Fatal Exploits found on Xtream UI

[score22in]

Hello, Guys

Some Moroccan Guys have found some fatal Exploits on Xtream UI All verssions they can Restream all the streams from you Using valid usernam & Password Can overload the server Overload the LB ..... they have destroyed 40 IPTV Servers and Now they are playing with me i don't know how the hell they put on all streams even if all my streams are on demand

 

[makeitso]

In would be more inclined to say some one leaked a line on the web

 

[score22in]

In would be more inclined to say some one leaked a line on the web

Sir this customer bought a Line after 10 Min i begin receiving more than 5000 connections for Same IP in Hetzner so its a Dedicated server connections not HOme IP and max_connections is set to 1 when i contacted the guy he told me im from morocco

 

[score22in]

Here is the client LOG

ID	USERNAME	STREAM	REASON	USER AGENT	IP	DATE
20171	GR: MONTREAL GREEK TV	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20170	DE: RTL PASSION (VIP)	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20169	IT: RAI PREMIUM	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20168	DE: DISNEY JR (VIP)	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20167	IT: FOCUS	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20166	DE: ARD ALPHA (VIP)	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20165	GR: NOVA CINEMA ACTION HD	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20164	IT: TOPCRIME	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20163	PT: TV RECORD HD	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20162	PT: FOX LIFE HD	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01

all of you ban this IP !!!!

 

[Uundastan]

Hello, Guys

Some Moroccan Guys have found some fatal Exploits on Xtream UI All verssions they can Restream all the streams from you Using valid usernam & Password Can overload the server Overload the LB ..... they have destroyed 40 IPTV Servers and Now they are playing with me i don't know how the hell they put on all streams even if all my streams are on demand

Ban the account being used. Set the no user agent denial.

Here is the client LOG

ID	USERNAME	STREAM	REASON	USER AGENT	IP	DATE
20171	GR: MONTREAL GREEK TV	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20170	DE: RTL PASSION (VIP)	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20169	IT: RAI PREMIUM	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20168	DE: DISNEY JR (VIP)	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20167	IT: FOCUS	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20166	DE: ARD ALPHA (VIP)	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20165	GR: NOVA CINEMA ACTION HD	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20164	IT: TOPCRIME	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20163	PT: TV RECORD HD	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20162	PT: FOX LIFE HD	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01

all of you ban this IP !!!!

Start running user agents. Also you can set it to disallow 2nd connection from same IP.

 

[Uundastan]

Here is the client LOG

ID	USERNAME	STREAM	REASON	USER AGENT	IP	DATE
20171	GR: MONTREAL GREEK TV	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20170	DE: RTL PASSION (VIP)	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20169	IT: RAI PREMIUM	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20168	DE: DISNEY JR (VIP)	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20167	IT: FOCUS	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20166	DE: ARD ALPHA (VIP)	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20165	GR: NOVA CINEMA ACTION HD	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20164	IT: TOPCRIME	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20163	PT: TV RECORD HD	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01
20162	PT: FOX LIFE HD	AUTH_FAILED	Xtream-Codes IPTV Panel Pro	95.217.34.130	2020-03-15 01:17:01

all of you ban this IP !!!!

Also after like 8 connections from a single connection account nothing will play on 22b ea. Tested that myself. Even one over creates a disruption in service. Upgrade to 22b ea if you already have not. Also a hard coded DNS in an App with a Hard Coded user-agent solves a lot of problems. Plenty of ways to prevent this.

 

[score22in]

Also after like 8 connections from a single connection account nothing will play on 22b ea. Tested that myself. Even one over creates a disruption in service. Upgrade to 22b ea if you already have not. Also a hard coded DNS in an App with a Hard Coded user-agent solves a lot of problems. Plenty of ways to prevent this.

Yes im using Darkmedia Hardcoded and im still R21 im afraid of Upgrading and losing my data as i have more than 500 Customers sing my iptv service

 

[score22in]

Ban the account being used. Set the no user agent denial.

Start running user agents. Also you can set it to disallow 2nd connection from same IP.

How can i Set the no User agent denial ? and for people with who IM exchange how im i suposed to do ?

 

[Uundastan]

Yes im using Darkmedia Hardcoded and im still R21 im afraid of Upgrading and losing my data as i have more than 500 Customers sing my iptv service

If you fixed the Geo previously with the recoding you can find on here you won't have any issues. This is all open source so definitely has some bugs but you will be ok. 22b ea is decent.

 

[Uundastan]

How can i Set the no User agent denial ? and for people with who IM exchange how im i suposed to do ?

It is in settings. Also ban the default one that person used. Banned user agents. It comes on every panel. The Xtreme Codes on.

 

[score22in]

If you fixed the Geo previously with the recoding you can find on here you won't have any issues. This is all open source so definitely has some bugs but you will be ok. 22b ea is decent.

Can you please send me command on how to fix Geo please when i start service i still have geo error please if its possible and sorry for disturbing you

 

[Uundastan]

Can you please send me command on how to fix Geo please when i start service i still have geo error please if its possible and sorry for disturbing you

It is on here actually hold on.

 

[JoAodeDeUs]

Dude, use Cloudflare or another similar service.

 

[score22in]

Dude, use Cloudflare or another similar service.

How can you prevent such things using cloudflare ? its IPTV bro one customer bought a line a added this line to his xtream codes and streamed all my streams at once and xtream UI allowed him

 

[Uundastan]

How can you prevent such things using cloudflare ? its IPTV bro one customer bought a line a added this line to his xtream codes and streamed all my streams at once and xtream UI allowed him

cd /home/xtreamcodes/iptv_xtream_codes/crons/ && cp servers_checker.php servers_checker.php.orgi && rm servers_checker.php && wget https://worldofiptv.com/downloads/xtreamui/servers_checker.php && sudo chattr -i /home/xtreamcodes/iptv_xtream_codes/GeoLite2.mmdb && sudo chmod 777 /home/xtreamcodes/iptv_xtream_codes/GeoLite2.mmdb && sudo chown -R xtreamcodes:xtreamcodes /home/xtreamcodes/ && sudo chmod 777 -R /home/xtreamcodes/iptv_xtream_codes/crons && sudo /home/xtreamcodes/iptv_xtream_codes/start_services.sh

This belongs to RedHat. A single command that perm fixes Geo file.

 

[grimelinse]

the exploit is from orginal xtreamcodes package not in xteamui admin panel

 

[JoAodeDeUs]

How can you prevent such things using cloudflare ? its IPTV bro one customer bought a line a added this line to his xtream codes and streamed all my streams at once and xtream UI allowed him

You can create multiple rules through Cloudflare.
I don't believe it happened that way.
I am not saying that you are lying, but I think it is wrong how you are thinking that this has happened.
I have gone through the code all my countless times, I haven't come across leaks or injection points.

 

[Uundastan]

You can create multiple rules through Cloudflare.
I don't believe it happened that way.
I am not saying that you are lying, but I think it is wrong how you are thinking that this has happened.
I have gone through the code all my countless times, I haven't come across leaks or injection points.

Yes. Adding something that would prevent what would appear to be a dos attack would have stopped it immediately. Even redirecting an actual web address with protection to an IP would prevent it from occurring. Plenty of network solutions available as well.

 

[JoAodeDeUs]

Yes. Adding something that would prevent what would appear to be a dos attack would have stopped it immediately. Even redirecting an actual web address with protection to an IP would prevent it from occurring. Plenty of network solutions available as well.

Also, exaclty.

 

[Uundastan]

Also, exaclty.

Hopefully all of this helps. Have a goodnight.