Welcome to World of IPTV

With

+23k members
+11k threads
+106k posts

we are the most popular IPTV community on the web. 

IMPORTANT NOTE:
WE HAVE RECENTLY NOTICED THAT TOO MANY DOUBLE FAKE ACCOUNTS ARE CREATED IN THE PAST.
TO PREVENT THIS ISSUE THE DECISION WAS MADE THAT IN THE FUTURE A ANNUALLY FEE 20 EURO WILL BE RAISED FOR NEW MEMBERSHIPS.

Join now to the World of IPTV

Forum Rules

Before you start, check out the forum rules first

Account upgrade

Upgrade your account to get access to full features

Advertising

Would you like to place your advertisement with us ?

Resources Manager

Hundreds of IPTV scripts and apps are available for download

My Xtream UI Panel Hacked

KeMo

Extended Member
Ext. Member
Joined
Sep 23, 2019
Messages
38
Reaction score
166
Points
44
Location
Karem0552286546@
xtream codes v3= xtream creed
attack on many servers today to enforce us to convert to the new panel
 

makeitso

Extended Member
Ext. Member
Joined
Sep 22, 2019
Messages
450
Reaction score
977
Points
104
Location
Dublin
Just follow GTA and the details he gives on security and updates ,
 
Channels MatchTime Unblock CDN Offshore Server Contact
100 cnx / 90€ 5Gbps / 180€ 48CPU-256GRAM 10Gbps 569€ Skype live:giefsl
500 cnx / 350€ 10Gbps / 350€ 48CPU-128GRAM 5Gbps / 349€ TG @changglobize
1000 cnx / 500€ 20Gbps / 700€ 40CPU-128GRAM 20Gbps / €980 http://coronaserver.com

FunkyMonkey99

Extended Member
Ext. Member
Joined
May 14, 2020
Messages
22
Reaction score
25
Points
14
Location
UK
xtream codes v3= xtream creed
attack on many servers today to enforce us to convert to the new panel
Theres alot more panels to choose from other than streamcreed very much doubt they had anything to do with it with all the bad publicity they are getting for being accused of the hack ...
 
Channels MatchTime Unblock CDN Offshore Server Contact
100 cnx / 90€ 5Gbps / 180€ 48CPU-256GRAM 10Gbps 569€ Skype live:giefsl
500 cnx / 350€ 10Gbps / 350€ 48CPU-128GRAM 5Gbps / 349€ TG @changglobize
1000 cnx / 500€ 20Gbps / 700€ 40CPU-128GRAM 20Gbps / €980 http://coronaserver.com

GoldSuq

Extended Member
Ext. Member
Joined
May 22, 2020
Messages
21
Reaction score
97
Points
24
Age
122
Location
Unknown
Basically the hack that happened is linked to a previous vulnerability available in older version of Xtream UI.
People who had a fresh install of Xtream UI 22F have not been hacked.
If you have upgraded from any prior version you have open vulnerabilities on your platform. Nonethless you must have secured your server regardless
 

zeri

Extended Member
Ext. Member
Joined
Oct 2, 2019
Messages
34
Reaction score
110
Points
44
Location
bh
I have cleaned my servers in the following way,

first i removed /bin/bash from /etc/passwd on xtreamcodes user (/bin/false should be there)

I removed the phpfpm php file and created a new file with same name and chattr +ia it

same I did for start_services and /tmp/ui.php

then I have removed the admin folder and put the latest version on the box

for now it looks ok

I havent formatted my machines
 

GoldSuq

Extended Member
Ext. Member
Joined
May 22, 2020
Messages
21
Reaction score
97
Points
24
Age
122
Location
Unknown
I have cleaned my servers in the following way,

first i removed /bin/bash from /etc/passwd on xtreamcodes user (/bin/false should be there)

I removed the phpfpm php file and created a new file with same name and chattr +ia it

same I did for start_services and /tmp/ui.php

then I have removed the admin folder and put the latest version on the box

for now it looks ok

I havent formatted my machines

Unfortunately the vulnerability is in the core of Xtream UI.
I would suggest you make a backup and reinstall fully Main server and the LB's - I am pretty sure you missed a ton of files.
So far the hacker exploited the following vulnerabilities :
- Italian.php
- Xtramcodes having /bin/bash as a shell
-a newer copy of the bot in /tmp/ui.php
-an entry with xtreamcodes in /etc/sudoers that allows unlimited access
-the start_servces.sh modifications
-the botnet being run as fastcgi.php
-xtreamcodes having a password set in /etc/shadow

so yeah fresh install... no fixing
 
Channels MatchTime Unblock CDN Offshore Server Contact
100 cnx / 90€ 5Gbps / 180€ 48CPU-256GRAM 10Gbps 569€ Skype live:giefsl
500 cnx / 350€ 10Gbps / 350€ 48CPU-128GRAM 5Gbps / 349€ TG @changglobize
1000 cnx / 500€ 20Gbps / 700€ 40CPU-128GRAM 20Gbps / €980 http://coronaserver.com

nuraghi015

Seller
Seller
Ext. Member
Joined
Oct 15, 2019
Messages
48
Reaction score
115
Points
44
Location
Italy
warining.png
 
Channels MatchTime Unblock CDN Offshore Server Contact
100 cnx / 90€ 5Gbps / 180€ 48CPU-256GRAM 10Gbps 569€ Skype live:giefsl
500 cnx / 350€ 10Gbps / 350€ 48CPU-128GRAM 5Gbps / 349€ TG @changglobize
1000 cnx / 500€ 20Gbps / 700€ 40CPU-128GRAM 20Gbps / €980 http://coronaserver.com

nuraghi015

Seller
Seller
Ext. Member
Joined
Oct 15, 2019
Messages
48
Reaction score
115
Points
44
Location
Italy
Anyone translated it yet?
We as G.P.I. claim the attacks on different panels. We managed to hack not only Xtream UI but also other panels. We do this because there is unfairness in the IPTV Buisness. There are big players who think they rule the world. We ensure that your panels and the panels of your users become unusable. The world has no borders let alone the digital world. We will take you down one by one until this game is played fair again. We are a legion, we do not forgive and we do not forget.
 
Channels MatchTime Unblock CDN Offshore Server Contact
100 cnx / 90€ 5Gbps / 180€ 48CPU-256GRAM 10Gbps 569€ Skype live:giefsl
500 cnx / 350€ 10Gbps / 350€ 48CPU-128GRAM 5Gbps / 349€ TG @changglobize
1000 cnx / 500€ 20Gbps / 700€ 40CPU-128GRAM 20Gbps / €980 http://coronaserver.com

Elite

Extended Member
Ext. Member
Joined
Sep 22, 2019
Messages
32
Reaction score
140
Points
44
Location
Elite
EASY WAY TO PROTECT X UI

buy a domain
add it to Cloudflare and turn cloudflare ON ( orange cloud )
Create a dns point to your main IP ex: cmsx123.domain.tdl ( something only you know)

on your nginx conf

PHP:
server {
        listen 8447 ssl;ssl_certificate server.crt;ssl_certificate_key server.key; ssl_protocols SSLv3 TLSv1.1 TLSv1.2; #use ssl port 2053, 2083,2097,8447
        index index.php index.html index.htm;
        root /home/xtreamcodes/iptv_xtream_codes/admin/;

        server_name YOURDNS;

        if ($host != "YOURDNS") {
          return 404;
         }

        location ~ \.php$ {
            limit_req zone=one burst=8;
            try_files $uri =404;
            fastcgi_index index.php;
            fastcgi_pass php;
            include fastcgi_params;
            fastcgi_buffering on;
            fastcgi_buffers 96 32k;
            fastcgi_buffer_size 32k;
            fastcgi_max_temp_file_size 0;
            fastcgi_keep_conn on;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param SCRIPT_NAME $fastcgi_script_name;
        }
    }

your x ui will only open ( works ) if they know the DNS you used.
you can also add some rules do Cloudflare to increase your protection

its not solve all the problems but will help.
 

obscuremind

Extended Member
Ext. Member
Joined
Sep 21, 2019
Messages
104
Reaction score
621
Points
104
Location
0.0.0.0
So much talk and no one said anything that could solve the problem for good.
Don't use default ports. That's the first thing with security.
Ssh default port its 22. Change it to a 4 or 5 digit random.
They can find it with a scanner but it will make things harder.
Change default panel ports.
Common used ports are easy to find and use to attack.
To make things harder block Ssh for the server. Make it usable only on a VPN session. Or only to or ip. Block everything else on Ssh port to your ip. That's it. These are the "fixes" that I recommend.
 
Channels MatchTime Unblock CDN Offshore Server Contact
100 cnx / 90€ 5Gbps / 180€ 48CPU-256GRAM 10Gbps 569€ Skype live:giefsl
500 cnx / 350€ 10Gbps / 350€ 48CPU-128GRAM 5Gbps / 349€ TG @changglobize
1000 cnx / 500€ 20Gbps / 700€ 40CPU-128GRAM 20Gbps / €980 http://coronaserver.com

chris

Extended Member
Ext. Member
Joined
Jul 26, 2019
Messages
123
Reaction score
320
Points
74
Location
spain
So much talk and no one said anything that could solve the problem for good.
Don't use default ports. That's the first thing with security.
Ssh default port its 22. Change it to a 4 or 5 digit random.
They can find it with a scanner but it will make things harder.
Change default panel ports.
Common used ports are easy to find and use to attack.
To make things harder block Ssh for the server. Make it usable only on a VPN session. Or only to or ip. Block everything else on Ssh port to your ip. That's it. These are the "fixes" that I recommend.


no one said how attacker put files inside server
and also some guys have servers in private network also get hacked
 

obscuremind

Extended Member
Ext. Member
Joined
Sep 21, 2019
Messages
104
Reaction score
621
Points
104
Location
0.0.0.0
The attacker uploads files through the xtreamcodes user.
Private network isn't a closed network.
 
shape1
shape2
shape3
shape4
shape5
shape6
Top
AdBlock Detected

We know, ad-blocking software do a great job at blocking ads. But our site is sponsored by advertising. 

For the best possible site experience please take a moment to disable your AdBlocker.
You can create a Account with us or if you already have account, you can prefer an Account Upgrade.

I've Disabled AdBlock