What's new

Welcome to World of IPTV

With

+23k members
+11k threads
+106k posts

we are the most popular IPTV community on the web. 

IMPORTANT NOTE:
WE HAVE RECENTLY NOTICED THAT TOO MANY DOUBLE FAKE ACCOUNTS ARE CREATED IN THE PAST.
TO PREVENT THIS ISSUE THE DECISION WAS MADE THAT IN THE FUTURE A ANNUALLY FEE 20 EURO WILL BE RAISED FOR NEW MEMBERSHIPS.

Join now to the World of IPTV

Log in Register

Forum Rules

Before you start, check out the forum rules first

Account upgrade

Upgrade your account to get access to full features

Advertising

Would you like to place your advertisement with us ?

Resources Manager

Hundreds of IPTV scripts and apps are available for download

Follow Us On Social Media

Resource icon

Download xtream ui cracker and how to protect. Download +faq 1.0

Register & Get access to index

Attention important note:

Each Resource Author is responsible for the completeness and functionality for its content.
Duplicate existing content will be deleted.
If a link to a resource no longer works, the author will firstly advised to update the link. If after a certain time the link is not updated, the resource will be deleted and the author will be banned for a certain time!

Overview History Discussion Purchased
xtream ui cracker 20e a mont (it does hack all PANELS, zapx, xtream ui, STREAMCREED!, solus etc)

All info from their website.

It uses bruteforce and predfined/stolen passwords. (its simple to STOP HACKING PANELS)
Click to expand...
The reason why you must disable "flood limit" as this app check and switch to new proxy once it got blocked. And you must use new proxies list every 5minutes.

THAT MEAN ATTACKER CAN LOAD NUMBER OF BRUTEFORCE INSTANCES AND CHANGE IP'S SO OFTEN WITH NEW PROXY. THE ONLY ANSWEAR IS IPTABLES AND ALLOW ADMIN/RESELLER FROM PRIVATE STATIC VPN IP. THIS WAY YOU WILL STAY PROTECTED



how to fight with this
Click to expand...

THE ANSWEAR IS "BLOCK WITH IPTABLES ADMIN PORT".

And add allowed IP withing to admin panel .

Best way is to buy dedicated server, install openvpn server. and allow only this server ip and provide resellers with keys for openvpn.


Or buy cheap sh"$" servers for 10e and use couple of private openvpn servers to host allowed ip.


and dont forget to add in settings


Maximum Login Attempts :2

"remember the hack is based on BRUTEFORCE SO WE MUST STOP BRUTEFORCE"


correct way of protecting your server with iptables. You must use tool to SAVE ALL rules

First delete all rules and add your uniq IP of vpn ( static ip) and will only this ip to connect to the server

PHP: 
iptables -F

then

apt-get install iptables-persistent

service netfilter-persistent save
service netfilter-persistent reload

if you get command not found then enter ( since ubuntu 16 it was changed to netfilter). older distros will be called in old name. Like this one below.
service iptables-persistent save
service iptables-persistent reload


Now buy vpn with STATIC IP ADDRESS. IMPORTANT
enter:
iptables -A INPUT -s 127.0.0.1 -p ALL -j ACCEPT

next:
iptables -A INPUT -s YOURS_STATCI_IP -p ALL -j ACCEPT

next all LB ip divided with comma. You list enter all ips and enter them all at once.

iptables -A INPUT -s 111.111.111.111,222.222.222.222, -p ALL -j ACCEPT


next:
iptables -A INPUT -s RESELLER_IP -p ALL -j ACCEPT


Now if you enter
sudo iptables -L --line-numbers

you will get rules with corresponding number. (1,2,3... etc)

Now we are going to protect server ( disables ping request and blocking admin port and SSH port)


iptables -A INPUT -p icmp --icmp-type echo-request -j DROP

iptables -A INPUT -p tcp -m tcp --dport 25500 -j REJECT

iptables -A INPUT -p tcp -m tcp --dport 22 -j REJECT


NOW VERY IMPORTANT WE MUST S IPTABLES RULES


service netfilter-persistent save

AND
service netfilter-persistent reload

AFTER EACH REBOOT SERVER WILL KEEP IPTABLES.

You can also block countries with shortcuts

iptables -A INPUT -m geoip --src-cc CN,TW -j DROP


And again


service netfilter-persistent save
service netfilter-persistent reload




*******
ADD IPTABLES AS MENSIONED ABOVE TO ALL OF YOUR SERVERS

MAIN SERVER + ALL LOAD BALANCERS YOU GOT *****



#3
Next thing to do is to login in to mysql database.

Go to
xtreamiptv_pro --> reg_users
~
Edit first users (it will be admin account with ID -1)

Now change ID-1 to random high number.

Even if you get mysql injection, attacks are focused on ID-1 ( which is alwayes ADMIN)




#4
Another fix, locate php.ini in xtreamcodes folder, php. ( you can do this in all of your servers all main + LB)


edit file and add right on the bottom

disable_function = exec,passthru,shell_exec,system,proc_open,popen,curl_multi_exec,parse_ini_file,show_source

Click save.

Reboot server


If you havent added to cron /etc/init.d/xtreamcodes after reboot


Just after main server reboot log via ssh and enter command as root

/etc/init.d/xtreamcodes after reboot


#5
if you been hacked. Backup dbs.

RE INSTALL FRESH OS ON THE SERVERS and reinstall panel with IPTABLES IN PLACE as mensioned above.




ADD IPTABLES AS MENSIONED ABOVE TO ALL OF YOUR SERVERS

MAIN SERVER + ALL LOAD BALANCERS YOU GOT

..."check passwords and username in files, if you had username or password from that list YOU ARE MOST LIKELY BEEN HACKED"...

YOU MUST DO FRESH INTALL WITH ALL NEWS PASSWORDS, USERNAMES FOR ADMIN RESELLER, SSH ETC.


Hiding behind proxy dont help, at the moment the only working fix is to limit access to admin port. With iptables. IT will make your server secure in 99%.

1% can attacker become your reseller and this way can hack your server. Only add verified resellers. Keep an eye on flood logins. from which private ip they are coming so this way you can lock out that fake reseller.

Easy

Next protect phpmyadmin config !! if you installed one. IT CAN BE BRUTEFORCED AS WELL

PHP: 
You can disable phpMyAdmin by disabling the module configuration.

sudo a2disconf phpmyadmin.conf
sudo /etc/init.d/apache2 restart

Enable it  if needed with

sudo a2enconf phpmyadmin.conf
sudo /etc/init.d/apache2 restart
This resource has been reported as working in 0 time(s), and as not-working 0 time(s) this month.
(0 time(s) working and 0 time(s) not-working in total)
  • Like
Reactions: AleksandarMKD, rawell, henry162013 and 23 others
Author
martin30x
Price
50 Credit
Downloads
14
Views
744
First release
Last update
Rating
0.00 star(s) 0 ratings
Join the discussion

More resources from martin30x

Share this resource

Follow Us On Social Media

13,522Threads
114,755Messages
23,599Members
ercocco71Latest member

About Us

With 23,500+ members, 13,000+ threads and 112,000 posts, we are the most popular IPTV community on the web. We have been copied many times, but copying makes the original just stronger !

Quick Links

Forum Rules
Account upgrade
Advertising
Resources Manager

Online statistics

Members online
11
Guests online
358
Robots online
52
Total visitors
421
Robots
52
Totals may include hidden visitors.
shape1
shape2
shape3
shape4
shape5
shape6
Top
AdBlock Detected

We know, ad-blocking software do a great job at blocking ads. But our site is sponsored by advertising. 

For the best possible site experience please take a moment to disable your AdBlocker.
You can create a Account with us or if you already have account, you can prefer an Account Upgrade.

I've Disabled AdBlock