Hi boccio

My website has been hacked yet again - the second time in the last 2 weeks and fifth time in all. What is wrong with the script that makes it so vulnerable that every tom dick and harry hacks it easily. im begining to get frustrated with this script now - Can you please help me urgently please ?

the site is www.azadarnews.com - i have temporarily redirected it to another news website

ME too

got hacked by the SAME HACKER

Vivvo need to take legal action toward this HACKER

i have attached a screen picture to my website so u'll know what happened

>>>>>>>

please we need a solution

update

my site is running again, but when i downloaded the vivvo script to my pc

i got an anti-virus message saying that it has detected 2 files containing Trojans in the downloaded script

i found the 2 php files in the vivvo/files/ folder which has the images

there must be a way to stop hackers from uploading php. files

i've attached a screenshot of the errors i got

i hope that will help u determine the bug

Guys if your using V3.4 it has known issues with security attacks and allows file upload to files folder.

I think you should upgrade to v3.5 as I believe these security issues where resolved in that version.

Gus

my Site was hacked too on the 21st April. I was using v3.4, i updated right away and everything is perfect :)..

The hacker was some turkish guy. But its over until he finds a vunerability and vivvo, then vivvo has to then update the script again.

Guys this war between hackers and developers will go on for ever, as developers move 2 steps forwards, hackers also move two step forwards...

Eternal vigilance is the oly key - - and upgrade to v3.5 NOW

3.5 Version was released almost a month ago. I see no reason to keep 3.4 when it has known vulnerabilities, and allows malicious attacker to compromise the system. We already advised everyone to upgrade to 3.5, please do so.


Vivvo need to take legal action toward this HACKER

We'd love to, but they usually origin in countries where no legal actions can be taken.

Also, we encourage everyone who experienced hacker attacks to send the HTTP logs to us, we'll try to prosecute what we can.

i'll upgarde my version to 3.5 right away

boccio you said

who experienced hacker attacks to send the HTTP logs to us

how can i send the HTTP logs

i would love to help you

thanx

You must follow security patches. Otherwise turkish LAMERS will not let you sleep :) Damn Them
________
Nevada medical marijuana dispensaries (http://nevada.dispensaries.org/)
________
Montana medical marijuana dispensaries (http://montana.dispensaries.org/)

We are currently in the process of collection additional information about the attacker with an aim of forwarding it to the Turkish cybercrime unit which has had some success in catching cybercriminals in the past.

I would also like to take this opportunity to remind everyone about what the term hacker really means according to Eric S. Raymond, one of the leaders of the hacker movement.

"There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end.

The basic difference is this: hackers build things, crackers break them."

Turkish version is here:

http://www.belgeler.org/howto/hacker-howto/hacker-howto.html

how can i send the HTTP logs

i would love to help you

Send them to our support via email or HelpDesk.

yes u r right. damn them. they also dont have any knowglenge about codding. and etc. they just know know using shells. i think if there where wrotten program like Site: & Hack button, they will throw evrything and play with that tool lol
________
S90 (http://www.cyclechaos.com/wiki/Honda_S90)
________
HANDJOB NURSE (http://www.fucktube.com/categories/685/nurse/videos/1)

Boccio

I would ask you one simple question - If there was a known issue with the script which made it vulnerable to attacks - dont you think you should have released a patch free of cost to cover the weak point or atleast charge 20-30$ for the upgrade instead of $99 ?

a much advanced script like PHPCow can be purchased at 59$ - why on earth would someone pay $99 for the upgrade of Vivvo ?

Please mark this as a special request and issue a highly reduced offer of upgrade for those who are with vivvo or you will see ppl running away from the script.

In my opinion if there is a know issue in the script the script owners should release the patch FREE - How many of you agree when i say the security patch should be free if there is a know issue ?

Ill be running away to phpcow if i dont get a positive responce from Vivvo about reduction in upgrade price and im sure many others will follow.

yes i`m 100 % agree,
But now i buy sosovn yesterday becus i do not traust vivvo agen.. i`m sorry for vivvo team but the man is right.. and i do have upgreade that was also not suc6 for me, and later i do want go back to 3.40 ther was also brobleem with putting back backup.. all link of frontpage news was not working..

I do stop with vivvo... thanks anyway

Have good day

If there was a known issue with the script which made it vulnerable to attacks - dont you think you should have released a patch free of cost to cover the weak point or atleast charge 20-30$ for the upgrade instead of $99 ?

We do not charge for security patches, nor we ever did. The upgrade to 3.5 costs $99 for license holders who have their license expired, but security patch upgrade was (and still is) dispatched to everyone completely free of charge.

If you haven't received this patch, I see no reason why you shouldn't contact support and obtain it.

whatever you do don't go to phpcow... even though Vivvo might have some bugs... phpcow will make you sorry you run a website. Trust me. I own a license, and don't use it. We switched to Vivvo.

whatever you do don't go to phpcow... even though Vivvo might have some bugs... phpcow will make you sorry you run a website. Trust me. I own a license, and don't use it. We switched to Vivvo.

Well, PHP Cow templates are more advance and professional then Vivvos. But PHP Cow sucks... there are number of reasons but the main is you don't have any control on your website at all and there License terms are sooo tight.

Vivoo 3.4 is really good software but the main problem with vivvo is they don't have much plugins and then plugins that come with vivvo is not able to full fill multiple requirements of the customers.

Sosonews is also good but again there is no plugin for customization and there are also lot of basic basic features are missing, like archive etc...

Sorry to say Vivvo, but My choice is Joomal..... Why?
1- Lot of free Templates and Commercial templates
2- More then 1,500 Modules/plugins
3- Open Source FREE :)

Right now I'm working on website for my client in Joomal will post the URL to get your views...

We switched to Vivvo.
Good choice :D


Vivoo 3.4 is really good software but the main problem with vivvo is they don't have much plugins and then plugins that come with vivvo is not able to full fill multiple requirements of the customers.

You definitely have a point there. We do lack of variety of plug-ins, but if you look closer, only in last 40 days we released one new plugin (vBulletin) and one extension (Photo Gallery). And we're not stopping there. As you can see, we recently launched a How-To (http://www.vivvo.net/forums/forumdisplay.php?f=15) forum aimed for developers who want to create own extensions for Vivvo.

On the other hand, a news publishing website doesn't need much plugins - newsletter tool, banner management, forum integration and image gallery are pretty much enough. We do not intent to create a "all-round purpose" CMS like Joomla or Drupal, we are strictly focused on having ultimate news and media publishing platform for webmasters and developers.

Of course, we can always do better, and thats why we listen to our community pulse all the time :)

Compared to phpcow, vivvo has all the plugins or addins that phpcow has, except one the ability to show php in a block instead of an article. That is pretty minor... We used it to feature items from our ecommerce system into a block, and when they clicked the link it took them to the ecommerce site.

The only other feature is the ability to add static pages... though to be honest, phpcow doesn't do it well.

For all who has hacked. Use latest patch for 3.40 for upload vulnurabillity. And chek for files in your "files" directory that are php scripts. They have to change your index page to show this on images. So check about php files that are root exploits.

We do not charge for security patches, nor we ever did. The upgrade to 3.5 costs $99 for license holders who have their license expired, but security patch upgrade was (and still is) dispatched to everyone completely free of charge.
This policy is no different from many other professional platforms, including vBulletin. If you hold a CURRENT/ACTIVE license, then patches are free. If your license has expired, you have to pay. Sounds perfectly fair to me.

You definitely have a point there. We do lack of variety of plug-ins, but if you look closer, only in last 40 days we released one new plugin (vBulletin) and one extension (Photo Gallery).

{snip}

On the other hand, a news publishing website doesn't need much plugins -

I agree. CMS is CONTENT management, not 'community plumbing'.

Personally, I'd like to see some extensions of the existing plugins - like more intergration with vBulletin. Right now, I don't really understand the point of the integration.

What would be nice, is if the Vivvo comment system would support avatars for user comments. (ie: when a registered member posted a comment in Vivvo, their avatar & user name would appear, and it would link back to their vBulletin profile)

Also nice would be the ability for comments to be handled within vbulletin, rather than Vivvo(ie: when an article is added to Vivvo, at the bottom is a link that says Discuss this article here: It links to a thread where the first post is an excerpt of the article, and then allow members to post comments on that thread. Expression Engine allows this.)

Lastly, the ability to post in multiple categories, as well as, clickable Tags are a MUST. (Actually, if I can get tags, I'll shut up about the other stuff ;) )

ETA
I lied...I still want avatars in comments :)

Also nice would be the ability for comments to be handled within vbulletin, rather than Vivvo(ie: when an article is added to Vivvo, at the bottom is a link that says Discuss this article here: It links to a thread where the first post is an excerpt of the article, and then allow members to post comments on that thread. Expression Engine allows this.)

Lastly, the ability to post in multiple categories, as well as, clickable Tags are a MUST. (Actually, if I can get tags, I'll shut up about the other stuff )

absolutely love those ideas.

I own 3 phpcow licenses and I like it. I also like what vivvo brings to the table. Both of them have their strengths and weaknesses.

I think vivvo has bright future and that is why i laid down almost 400 in that future.

One thing they need though is more "free" templates. That would be huge and I believe would help get more and more people to come their way and spend money. Most of the people running cms sites are not people that know how to make templates, they want ones premade. I am one of those lol

More templates for free would be exceptional