Jump to content
simpilot

[NOTICE] - Open Flash Chart Exploit

Recommended Posts

Sorry, I guess looking quickly I did did not differentiate the two usernames between vcal and vicar.

My comments as far as what could be happening still are the same though. If you are completely deleteing the entire contents of your website and reinstalling a clean version of the application and being hacked minutes later, there is not too many things that can be happening.

1 - You are not using the patched version of the ofc_upload_image.php file. - Which I just tried to call on your site and got a not found error, so it is clear that the file is not there.

so I would say it is;

2 - There is another site on the server that is compromised that has access to your directory, possibly through the links created by a symlink attack. I know you say it is your own paid server but by the looks of it, with the correct ip address, it has appx 800 other sites hosted on it as well. -> http://whois.domaint.../89.146.199.179

or

3 - You have not changed passwords (FTP, cPanel, email) that were exposed in the original compromise.

Share this post


Link to post
Share on other sites

I got the host to try a couple things and then he wiped the webspace. There is nothing in it until I upload. VMS was failing every time I installed and ran it, even with the patched version. The hackers wwere doing more than what has been said on this forum.

They had created a directory that once I got into it, I couldn't get out of. I have had no direct reply to my posts about the problems on this forum, which left me no choice but to have my webspace wiped, which was suggested and I agreed. I don't know exactly what these hackers have done, but it is a lot more than just defacing and adding files and folders.

Share this post


Link to post
Share on other sites

Downloaded it again, unzipped, uploaded and ran the installer.

Fatal error: Class 'DB' not found in /home/vcalorgu/public_html/core/common/SettingsData.class.php on line 28

Share this post


Link to post
Share on other sites

Hello,

Our VA got hacked too, they installed a massmailer and file controller. fortunately I have an older version of the site and did a check using MD5deep (a tool to compute md5 hash) bewteen the 2 versions. hence I could find our which files were added or modified.

to generate signatures from an old copy of phpvms:

md5deep -l -r phpvms > old.txt

To generate a report on the hacked version

md5deep -l -r -x old.txt phpvms_hacked

Quick and it will compare file content .... Now I would like to use the new ofc_upload_image.php is the correct version dated 30-09-2013 ?

I can find it in http://downloads.phpvms.net/phpvms.update.zip

Right ?

Thanks

Eric

Air Inter VA

Share this post


Link to post
Share on other sites

Hello all,

Just to inform, we found our PHPVMS hacked again today, despite removing the chart php script. We are investigating what was changed in our scripts.

Eric

Share this post


Link to post
Share on other sites

Any updates on this?

There is no real update to be had, if you replace or patch the one affected file as it is spelled out here -> http://forum.phpvms.net/topic/16598-21936-security-patch/ <- there is not really anything else to be updated. If you were hacked, you will need to clean your site. There is no absolute set if directions to do that, every one is different.

Share this post


Link to post
Share on other sites
1 hour ago, CedGauche said:

@mischka

I've tried your code, but there is no graph, it's empty and there is only  a  "loading image"

 

 

send me your dasboard.php via PM and I'll have a look at it.

Share this post


Link to post
Share on other sites
2 hours ago, mischka said:

send me your dasboard.php via PM and I'll have a look at it.

Better yet, why not post it here - so everyone can benefit from the fix.

Share this post


Link to post
Share on other sites
19 minutes ago, ProAvia said:

Better yet, why not post it here - so everyone can benefit from the fix.

No reason for him to post his dashboard here. I'll fix the issue and update the post :)

Share this post


Link to post
Share on other sites
17 hours ago, mark1million said:

I cant get it to work either, please paste the complete code for google charts integration as you have bits missing.

Yeah, the </script> tag at the end was missing. Just add </script> to the end of the dashboard template file and you should be good.

thanks for pointing this out,nobody is perfect :)

Share this post


Link to post
Share on other sites

Where did you post about the adjustment of the graph plus my one doesnt have the days listed it only displays that is you hover over the line

Share this post


Link to post
Share on other sites

Ok doesnt matter i had to reintroduce a dedicated class to get it to show correctly. Changed the existing div and it works great.

 

<div id="chart_div" style="width:400; height:300"></div>

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×