TinyPortal

Hi,

Since many members here usses Flashchat, i thought i ask here.
I just recieved a mail from Tufat that there's a new version out(4.7.0). It says "An important security update has been made to FlashChat. Please download and install FlashChat 4.7.0 as soon as possible to avoid known security exploits."
Now, in the installation process i have an option to choose from but im not sure what to do. 

QuoteThe FlashChat installer has detected that the following database tables already exist.
Based on the information that you inputted, these are likely to be FlashChat tables.

smf_fc_config
smf_fc_config_values
smf_fc_config_instances
smf_fc_config_chats

Would you like to upgrade your current FlashChat installation? This action will add fields that are missing from the the existing tables, and add any missing tables. Tables and fields are not removed during this process, and existing data is not removed. Thus, your current chat rooms, users, bots, and messages will be preserved.

If you are unsure whether these tables are related to FlashChat, then you are advised to check with your website administrator, or use a MySQL access tool like phpFlashMyadmin to backup the table contents before continuing.

Can i continue with the installation?

An other silly question, i checked my databasses with phpMyAdmin and i noticed 11 tables in there starting with x7chat2_ . Do these tables have anything to do with FlashChat? Just asking because when i uninstalled flashchat, these tables were still there.

hey how come i didnt get that email!!!

must be in the junk folder! thanks for lettin me know

my guess is it should be ok to go with upgrade since flash chat is a completely seperate software and configuration is done in php files and not in the tables

as for the additional tables....ask at tufat.com

that looks suspicious!

I think your asking in the wrong forum. Trying asking a the flashchat forum.

x7chat2_ does look suspcious. You could try deleteing the old tables before installing.

I made topic sticky for awhile. We don't want any secruity issues...

I got that mail yesterday, But i havent updated it yet

im gona upgrade as soon as i get something together to put up on GG (Goofy Goobers) lol :D

The tables created for FlashCat are these ones here

#--------------------------------------------------------------------------
# Table structure for table `bans`
#--------------------------------------------------------------------------

CREATE TABLE `bans` (
       `created` timestamp(14) NOT NULL,
       `userid` int(11) default NULL,
       `banneduserid` int(11) default NULL,
       `roomid` int(11) default NULL,
       `ip` varchar(16) default NULL,
       KEY `userid` (`userid`),
       KEY `created` (`created`)
     ) TYPE=MyISAM;

#--------------------------------------------------------------------------
# Table structure for table `connections`
#--------------------------------------------------------------------------

CREATE TABLE `connections` (
       `id` varchar(32) NOT NULL default '',
       `updated` timestamp(14) NOT NULL,
       `created` timestamp(14) NOT NULL,
       `userid` int(11) default NULL,
       `roomid` int(11) default NULL,
       `state` tinyint(4) NOT NULL default '1',
       `color` int(11) default NULL,
       `start` int(11) default NULL,
       `lang` char(2) default NULL,
       `ip` varchar(16) default NULL,
       `tzoffset` int(11) default '0',
       PRIMARY KEY  (`id`),
       KEY `userid` (`userid`),
       KEY `roomid` (`roomid`),
       KEY `updated` (`updated`)
     ) TYPE=MyISAM;

#--------------------------------------------------------------------------
# Table structure for table `ignors`
#--------------------------------------------------------------------------

CREATE TABLE `ignors` (
       `created` timestamp(14) NOT NULL,
       `userid` int(11) default NULL,
       `ignoreduserid` int(11) default NULL,
       KEY `userid` (`userid`),
       KEY `ignoreduserid` (`ignoreduserid`),
       KEY `created` (`created`)
     ) TYPE=MyISAM;

#--------------------------------------------------------------------------
# Table structure for table `messages`
#--------------------------------------------------------------------------

CREATE TABLE `messages` (
       `id` int(11) NOT NULL auto_increment,
       `created` timestamp(14) NOT NULL,
       `toconnid` varchar(32) default NULL,
       `touserid` int(11) default NULL,
       `toroomid` int(11) default NULL,
       `command` varchar(255) NOT NULL default '',
       `userid` int(11) default NULL,
       `roomid` int(11) default NULL,
       `txt` text,
       PRIMARY KEY  (`id`),
       KEY `touserid` (`touserid`),
       KEY `toroomid` (`toroomid`),
       KEY `toconnid` (`toconnid`),
       KEY `created` (`created`)
     ) TYPE=MyISAM AUTO_INCREMENT=14 ;

#--------------------------------------------------------------------------
# Table structure for table `rooms`
#--------------------------------------------------------------------------

CREATE TABLE `rooms` (
       `id` int(11) NOT NULL auto_increment,
       `updated` timestamp(14) NOT NULL,
       `created` timestamp(14) NOT NULL,
       `name` varchar(64) NOT NULL default '',
       `password` varchar(32) NOT NULL default '',
       `ispublic` char(1) default NULL,
       `ispermanent` int(11) default NULL,
       
       PRIMARY KEY  (`id`),
       KEY `name` (`name`),
       KEY `ispublic` (`ispublic`),
       KEY `ispermanent` (`ispermanent`),
       KEY `updated` (`updated`)
     ) TYPE=MyISAM AUTO_INCREMENT=5 ;

#--------------------------------------------------------------------------
# Table structure for table `users`
#--------------------------------------------------------------------------

CREATE TABLE `users` (
       `id` int(11) NOT NULL auto_increment,
       `login` varchar(32) NOT NULL default '',
       `password` varchar(32) NOT NULL default '',
       `roles` int(11) NOT NULL default '0',
       `profile` text,
       PRIMARY KEY  (`id`),
       KEY `login` (`login`)
     ) TYPE=MyISAM AUTO_INCREMENT=2 ;

that means x7chat2_ arent part of FC

Better hurry up and investigate WSA

good luck!

Im done with the installation now and it's all working just fine.

Now i need to find out what these other tables doing there.
I have all these in there:

Quotex7chat2_bandwidth
x7chat2_banned
x7chat2_events
x7chat2_filter
x7chat2_messages
x7chat2_muted
x7chat2_online
x7chat2_permissions
x7chat2_rooms
x7chat2_settings
x7chat2_users

You think it's save to just delete them?

best to ask at tufat.com

and also ask your host in case they know something

I went with the update, i clicked the preceed and all went well :)
Didnt have to make any changes to the codes anywhere, but i had to remove the preinstalled rooms again, But my room i had were imported to so no worries at all :)

MrsG6 do you have any of those weird tables in your database?

Im asking this because my host responded that they are being used for the application that is hosted under the: www.fcbzone.com/chat/  ???

Lol i searched for x7chat2 in google and it's a other chat script. I wonder how this come in my database.  ???

Well i guess it's save to just delete them now?

I looked, did not have that table in my db , but i see you have found out what it was though :)

Quote from: akulion on September 11, 2006, 07:26:28 PM
best to ask at tufat.com

and also ask your host in case they know something

Found this post on tufat.com, from a person who was hacked with a previous version of Flashchat - http://forum.tufat.com/showthread.php?t=24955&highlight=flashchat+4.7.0

The email below came from the user's host.  The directory they mentioned below /chat/inc/cmses is what I saw in my server error log prior to my site being hacked.

___________

-----Original Message-----
From: Host [URL removed]
Sent: 08 September 2006 19:02
To: (e-mail removed)
Subject: Host Account Issue -- Script hijacked


*** To reply to this message, please click: ***
https:// (URL removed)

OR click this URL and enter the Case Number: removed
https:// (URL removed)
________________________________________________________________

Hello,

We have discovered that a large amount of emails have originated from your web server. As a result, we have disabled your web server's ability to send email.

We suspect that one of your scripts has been hijacked and is being abused to send out these mass emails. The script in question is located at:

/chat/inc/cmses << NOTE: FlashChat Directory

For security purposes, we have also disabled this folder.

If you ensure your scripts are secure and uptodate and will not send out this spam, we will reconsider and reactivate your sendmail function. However, if found again to be sending spam, we will have no choice but to suspend your account.

Regards,

Host's name

X7 chat is another that I tried before Flashchat. If you've got in in you Db, you must at least have tested it at some point.

i tried aimf chat also by tufat.com

its pretty cool and supposed to be less server intensive

but i uninstalled it - cos it didnt have some of the cool features like in FS

Quote from: gerrymo on September 11, 2006, 09:35:24 PM
X7 chat is another that I tried before Flashchat. If you've got in in you Db, you must at least have tested it at some point.

Maybe i did test that script some time ago. I only can't remember when or how :idiot2: and that happens to me more and more lately lol. Part of getting older they tell me.

Anyway, i deleted those tables and everything is still working fine.  :)

I unstickied this topic since it has been awhile.

X7 chat is a chat software that some hosting providers supply free, mine has it, so you have at some point installed the X7 chat from somewhere. X7 chat crashed about every 20 minutes when i used it 3 years ago, and i have not used it since.

the x7 tables are nothing to do with flashchat, and you can drop them as long as you do not use X7 chat for anything else.