'

I have installed it on a remote server and it is working there.

I'm assuming it's on localhost? Alot of AJAX related things don't work on localhost due to security restrictions

[admin panel problem]

yes, everything is allowed. I must note that I use this enviroment for Drupal, Joomla and others, and so I do not suspect a problem with php.ini for example.

Also, it is interesting that I cannot check the database connectivity from the installer as the button does not react at all.

Hey

Are cookies enabled and allowed? What about sessions?

[admin panel problem]

Hi everyone,

I have just installed phpVMS, the installation procedure was succesful, however after I log in with the e-mail/pass supplied at the installation time, I cannot acces /admin I get : An Error Was Encountered Unauthorized access.

I tried to do a clean install ( deleted database and files ) whith no results.

I have noticed that the last page during the installation phase does not look as the one in the installation instructions on the site - it is an empty page and does not ahave a link to the admin panel or the main site, and no footer.

I do not provide any links as this is installed on a VM and my IP is dynamic.

Thanks.