vcal Posted October 18, 2013 Report Posted October 18, 2013 Simpilot. Why are you discussing my site with Vicar? My site is vcal.org.uk, not Vicars. Quote
Vicar Posted October 18, 2013 Report Posted October 18, 2013 I never made any reference to vcal.org.uk, nor discussed it. I quoted olny my website moosedomain.net. Quote
Administrators simpilot Posted October 18, 2013 Author Administrators Report Posted October 18, 2013 Sorry, I guess looking quickly I did did not differentiate the two usernames between vcal and vicar. My comments as far as what could be happening still are the same though. If you are completely deleteing the entire contents of your website and reinstalling a clean version of the application and being hacked minutes later, there is not too many things that can be happening. 1 - You are not using the patched version of the ofc_upload_image.php file. - Which I just tried to call on your site and got a not found error, so it is clear that the file is not there. so I would say it is; 2 - There is another site on the server that is compromised that has access to your directory, possibly through the links created by a symlink attack. I know you say it is your own paid server but by the looks of it, with the correct ip address, it has appx 800 other sites hosted on it as well. -> http://whois.domaint.../89.146.199.179 or 3 - You have not changed passwords (FTP, cPanel, email) that were exposed in the original compromise. Quote
vcal Posted October 18, 2013 Report Posted October 18, 2013 I got the host to try a couple things and then he wiped the webspace. There is nothing in it until I upload. VMS was failing every time I installed and ran it, even with the patched version. The hackers wwere doing more than what has been said on this forum. They had created a directory that once I got into it, I couldn't get out of. I have had no direct reply to my posts about the problems on this forum, which left me no choice but to have my webspace wiped, which was suggested and I agreed. I don't know exactly what these hackers have done, but it is a lot more than just defacing and adding files and folders. Quote
vcal Posted October 18, 2013 Report Posted October 18, 2013 Why is there a MACOSX folder in with this download? Quote
vcal Posted October 18, 2013 Report Posted October 18, 2013 Downloaded it again, unzipped, uploaded and ran the installer. Fatal error: Class 'DB' not found in /home/vcalorgu/public_html/core/common/SettingsData.class.php on line 28 Quote
EricNguyen Posted December 15, 2013 Report Posted December 15, 2013 Hello, Our VA got hacked too, they installed a massmailer and file controller. fortunately I have an older version of the site and did a check using MD5deep (a tool to compute md5 hash) bewteen the 2 versions. hence I could find our which files were added or modified. to generate signatures from an old copy of phpvms: md5deep -l -r phpvms > old.txt To generate a report on the hacked version md5deep -l -r -x old.txt phpvms_hacked Quick and it will compare file content .... Now I would like to use the new ofc_upload_image.php is the correct version dated 30-09-2013 ? I can find it in http://downloads.phpvms.net/phpvms.update.zip Right ? Thanks Eric Air Inter VA Quote
EricNguyen Posted March 1, 2014 Report Posted March 1, 2014 Hello all, Just to inform, we found our PHPVMS hacked again today, despite removing the chart php script. We are investigating what was changed in our scripts. Eric Quote
Administrators simpilot Posted September 16, 2014 Author Administrators Report Posted September 16, 2014 Any updates on this? There is no real update to be had, if you replace or patch the one affected file as it is spelled out here -> http://forum.phpvms.net/topic/16598-21936-security-patch/ <- there is not really anything else to be updated. If you were hacked, you will need to clean your site. There is no absolute set if directions to do that, every one is different. Quote
ChrisTaylor Posted September 21, 2014 Report Posted September 21, 2014 I have that version on my site. I assume it is not a venerability or it looks like that. Quote
melvinarter92 Posted October 18, 2017 Report Posted October 18, 2017 nice thanks for sharing information get more, please............................ Quote
mischka Posted November 1, 2017 Report Posted November 1, 2017 I've created an alternative for the flash chart on the admin panel, have a look here: https://www.virtualairlines.eu/index.php/Blog/Post/~admindashboardhacks There's also some other improvements to the dashboard. Where else is this flash chart used? I know about the schedule frequency on the schedule detail.. anywhere else? Quote
CedGauche Posted November 5, 2017 Report Posted November 5, 2017 at the finances and in the pilot public profile (aircraft usage) are some more of these old Quote
CedGauche Posted November 6, 2017 Report Posted November 6, 2017 @mischka I've tried your code, but there is no graph, it's empty and there is only a "loading image" Quote
mischka Posted November 6, 2017 Report Posted November 6, 2017 1 hour ago, CedGauche said: @mischka I've tried your code, but there is no graph, it's empty and there is only a "loading image" send me your dasboard.php via PM and I'll have a look at it. Quote
Administrators ProAvia Posted November 6, 2017 Administrators Report Posted November 6, 2017 2 hours ago, mischka said: send me your dasboard.php via PM and I'll have a look at it. Better yet, why not post it here - so everyone can benefit from the fix. Quote
mischka Posted November 6, 2017 Report Posted November 6, 2017 19 minutes ago, ProAvia said: Better yet, why not post it here - so everyone can benefit from the fix. No reason for him to post his dashboard here. I'll fix the issue and update the post Quote
Moderators mark1million Posted November 6, 2017 Moderators Report Posted November 6, 2017 I cant get it to work either, please paste the complete code for google charts integration as you have bits missing. Quote
mischka Posted November 7, 2017 Report Posted November 7, 2017 17 hours ago, mark1million said: I cant get it to work either, please paste the complete code for google charts integration as you have bits missing. Yeah, the </script> tag at the end was missing. Just add </script> to the end of the dashboard template file and you should be good. thanks for pointing this out,nobody is perfect Quote
Moderators mark1million Posted November 8, 2017 Moderators Report Posted November 8, 2017 Where did you post about the adjustment of the graph plus my one doesnt have the days listed it only displays that is you hover over the line Quote
Moderators mark1million Posted November 8, 2017 Moderators Report Posted November 8, 2017 Ok doesnt matter i had to reintroduce a dedicated class to get it to show correctly. Changed the existing div and it works great. <div id="chart_div" style="width:400; height:300"></div> Quote
gio1961 Posted March 18, 2018 Report Posted March 18, 2018 On 8/11/2017 at 10:32 PM, mark1million said: Ok doesnt matter i had to reintroduce a dedicated class to get it to show correctly. Changed the existing div and it works great. <div id="chart_div" style="width:400; height:300"></div> I've tried your code, but there is no graph, it's empty and there is only a "loading image" my dashboard.php <?php if(!defined('IN_PHPVMS') && IN_PHPVMS !== true) { die(); } ?> <h3>VA Stats:</h3> <table width="100%"> <tr> <td valign="top" width="33%" nowrap="nowrap"> <strong>Users Online: </strong><?php echo count(StatsData::UsersOnline()); ?><br /> <strong>Guests Online: </strong><?php echo count(StatsData::GuestsOnline()); ?> </td> <td valign="top" width="33%" nowrap="nowrap" > <strong>Total Pilots: </strong><?php echo StatsData::PilotCount(); ?><br /> <strong>Total Flights: </strong><?php echo StatsData::TotalFlights(); ?><br /> <strong>Total Hours Flown: </strong><?php echo StatsData::TotalHours(); ?> </td> <td valign="top" width="33%" nowrap="nowrap" > <strong>Miles Flown: </strong><?php echo StatsData::TotalMilesFlown(); ?><br /> <strong>Total Schedules: </strong><?php echo StatsData::TotalSchedules(); ?><br /> <strong>Flights Today: </strong><?php echo StatsData::TotalFlightsToday();?> </td> </tr> </table> <?php MainController::Run('Dashboard', 'CheckInstallFolder'); echo $updateinfo; ?> <h3>Pilot Reports for the Past Week</h3> <div align="center" style="width=98%"> <div id="reportcounts" align="center" width="400px" > <img src="<?php echo fileurl('/lib/images/loading.gif');?>" /><br /><br /> Loading... </div> </div> <?php if(Config::Get('VACENTRAL_ENABLED') == true && $unexported_count > 0) { ?> <h3>vaCentral Status: </h3> <p>You have <strong><?php echo $unexported_count?></strong> PIREPS waiting for export to vaCentral. <a href="<?php echo adminurl('/vacentral/sendqueuedpireps'); ?>">Click here to send them</a> </p> <?php } ?> <?php Template::Show('pilots_viewallbids.php'); ?> <div id="chart_div" style="width:400; height:300"></div> <h3 style="margin-bottom: 0px;">Latest News</h3> <div style="overflow: auto; height: 400px; border: 1px solid #f5f5f5; margin-bottom: 20px; padding: 7px; padding-top: 0px; padding-bottom: 20px;"> <?php echo $phpvms_news; ?> <p><a href="http://www.phpvms.net" target="_new">View All News</a></p> </div> </td> <?php /*if(Config::Get('VACENTRAL_ENABLED') == true) { ?> <td valign="top" valign="50%"> <h3 style="margin-bottom: 0px;">Latest vaCentral News</h3> <?php echo $vacentral_news; ?> <p><a href="http://www.vacentral.net" target="_new">View All News</a></p> </td> <?php }*/ ?> <?php /* Added in 2.0! */ $chart_width = '400'; $chart_height = '300'; /* Don't need to change anything below this here */ ?> <script type="text/javascript" src="https://www.gstatic.com/charts/loader.js"></script> <script type="text/javascript"> google.charts.load('current', {'packages':['corechart']}); google.charts.setOnLoadCallback(drawChart); function drawChart() { var data = google.visualization.arrayToDataTable([ ['Day', 'Pireps'], <?php $counter=0; $total=0; $len = count($pireps); foreach($pireps as $row) { echo "['".date('j M',$row->timestamp)."',".$row->total."]"; $total=$total+$row->total; if ($counter<$len-1) { echo ","; } $counter++; } ?> ]); var options = { title: '', legend: { position: 'none' } }; var chart = new google.visualization.LineChart(document.getElementById ('reportcounts')); chart.draw(data, options); } </script> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.