[NOTICE] - Open Flash Chart Exploit

[vcal]

Simpilot. Why are you discussing my site with Vicar?

My site is vcal.org.uk, not Vicars.

[Vicar]

I never made any reference to vcal.org.uk, nor discussed it. I quoted olny my website moosedomain.net.

[simpilot]

Sorry, I guess looking quickly I did did not differentiate the two usernames between vcal and vicar.

My comments as far as what could be happening still are the same though. If you are completely deleteing the entire contents of your website and reinstalling a clean version of the application and being hacked minutes later, there is not too many things that can be happening.

1 - You are not using the patched version of the ofc_upload_image.php file. - Which I just tried to call on your site and got a not found error, so it is clear that the file is not there.

so I would say it is;

2 - There is another site on the server that is compromised that has access to your directory, possibly through the links created by a symlink attack. I know you say it is your own paid server but by the looks of it, with the correct ip address, it has appx 800 other sites hosted on it as well. -> http://whois.domaint.../89.146.199.179

or

3 - You have not changed passwords (FTP, cPanel, email) that were exposed in the original compromise.

[vcal]

I got the host to try a couple things and then he wiped the webspace. There is nothing in it until I upload. VMS was failing every time I installed and ran it, even with the patched version. The hackers wwere doing more than what has been said on this forum.

They had created a directory that once I got into it, I couldn't get out of. I have had no direct reply to my posts about the problems on this forum, which left me no choice but to have my webspace wiped, which was suggested and I agreed. I don't know exactly what these hackers have done, but it is a lot more than just defacing and adding files and folders.

[vcal]

Why is there a MACOSX folder in with this download?

[vcal]

Downloaded it again, unzipped, uploaded and ran the installer.

Fatal error: Class 'DB' not found in /home/vcalorgu/public_html/core/common/SettingsData.class.php on line 28

[EricNguyen]

Hello,

Our VA got hacked too, they installed a massmailer and file controller. fortunately I have an older version of the site and did a check using MD5deep (a tool to compute md5 hash) bewteen the 2 versions. hence I could find our which files were added or modified.

to generate signatures from an old copy of phpvms:

md5deep -l -r phpvms > old.txt

To generate a report on the hacked version

md5deep -l -r -x old.txt phpvms_hacked

Quick and it will compare file content .... Now I would like to use the new ofc_upload_image.php is the correct version dated 30-09-2013 ?

I can find it in http://downloads.phpvms.net/phpvms.update.zip

Right ?

Thanks

Eric

Air Inter VA

[EricNguyen]

Hello all,

Just to inform, we found our PHPVMS hacked again today, despite removing the chart php script. We are investigating what was changed in our scripts.

Eric

[ChrisTaylor]

Any updates on this?

[simpilot]

Any updates on this?

There is no real update to be had, if you replace or patch the one affected file as it is spelled out here -> http://forum.phpvms.net/topic/16598-21936-security-patch/ <- there is not really anything else to be updated. If you were hacked, you will need to clean your site. There is no absolute set if directions to do that, every one is different.

[ChrisTaylor]

I have that version on my site. I assume it is not a venerability or it looks like that.

[melvinarter92]

nice thanks for sharing information get more, please............................

[mischka]

I've created an alternative for the flash chart on the admin panel, have a look here: https://www.virtualairlines.eu/index.php/Blog/Post/~admindashboardhacks

There's also some other improvements to the dashboard. 

Where else is this flash chart used? I know about the schedule frequency on the schedule detail.. anywhere else?

[CedGauche]

at the finances and in the pilot public profile (aircraft usage) are some more of these old

[CedGauche]

@mischka

I've tried your code, but there is no graph, it's empty and there is only  a  "loading image"

 

 

[mischka]

1 hour ago, CedGauche said:

@mischka

I've tried your code, but there is no graph, it's empty and there is only  a  "loading image"

 

 

send me your dasboard.php via PM and I'll have a look at it.

[ProAvia]

2 hours ago, mischka said:

send me your dasboard.php via PM and I'll have a look at it.

Better yet, why not post it here - so everyone can benefit from the fix.

[mischka]

19 minutes ago, ProAvia said:

Better yet, why not post it here - so everyone can benefit from the fix.

No reason for him to post his dashboard here. I'll fix the issue and update the post

[mark1million]

I cant get it to work either, please paste the complete code for google charts integration as you have bits missing.

[mischka]

17 hours ago, mark1million said:

I cant get it to work either, please paste the complete code for google charts integration as you have bits missing.

Yeah, the </script> tag at the end was missing. Just add </script> to the end of the dashboard template file and you should be good.

thanks for pointing this out,nobody is perfect

[mark1million]

Where did you post about the adjustment of the graph plus my one doesnt have the days listed it only displays that is you hover over the line

[mark1million]

Ok doesnt matter i had to reintroduce a dedicated class to get it to show correctly. Changed the existing div and it works great.

 

<div id="chart_div" style="width:400; height:300"></div>

[gio1961]

On 8/11/2017 at 10:32 PM, mark1million said:

Ok doesnt matter i had to reintroduce a dedicated class to get it to show correctly. Changed the existing div and it works great.

 

<div id="chart_div" style="width:400; height:300"></div>

I've tried your code, but there is no graph, it's empty and there is only  a  "loading image"

my dashboard.php

<?php if(!defined('IN_PHPVMS') && IN_PHPVMS !== true) { die(); } ?>
<h3>VA Stats:</h3>
<table width="100%">
    <tr>
    <td valign="top" width="33%" nowrap="nowrap">        
        <strong>Users Online: </strong><?php echo count(StatsData::UsersOnline()); ?><br />
        <strong>Guests Online: </strong><?php echo count(StatsData::GuestsOnline()); ?>
    </td>
    <td valign="top" width="33%" nowrap="nowrap" >
        <strong>Total Pilots: </strong><?php echo StatsData::PilotCount(); ?><br />
        <strong>Total Flights: </strong><?php echo StatsData::TotalFlights(); ?><br />
        <strong>Total Hours Flown: </strong><?php echo StatsData::TotalHours(); ?>
    </td>
    <td valign="top" width="33%" nowrap="nowrap" >
        <strong>Miles Flown: </strong><?php echo StatsData::TotalMilesFlown(); ?><br />
        <strong>Total Schedules: </strong><?php echo StatsData::TotalSchedules(); ?><br />
        <strong>Flights Today: </strong><?php echo StatsData::TotalFlightsToday();?>
    </td>
    </tr>
</table>
<?php
MainController::Run('Dashboard', 'CheckInstallFolder');
echo $updateinfo;
?>
<h3>Pilot Reports for the Past Week</h3>
<div align="center" style="width=98%">
    <div id="reportcounts" align="center" width="400px" >
    <img src="<?php echo fileurl('/lib/images/loading.gif');?>" /><br /><br />
    Loading...
    </div>
</div>

 

 

<?php
if(Config::Get('VACENTRAL_ENABLED') == true && $unexported_count > 0)
{ ?>
    <h3>vaCentral Status: </h3>
    <p>You have <strong><?php echo $unexported_count?></strong> PIREPS waiting for export to vaCentral.
    <a href="<?php echo adminurl('/vacentral/sendqueuedpireps'); ?>">Click here to send them</a> </p>
<?php
} ?>

<?php

Template::Show('pilots_viewallbids.php');

?>

<div id="chart_div" style="width:400; height:300"></div>

<h3 style="margin-bottom: 0px;">Latest News</h3>
    <div style="overflow: auto; height: 400px; border: 1px solid #f5f5f5; margin-bottom: 20px; padding: 7px; padding-top: 0px; padding-bottom: 20px;">
    <?php echo $phpvms_news; ?>
    <p><a href="http://www.phpvms.net" target="_new">View All News</a></p>
    </div>
</td>
<?php
/*if(Config::Get('VACENTRAL_ENABLED') == true)
{
?>
<td valign="top" valign="50%">
    
    <h3 style="margin-bottom: 0px;">Latest vaCentral News</h3>
    <?php echo $vacentral_news; ?>
    <p><a href="http://www.vacentral.net" target="_new">View All News</a></p>
</td>
<?php
}*/
?>
<?php
/*
    Added in 2.0!
*/
$chart_width = '400';
$chart_height = '300';

/* Don't need to change anything below this here */
?>
<script type="text/javascript"

src="https://www.gstatic.com/charts/loader.js"></script>
<script type="text/javascript">
  google.charts.load('current', {'packages':['corechart']});
  google.charts.setOnLoadCallback(drawChart);

  function drawChart() {
    var data = google.visualization.arrayToDataTable([
      ['Day', 'Pireps'],
    <?php
    $counter=0;
    $total=0;
    $len = count($pireps);
    foreach($pireps as $row)
    {
        echo "['".date('j M',$row->timestamp)."',".$row->total."]";
        $total=$total+$row->total;
        if ($counter<$len-1)
        {     echo ","; }
        $counter++;    
    }        
    ?>
    ]);

    var options = {
      title: '',
      legend: { position: 'none' }
    };

    var chart = new google.visualization.LineChart(document.getElementById

('reportcounts'));

    chart.draw(data, options);
  }
</script>