Protect Your MAG Devices Lines

[akawi11]

Mate wich PM? I didn’t receive any PM yet ?

just done now
check it

 

[akawi11]

if u use xtreamui just edit portal.php and never can sniff your token or mac address just add 1 line with allow only local address couse when customer make request to xtreamui request accept and forwoad request to portal.php onother problem is xtreamui have a many backdoors in the code u can decrypt and check it most of backdoors send your streams to diffrent servers

good solution
can you please let us know this 1 line to protect the mac address from this attacks

 

[dtblocker]

Mozilla/5.0 (QtEmbedded; U; Linux; C) AppleWebKit/533.3 (KHTML, like Gecko) MAG200 stbapp ver: 2 rev: 250 Safari/533.3
FilterExclude

?type=stb&action=handshake&token=&prehash=0&JsHttpRequest=1-xml
FilterExclude

?type=stb&action=get_profile
FilterExclude

/portal.php

 

[redhat]

Mozilla/5.0 (QtEmbedded; U; Linux; C) AppleWebKit/533.3 (KHTML, like Gecko) MAG200 stbapp ver: 2 rev: 250 Safari/533.3
FilterExclude

?type=stb&action=handshake&token=&prehash=0&JsHttpRequest=1-xml
FilterExclude

?type=stb&action=get_profile
FilterExclude

/portal.php

So as i understand the only potential issue is with portal.php or better with the /client_area ?

 

[dtblocker]

yes portal.php

 

[slaserx]

yes portal.php

portal.php its easy to be fix without decode or etc this is a just php file u can make all what u want and put your code to protect file

 

[redhat]

May you guys can write small how to fix it for beginners

 

[slaserx]

May you guys can write small how to fix it for beginners

one easy way u can use .httaccess file and put this and add your local ip only for can have a access then all request on devices we work only with local request from your portal.

1st way
order deny,allow
deny from all
allow from <your ip>

2 options u can put some script like this on portal.php

<?php

$deny = array("111.111.111", "222.222.222", "333.333.333");

if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {

   header("location: http://www.google.com/");

   exit();

} ?>

and change ip to block all ip like a 0.0.0.0/0 then all request again will work only from localhost server request and all onother will be redirect to google.com or what u wish

when u make this nobody can steal token or streams via portal.php also i write a patch which remove backdors from xtreamui

 

[hazdo]

can mag boxes use https i guess no so you protect only portal using https

 

[slaserx]

can mag boxes use https i guess no so you protect only portal using https

yes can when make automate request redirect to https also u can enable https support on mag devices its easy just u need ssh access to make it

 

[hazdo]

yes can when make automate request redirect to https also u can enable https support on mag devices its easy just u need ssh access to make it

yeah i was able to make half https request so you need ssh access to mag box to make it work with https?

 

[slaserx]

yeah i was able to make half https request so you need ssh access to mag box to make it work with https?

yes or u can make your custom image for your mags with all settings which u need, after that u can also run your own tftp server and can update all devices which u adminstrate remotley with your own new image have many many many options

 

[alex1010]

one easy way u can use .httaccess file and put this and add your local ip only for can have a access then all request on devices we work only with local request from your portal.

1st way
order deny,allow
deny from all
allow from <your ip>

2 options u can put some script like this on portal.php

<?php

$deny = array("111.111.111", "222.222.222", "333.333.333");

if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {

   header("location: http://www.google.com/");

   exit();

} ?>

and change ip to block all ip like a 0.0.0.0/0 then all request again will work only from localhost server request and all onother will be redirect to google.com or what u wish

when u make this nobody can steal token or streams via portal.php also i write a patch which remove backdors from xtreamui

instead $deny u can do also like this

<?php

$allow = array("127.0.0.1");

if (!in_array ($_SERVER['REMOTE_ADDR'], $allow)) {

header("location: http://www.google.com/");

exit();

} ?>

 

[slaserx]

instead $deny u can do also like this

<?php

$allow = array("127.0.0.1");

if (!in_array ($_SERVER['REMOTE_ADDR'], $allow)) {

header("location: http://www.google.com/");

exit();

} ?>

yes have many options

 

[alex1010]

one easy way u can use .httaccess file and put this and add your local ip only for can have a access then all request on devices we work only with local request from your portal.

1st way
order deny,allow
deny from all
allow from <your ip>

2 options u can put some script like this on portal.php

<?php

$deny = array("111.111.111", "222.222.222", "333.333.333");

if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {

   header("location: http://www.google.com/");

   exit();

} ?>

and change ip to block all ip like a 0.0.0.0/0 then all request again will work only from localhost server request and all onother will be redirect to google.com or what u wish

when u make this nobody can steal token or streams via portal.php also i write a patch which remove backdors from xtreamui

Are you sure this way working?

Give loading error and doesn't work

 

[slaserx]

Are you sure this way working?

Give loading error and doesn't work

yes its working i give just example if u know how to use it will be work yes

 

[itvservice]

yes its working i give just example if u know how to use it will be work yes

As @redhat said maybe post a "Detailed Fix" for begginners, and explain how it is done step by step. It would help!

 

[akawi11]

instead $deny u can do also like this

<?php

$allow = array("127.0.0.1");

if (!in_array ($_SERVER['REMOTE_ADDR'], $allow)) {

header("location: http://www.google.com/");

exit();

} ?>

location = /portal.php {
allow 127.0.0.1;
deny all;
}

what you think about this one inside nginx.conf? can be working

 

[joelonlyne]

location = /portal.php {
allow 127.0.0.1;
deny all;
}

what you think about this one inside nginx.conf? can be working

Guys using " allow 127.0.0.1 " only will allow local ip and won't work to public site.

Mag devices and STB Emu use that file " portal.php " to work properly.

Analysing and thinking out the box

 

[neowarcic]

Just ISP lock for now, but it's not some good solution, on some providers you can enable it by the user side. Every user restart is stb blocked, but just on few providers. Geolite is updated but ...