vB hacked by Dengesiz Team?

**Colin F** · Wed 30 Aug '06, 3:15am

What version of vBulletin were you running?

You can follow these tips to further secure your forum: http://www.vbulletin.com/forum/showthread.php?t=194701

**pank** · Wed 30 Aug '06, 2:54pm

Make sure you don't have HTML enabled in any of your forums.

**Mac Write** · Wed 30 Aug '06, 11:04pm

I have HTML enabled for one forum due to needing to put an exact copy of Service Notices for BC Ferries. Anyway I can do this while still staying secure, other then due it via a CMS instead?

**MrNase** · Thu 31 Aug '06, 1:17am

As for the service notices: Try 'CMS System Version 1.0.0 By Zero Tolerance' - I don't know if he modified it to work with vB 3.5 but that one should be perfect for such simple things.

I am using it as an database for articles together with a custom rewrite rule: http://www.pagodentreff.de/artikel/

**Jerry** · Thu 31 Aug '06, 2:53pm

Originally posted by Mac Write

I have HTML enabled for one forum due to needing to put an exact copy of Service Notices for BC Ferries. Anyway I can do this while still staying secure, other then due it via a CMS instead?

Depends on what your grabbing from their site, where you want it and in what format.

**Chousho** · Thu 31 Aug '06, 8:01pm

The title to this is a misnomer. VB was not hacked ;D

Is HTML enabled like mentioned? This is a big hole for scripts to be run.

Otherwise it could be something as simple as a keylogger that picked up an admin pw.

**Scott MacVicar** · Fri 1 Sep '06, 3:55am

You close the forums so only admins can post and enable HTML, thats the only secure way.

**solidtransient** · Fri 1 Sep '06, 8:17am

This question is for the person who's board got hacked. Did you happen to have flashchat from tufat.com installed?

My board was hacked by dengesiz team, but its a phpbb installation and I had flashchat installed. Apparently there is a major hole in that system.

http://forum.tufat.com/showthread.php?t=24428

**Paul M** · Fri 1 Sep '06, 4:02pm

Anyone who has vbulletin integrated with Flashchat should delete all the files in Flashchats CMS folder except the vbulletin##CMS.php file that they are using (## = 30, 35 or 36) - all the other files are for other systems, and not used. This will prevent the recent exploit linked above (using the aedating cms file).

**Steve Machol** · Fri 1 Sep '06, 7:30pm

Good warning Paul.

FlashChat and TopXStats Plugin Vulnerabilities - vBulletin Community Forum

http://www.vbulletin.com/forum/showthread.php?t=198902

This exploit was known in June but they still haven't provided a fix.

**Paul M** · Sat 2 Sep '06, 1:43am

Originally posted by Steve Machol

Good warning Paul.

FlashChat and TopXStats Plugin Vulnerabilities - vBulletin Community Forum

http://www.vbulletin.com/forum/showthread.php?t=198902

This exploit was known in June but they still haven't provided a fix.

That's probably because it doesn't exist, I think they (securityfocus) have confused two products with the same name - this is their warning

http://www.securityfocus.com/bid/18480

There is no file called adminips.php in the Tufat version of Flashchat, and never has been.

**Steve Machol** · Sat 2 Sep '06, 8:43am

Strange. However it wouldn't be the first time someone got the script name wrong in security focus. It looks like it's actually aedating4CMS.php:

http://forum.tufat.com/showthread.php?t=24428&highlight=security

**mr moose** · Sun 3 Sep '06, 3:59am

im using flash chat but i chose not to have it integrated with my vbulletin forum,i instead chose to use a link on my forum page instead ,i installed flashchat into its own dir and it even uses a different mysql database than the one om vbulletin installation uses, so what i would like to know is will my board still be affected by this security issue or does it only affect those that have flashcaht integrated?

**Chousho** · Sun 3 Sep '06, 4:03am

It would most likely be better to ask this at the flash chat forum. As this program was the main security flaw, it may be better to not take any risk if you have valuable information or data.

vB hacked by Dengesiz Team?

vB hacked by Dengesiz Team?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment