My Xtream UI Panel Hacked

[dreambox2011]

EASY WAY TO PROTECT X UI

buy a domain
add it to Cloudflare and turn cloudflare ON ( orange cloud )
Create a dns point to your main IP ex: cmsx123.domain.tdl ( something only you know)

on your nginx conf

server {
        listen 8447 ssl;ssl_certificate server.crt;ssl_certificate_key server.key; ssl_protocols SSLv3 TLSv1.1 TLSv1.2; #use ssl port 2053, 2083,2097,8447
        index index.php index.html index.htm;
        root /home/xtreamcodes/iptv_xtream_codes/admin/;

        server_name YOURDNS;

        if ($host != "YOURDNS") {
          return 404;
         }

        location ~ \.php$ {
            limit_req zone=one burst=8;
            try_files $uri =404;
            fastcgi_index index.php;
            fastcgi_pass php;
            include fastcgi_params;
            fastcgi_buffering on;
            fastcgi_buffers 96 32k;
            fastcgi_buffer_size 32k;
            fastcgi_max_temp_file_size 0;
            fastcgi_keep_conn on;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param SCRIPT_NAME $fastcgi_script_name;
        }
    }

your x ui will only open ( works ) if they know the DNS you used.
you can also add some rules do Cloudflare to increase your protection

its not solve all the problems but will help.

how to add different addresses into this

 

[dreambox2011]

there was a new attack last night.
does anyone know the solution

 

[artiste20077]

As i said before , if you are a professional in developpement and security use the hosted panels like xc ui , if not , the best solution is using cms

The files uploaded was on the admin directory , any hacker know very well what is python and the xc ui is very easy to be hacked

Personally i am using a panel developped by me with some features , and also i am using a cms panel for my clients

 

[baja92]

I am hacked again to see if there is a solution I am willing to pay for.

 

[artiste20077]

I am hacked again to see if there is a solution I am willing to pay for.

as long as you have the admin directory in your server and there is no update to fix this security bug you will facing the same problem

 

[robert kao]

I am hacked again to see if there is a solution I am willing to pay for.

Google "iptv panel" to find commercial panel.

 

[siscon]

first rule on secure: anything is forbidden except what i permit explicity
second rule: never leave or use defaults ports on your server
3rth : learn to secure your self using multiple technics like 2FA, private vpn, tunnels, etc.

 

[ramco.nl]

thank you thank