xtream ui cracker 20e a mont (it does hack all PANELS, zapx, xtream ui, STREAMCREED!, solus etc)
files attached as a resource. you can purchase.
All info from their website.
Its out there and it cost 20euro a month. Hack tool for all IPTV panels.
THAT MEAN ATTACKER CAN LOAD NUMBER OF BRUTEFORCE INSTANCES AND CHANGE IP'S SO OFTEN WITH NEW PROXY. THE ONLY ANSWEAR IS IPTABLES AND ALLOW ADMIN/RESELLER FROM PRIVATE STATIC VPN IP. THIS WAY YOU WILL STAY PROTECTED
THE ANSWEAR IS "BLOCK WITH IPTABLES ADMIN PORT".
And add allowed IP withing to admin panel .
Best way is to buy dedicated server, install openvpn server. and allow only this server ip and provide resellers with keys for openvpn.
Or buy cheap sh"$" servers for 10e and use couple of private openvpn servers to host allowed ip.
and dont forget to add in settings
Maximum Login Attempts :2
"remember the hack is based on BRUTEFORCE SO WE MUST STOP BRUTEFORCE"
correct way of protecting your server with iptables. You must use tool to SAVE ALL rules
First delete all rules and add your uniq IP of vpn ( static ip) and will only this ip to connect to the server
..."check passwords and username in files, if you had username or password from that list YOU ARE MOST LIKELY BEEN HACKED"...
YOU MUST DO FRESH INTALL WITH ALL NEWS PASSWORDS, USERNAMES FOR ADMIN RESELLER, SSH ETC.
Hiding behind proxy dont help, at the moment the only working fix is to limit access to admin port. With iptables. IT will make your server secure in 99%.
1% can attacker become your reseller and this way can hack your server. Only add verified resellers. Keep an eye on flood logins. from which private ip they are coming so this way you can lock out that fake reseller.
Easy
Next protect phpmyadmin config !! if you installed one. IT CAN BE BRUTEFORCED AS WELL
You can also add allowed ip to config of phpmyadmin
Very easy guide how to setup private openvpn server on your own dedicated server. You could use it for resellers. DONT INTALL IT ON MAIN SERVER. IT HAS TO BE ON NEW NOT RELATED SERVER.
guide for openvpn server ubuntu 18.04
Apologise
urgodfather
havent seen it, you added 1.000000 like in first place then you removed link and re-added. i miss that. +1 for you
*************there is also method to use domain based access instead of iptables, you need to modife nginx.conf*********************
just replace example.com with your own domain
ps:for example you can use dyndns domain, and redirect to main server, and add that domain and give that domain to resellers,Use couple of them instead of just 1 domain.
All others request it will be disconnected
Enjoy guys
files attached as a resource. you can purchase.
All info from their website.
Its out there and it cost 20euro a month. Hack tool for all IPTV panels.
The reason why you must disable "flood limit" as this app check and switch to new proxy once it got blocked. And you must use new proxies list every 5minutes.It uses bruteforce and predfined/stolen passwords. (its simple to STOP HACKING PANELS)
THAT MEAN ATTACKER CAN LOAD NUMBER OF BRUTEFORCE INSTANCES AND CHANGE IP'S SO OFTEN WITH NEW PROXY. THE ONLY ANSWEAR IS IPTABLES AND ALLOW ADMIN/RESELLER FROM PRIVATE STATIC VPN IP. THIS WAY YOU WILL STAY PROTECTED
how to fight with this
THE ANSWEAR IS "BLOCK WITH IPTABLES ADMIN PORT".
And add allowed IP withing to admin panel .
Best way is to buy dedicated server, install openvpn server. and allow only this server ip and provide resellers with keys for openvpn.
Or buy cheap sh"$" servers for 10e and use couple of private openvpn servers to host allowed ip.
and dont forget to add in settings
Maximum Login Attempts :2
"remember the hack is based on BRUTEFORCE SO WE MUST STOP BRUTEFORCE"
correct way of protecting your server with iptables. You must use tool to SAVE ALL rules
First delete all rules and add your uniq IP of vpn ( static ip) and will only this ip to connect to the server
PHP:
iptables -F
then
apt-get install iptables-persistent
service netfilter-persistent save
service netfilter-persistent reload
if you get command not found then enter ( since ubuntu 16 it was changed to netfilter). older distros will be called in old name. Like this one below.
service iptables-persistent save
service iptables-persistent reload
Now buy vpn with STATIC IP ADDRESS. IMPORTANT
enter:
iptables -A INPUT -s 127.0.0.1 -p ALL -j ACCEPT
next:
iptables -A INPUT -s YOURS_STATCI_IP -p ALL -j ACCEPT
next all LB ip divided with comma. You list enter all ips and enter them all at once.
iptables -A INPUT -s 111.111.111.111,222.222.222.222, -p ALL -j ACCEPT
next:
iptables -A INPUT -s RESELLER_IP -p ALL -j ACCEPT
Now if you enter
sudo iptables -L --line-numbers
you will get rules with corresponding number. (1,2,3... etc)
Now we are going to protect server ( disables ping request and blocking admin port and SSH port)
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
iptables -A INPUT -p tcp -m tcp --dport 25500 -j REJECT
iptables -A INPUT -p tcp -m tcp --dport 22 -j REJECT
NOW VERY IMPORTANT WE MUST S IPTABLES RULES
service netfilter-persistent save
AND
service netfilter-persistent reload
AFTER EACH REBOOT SERVER WILL KEEP IPTABLES.
You can also block countries with shortcuts
iptables -A INPUT -m geoip --src-cc CN,TW -j DROP
And again
service netfilter-persistent save
service netfilter-persistent reload
*******
ADD IPTABLES AS MENSIONED ABOVE TO ALL OF YOUR SERVERS
MAIN SERVER + ALL LOAD BALANCERS YOU GOT *****
#3
Next thing to do is to login in to mysql database.
Go to
xtreamiptv_pro --> reg_users
~
Edit first users (it will be admin account with ID -1)
Now change ID-1 to random high number.
Even if you get mysql injection, attacks are focused on ID-1 ( which is alwayes ADMIN)
#4
Another fix, locate php.ini in xtreamcodes folder, php. ( you can do this in all of your servers all main + LB)
edit file and add right on the bottom
disable_function = exec,passthru,shell_exec,system,proc_open,popen,curl_multi_exec,parse_ini_file,show_source
Click save.
Reboot server
If you havent added to cron /etc/init.d/xtreamcodes after reboot
Just after main server reboot log via ssh and enter command as root
/etc/init.d/xtreamcodes after reboot
#5
if you been hacked. Backup dbs.
RE INSTALL FRESH OS ON THE SERVERS and reinstall panel with IPTABLES IN PLACE as mensioned above.
ADD IPTABLES AS MENSIONED ABOVE TO ALL OF YOUR SERVERS
MAIN SERVER + ALL LOAD BALANCERS YOU GOT
..."check passwords and username in files, if you had username or password from that list YOU ARE MOST LIKELY BEEN HACKED"...
YOU MUST DO FRESH INTALL WITH ALL NEWS PASSWORDS, USERNAMES FOR ADMIN RESELLER, SSH ETC.
Hiding behind proxy dont help, at the moment the only working fix is to limit access to admin port. With iptables. IT will make your server secure in 99%.
1% can attacker become your reseller and this way can hack your server. Only add verified resellers. Keep an eye on flood logins. from which private ip they are coming so this way you can lock out that fake reseller.
Easy
Next protect phpmyadmin config !! if you installed one. IT CAN BE BRUTEFORCED AS WELL
PHP:
You can disable phpMyAdmin by disabling the module configuration.
sudo a2disconf phpmyadmin.conf
sudo /etc/init.d/apache2 restart
Enable it if needed with
sudo a2enconf phpmyadmin.conf
sudo /etc/init.d/apache2 restart
You can also add allowed ip to config of phpmyadmin
PHP:
nano /etc/apache2/conf-available/phpmyadmin.conf
and add replace 123.123.123.123 with your ip
#do not allow access from the outside world!
Order Deny,Allow
Deny from All
Allow from 123.123.123.123
save file and type
sudo service apache2 restart
Very easy guide how to setup private openvpn server on your own dedicated server. You could use it for resellers. DONT INTALL IT ON MAIN SERVER. IT HAS TO BE ON NEW NOT RELATED SERVER.
guide for openvpn server ubuntu 18.04
Apologise
urgodfather
havent seen it, you added 1.000000 like in first place then you removed link and re-added. i miss that. +1 for you
*************there is also method to use domain based access instead of iptables, you need to modife nginx.conf*********************
just replace example.com with your own domain
PHP:
# add to HTTP section
if ($host != "example.com") {
return 301 http://example.com$request_uri;
}
# add to HTTPS section
if ($host != "example.com") {
return 301 https://example.com$request_uri;
}
ps:for example you can use dyndns domain, and redirect to main server, and add that domain and give that domain to resellers,Use couple of them instead of just 1 domain.
All others request it will be disconnected
Enjoy guys
This resource has been reported as working in 0 time(s), and as not-working 0 time(s) this month.
(0 time(s) working and 0 time(s) not-working in total)
(0 time(s) working and 0 time(s) not-working in total)
Last edited: