If You Are Running Any Canned Tube Script.... Beware

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • pussyserver - BANNED FOR LIFE
    So Fucking Banned
    • Oct 2005
    • 5133

    #1

    If You Are Running Any Canned Tube Script.... Beware

    I swear your shit is most likely hacked

    the script kiddies on IRC are looking for ways to profit after rooting your box

    MAJOR holes major major major holes

    there is an app now that just about just ask the kiddy to put in URL and click go after he clicks go the script auto hacks the entire server ( even jailed accounts ) and sets ups a bot on a hidden IRC channel

    from here it is realy bad biz since not only the kiddy has access but whoever it it whom wrote the script

    you are especialy vuln if you run any type of host manager software like cpanel , ensim, plesk, etc etc

    just an FYI

    good night
  • TheSenator
    Too lazy to set a custom title
    • Feb 2003
    • 13330

    #2
    You must be kidding me... http://www.cpanel.net

    That shit is written by a phenom.
    ISeekGirls.com since 2005

    Comment

    • mryellow
      Confirmed User
      • May 2001
      • 934

      #3
      Some very poor code out there in this market.

      I'll be releasing a free script sometime soon that will be robust and work how it should.

      edit: and yeah why would you install cPannel and open up admin functions to
      HTTP. Just get a better host that fixes things fast. i.e. Cyberwurx.

      -Ben
      Last edited by mryellow; 11-19-2007, 09:21 PM.
      Cyberwurx Hosting
      After trying 5 different hosts, I found the best.
      Since 1997 I've had 2 hours of downtime.
      Fast support, great techs, no hype, no gimmicks.

      <- I in no way endorse whatever just got stuck on the left of my post.

      Comment

      • Shaze
        Confirmed User
        • Oct 2003
        • 2662

        #4
        what do you mean by "canned tube script"?
        Adult Search Engine Japanese Porn Thai Porn

        Comment

        • rapmaster
          Confirmed User
          • Jan 2007
          • 1576

          #5
          lol I just posted another thread about cpanel... is it really that vulnerable?
          http://en.wikipedia.org/wiki/SIG_Sauer_P226

          Comment

          • pussyserver - BANNED FOR LIFE
            So Fucking Banned
            • Oct 2005
            • 5133

            #6
            Originally posted by Shaze
            what do you mean by "canned tube script"?

            go to google type in youtube script or clone script

            if rthe solution you use is in the top 20 results os rybe etc etc then yeah most likely you you have a backdoor

            from I am being told this is connected to ffmpeg so if your site dosent use ffmpeg for conversion you shouild be ok

            Comment

            • TonyB
              So Fucking Banned
              • Oct 2005
              • 32

              #7
              This guy has no idea what he's talking about.

              Comment

              • GrouchyAdmin
                Now choke yourself!
                • Apr 2006
                • 12085

                #8
                Originally posted by TonyB
                This guy has no idea what he's talking about.
                This is GFY, after all.

                Comment

                • pussyserver - BANNED FOR LIFE
                  So Fucking Banned
                  • Oct 2005
                  • 5133

                  #9
                  Originally posted by TonyB
                  This guy has no idea what he's talking about.
                  o rly?


                  and you know this because....?

                  Comment

                  • dozey
                    Confirmed User
                    • Nov 2004
                    • 552

                    #10
                    Originally posted by TonyB
                    This guy has no idea what he's talking about.
                    You must be confused, FFmpeg vulnerability sounds plausible. Infact, google says so too;

                    http://www.google.com/search?hl=en&c...ty&btnG=Search

                    And off the shelf scripts? no brainer, most are likely to be full of security holes.
                    Last edited by dozey; 11-19-2007, 10:21 PM.

                    Comment

                    • TheSenator
                      Too lazy to set a custom title
                      • Feb 2003
                      • 13330

                      #11
                      Originally posted by dozey
                      You must be confused, FFmpeg vulnerability sounds plausible. Infact, google says so too;

                      http://www.google.com/search?hl=en&c...ty&btnG=Search

                      And off the shelf scripts? no brainer, most are likely to be full of security holes.
                      That is so 2005
                      ISeekGirls.com since 2005

                      Comment

                      • ztik
                        Confirmed User
                        • Aug 2001
                        • 5196

                        #12
                        Originally posted by TonyB
                        This guy has no idea what he's talking about.
                        lol.. ok.

                        Watch it all go down. Because 99% of webmasters are 100% absolutely retarded and understand anything about the web
                        .

                        Comment

                        • dozey
                          Confirmed User
                          • Nov 2004
                          • 552

                          #13
                          Originally posted by TheSenator
                          That is so 2005
                          Which makes it how much less plausible?

                          Comment

                          • 2012
                            So Fucking What
                            • Jul 2006
                            • 17189

                            #14
                            the script that has been floating around for months ... good luck with that. It's not hard to secure your .flv's or a process that produces them with ffmpeg. Just know what you're getting into when you decide to make a "tube" site and hire a "flash guy" that knows his shit ... better yet just read a little ... otherwise stick to thumbnail image galleries
                            Last edited by 2012; 11-19-2007, 10:27 PM.
                            best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself

                            Comment

                            • pussyserver - BANNED FOR LIFE
                              So Fucking Banned
                              • Oct 2005
                              • 5133

                              #15
                              Originally posted by dozey
                              You must be confused, FFmpeg vulnerability sounds plausible. Infact, google says so too;

                              http://www.google.com/search?hl=en&c...ty&btnG=Search

                              And off the shelf scripts? no brainer, most are likely to be full of security holes.
                              that TonyB guy some clueless surfer

                              in any case

                              from my understanding there is a way to execute
                              arbitrary code just like the above sploit except this one uses a high level priv account ( you know like apache and anything else use ) I do know that is has something to do with a buffer overflow and stack vuln in a key piece of code associated with FFMPEG

                              I would not have any reason at all to make this shit up

                              no way for me to profit

                              get that crap off your box and run a rootkit checker

                              Comment

                              • pussyserver - BANNED FOR LIFE
                                So Fucking Banned
                                • Oct 2005
                                • 5133

                                #16
                                Originally posted by TheSenator
                                That is so 2005
                                major corporations and gov agencies are still runing exploited boxes from 2001...


                                age means nothing here

                                Comment

                                • dozey
                                  Confirmed User
                                  • Nov 2004
                                  • 552

                                  #17
                                  Originally posted by TheSenator
                                  That is so 2005
                                  You're absolutely right, there are already vulnerabilities on record.

                                  Comment

                                  • marketsmart
                                    HOMICIDAL TROLL KILLER
                                    • Dec 2004
                                    • 20419

                                    #18
                                    fucking LOL... anyone who is dumb enough to install a "free anything" script without having a security consultant or hacker as a "trusted" friend look a the script, deserves anything they get...

                                    i would venture to guess that 50&#37; or more of all the worlds servers and pc's are compromised with some type of backdoor...

                                    rootkits are even worse because they allow for full takeover and monitoring of a pc or server....

                                    Comment

                                    • Evil E
                                      Confirmed User
                                      • Apr 2005
                                      • 3201

                                      #19
                                      Originally posted by fartfly
                                      the script that has been floating around for months ... good luck with that. It's not hard to secure your .flv's or a process that produces them with ffmpeg. Just know what you're getting into when you decide to make a "tube" site and hire a "flash guy" that knows his shit ... better yet just read a little ... otherwise stick to thumbnail image galleries
                                      My guess is that it's only problematic for tubes sites that have the option of user submitted videos if the bug is with ffmpeg. I guess the script's will be publicly disclosed pretty soon since a lot of people seem to be aware. I will ask around.


                                      A girl once told me "Give me 8 inches and make it HURT".

                                      So, I fucked her twice and hit her with a brick.

                                      Comment

                                      • ClickBuster
                                        Confirmed User
                                        • May 2004
                                        • 210

                                        #20
                                        Originally posted by TonyB
                                        This guy has no idea what he's talking about.
                                        quoted for truth
                                        -- ClickBuster
                                        -- ICQ# 263653704
                                        -- Email: clickbuster1 [-at-] gmail [-dot-] com

                                        Comment

                                        • 2012
                                          So Fucking What
                                          • Jul 2006
                                          • 17189

                                          #21
                                          my 2 flash cents

                                          Originally posted by knew
                                          I guess the script's will be publicly disclosed pretty soon
                                          okay then ...

                                          It would be great not to worry about flash. I love it. So many great things you can do. On the other hand... their(there) is an extremely large potential for just about anything you can think of with an .swf. When ffmpeg is converting a file it's making an .flv. An .flv can't execute any code as far as I know.The malicious code being executed in the process on these fucked scripts is php. Know the code in your player(swf).

                                          thank you and fuck you very much
                                          Last edited by 2012; 11-20-2007, 01:51 AM.
                                          best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself

                                          Comment

                                          • pussyserver - BANNED FOR LIFE
                                            So Fucking Banned
                                            • Oct 2005
                                            • 5133

                                            #22
                                            I am not here to prove anything

                                            ..... if you are running one of those backdoored ass scripts just know that more then likely your system has already been hacked they cann acces your emails, passwords and even take over your domain

                                            word of advice...uninstall that crap...imediately

                                            and by the way... this thread is absolute fact

                                            there are other ways to make money and or better scripts but common sense should tell you all that anytime something is availible for free on such a large scale... there has to be a reason... think about it

                                            Comment

                                            • 2012
                                              So Fucking What
                                              • Jul 2006
                                              • 17189

                                              #23
                                              Originally posted by fartfly
                                              okay then ...

                                              It would be great not to worry about flash. I love it. So many great things you can do. On the other hand... their(there) is an extremely large potential for just about anything you can think of with an .swf. When ffmpeg is converting a file it's making an .flv. An .flv can't execute any code as far as I know.The malicious code being executed in the process on these fucked scripts is php. Know the code in your player(swf).

                                              thank you and fuck you very much
                                              also if you have a flash player make sure the code is in a seperate .as file with the correct permissions ... otherwise you're shootin craps homie :D
                                              best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself

                                              Comment

                                              • fris
                                                I have to go potty
                                                • Aug 2002
                                                • 55729

                                                #24
                                                this is why you should go custom, because most of the scripts out there you can get one way or another, and then people can examine the code, and a lot of them arent even encoded, easier for them to find bugs
                                                Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.

                                                My Latest Theme

                                                Comment

                                                • halfpint
                                                  GFY's Halfpint
                                                  • Jun 2007
                                                  • 15223

                                                  #25
                                                  Any badly written script that has holes or backdoors in it is vunrable. As I found out with a badley scripted Top Site. The hackers got into my cpanel through a hole in the script and deleted my website.

                                                  Get FREE website listings on Cryptocoinshops.net

                                                  Comment

                                                  • dozey
                                                    Confirmed User
                                                    • Nov 2004
                                                    • 552

                                                    #26
                                                    Originally posted by fartfly
                                                    okay then ...

                                                    It would be great not to worry about flash. I love it. So many great things you can do. On the other hand... their(there) is an extremely large potential for just about anything you can think of with an .swf. When ffmpeg is converting a file it's making an .flv. An .flv can't execute any code as far as I know.The malicious code being executed in the process on these fucked scripts is php. Know the code in your player(swf).

                                                    thank you and fuck you very much

                                                    I was kinda looking forward to contradicting your useless uneducated ramblings. Well, now I can.

                                                    http://www.kb.cert.org/vuls/id/544656

                                                    No doubt tube sites utilising FFmpeg compiled with libFLAC / FLAC support are now at risk of malicious user uploads.

                                                    Comment

                                                    • quantum-x
                                                      Confirmed User
                                                      • Feb 2002
                                                      • 6863

                                                      #27
                                                      Originally posted by pussyserver
                                                      that TonyB guy some clueless surfer

                                                      in any case

                                                      from my understanding there is a way to execute
                                                      arbitrary code just like the above sploit except this one uses a high level priv account ( you know like apache and anything else use ) I do know that is has something to do with a buffer overflow and stack vuln in a key piece of code associated with FFMPEG

                                                      I would not have any reason at all to make this shit up

                                                      no way for me to profit

                                                      get that crap off your box and run a rootkit checker
                                                      if you run apache any higher than nobody you're asking for trouble
                                                      PrettyInCash.com - BoozedGFs.com - TeenGFs.com - JizzGFs.com- MilfUploads.com -

                                                      Comment

                                                      • Kevsh
                                                        Confirmed User
                                                        • Dec 2004
                                                        • 8619

                                                        #28
                                                        Bah, it doesn't matter much anyway. Most of those sites are stocked with the same videos that have been saturated on p2p apps for years now. It's a fad and still most I doubt are making any profit.

                                                        Remember a few years back they had those canned PPC sites - run your own search engine for $20? Where are they all now.

                                                        Comment

                                                        • BerdoR
                                                          Registered User
                                                          • Sep 2007
                                                          • 352

                                                          #29
                                                          [QUOTE=Kevsh;13396043]Bah, it doesn't matter much anyway. Most of those sites are stocked with the same videos that have been saturated on p2p apps for years now. It's a fad and still most I doubt are making any profit.
                                                          QUOTE]

                                                          KingDollars.com - My galleries do under 1:400 with their granny and BBW sites

                                                          Comment

                                                          • yahoo-xxx-girls.com
                                                            Confirmed User
                                                            • Jul 2006
                                                            • 3143

                                                            #30
                                                            Well... if you are worried about hackers then switch over to a Linux or Unix box and you will have much less troubles... providing you are a full time geek that is!

                                                            Later,
                                                            sig too big

                                                            Comment

                                                            • erots
                                                              Registered User
                                                              • Oct 2006
                                                              • 27

                                                              #31
                                                              Originally posted by pussyserver
                                                              that TonyB guy some clueless surfer

                                                              in any case

                                                              from my understanding there is a way to execute
                                                              arbitrary code just like the above sploit except this one uses a high level priv account ( you know like apache and anything else use ) I do know that is has something to do with a buffer overflow and stack vuln in a key piece of code associated with FFMPEG

                                                              I would not have any reason at all to make this shit up

                                                              no way for me to profit

                                                              get that crap off your box and run a rootkit checker
                                                              This means people who are affected use FFMPEG. There are many other encoders/decoders available so people who use these others are not affected. Also people who don't accept public submissions are not affected. Also like somebody already said if anyone is running apache with user that has way too many permissions he is asking for trouble anyway.

                                                              Comment

                                                              • erots
                                                                Registered User
                                                                • Oct 2006
                                                                • 27

                                                                #32
                                                                Originally posted by Balalsubturfyooj
                                                                Well... if you are worried about hackers then switch over to a Linux or Unix box and you will have much less troubles... providing you are a full time geek that is!

                                                                Later,
                                                                I don't remember FFMPEG running on Windows anyway... or many people running Windows servers or tube scripts in Windows. So what you are saying here basically is total nonsense

                                                                Comment

                                                                • pr0
                                                                  rockin tha trailerpark
                                                                  • May 2001
                                                                  • 23088

                                                                  #33
                                                                  ahahahahahahahahaha
                                                                  __________
                                                                  Loadedca$h - get sum! - Revengebucks - mmm rebills! - webair (gotz sErVrz)

                                                                  Comment

                                                                  • drjones
                                                                    Confirmed User
                                                                    • Oct 2005
                                                                    • 908

                                                                    #34
                                                                    If you're running your video encoding routines on the same server the videos get served from, you arent getting shit for traffic anyways. Wont lose much:P
                                                                    ICQ: 284903372

                                                                    Comment

                                                                    • mryellow
                                                                      Confirmed User
                                                                      • May 2001
                                                                      • 934

                                                                      #35
                                                                      Originally posted by Balalsubturfyooj
                                                                      Well... if you are worried about hackers then switch over to a Linux or Unix box and you will have much less troubles... providing you are a full time geek that is!

                                                                      Later,
                                                                      LOL.... Sorry to jump on the pulling down of others that seems to be the
                                                                      trend on this thread.... but that's just silly mate. The exploits we're talking
                                                                      about are designed for *nix servers.

                                                                      No one in their right mind runs a windows box for anything except windows
                                                                      media streaming. It's just not done that way in adult.

                                                                      -Ben
                                                                      Cyberwurx Hosting
                                                                      After trying 5 different hosts, I found the best.
                                                                      Since 1997 I've had 2 hours of downtime.
                                                                      Fast support, great techs, no hype, no gimmicks.

                                                                      <- I in no way endorse whatever just got stuck on the left of my post.

                                                                      Comment

                                                                      • Phil
                                                                        Confirmed User
                                                                        • Jan 2004
                                                                        • 7659

                                                                        #36
                                                                        people that use canned scripts are racists!
                                                                        Ask Phil

                                                                        Comment

                                                                        • The Captain
                                                                          Confirmed User
                                                                          • Sep 2005
                                                                          • 1558

                                                                          #37
                                                                          heh, I thought I'd tinker with a tube site a bit. Bought ClipShare, put it up oin my server. no real traffic. with in a month we were hacked. I had it staged out on a dev server, so it was no big deal, but thats just an example to support the thread.
                                                                          Make Your Money Go | Make Your Traffic Go

                                                                          Comment

                                                                          • 2012
                                                                            So Fucking What
                                                                            • Jul 2006
                                                                            • 17189

                                                                            #38
                                                                            Originally posted by dozey
                                                                            I was kinda looking forward to contradicting your useless uneducated ramblings. Well, now I can.
                                                                            congrats
                                                                            best host: Webair | best sponsor: Kink | best coder: 688218966 | Go Fuck Yourself

                                                                            Comment

                                                                            • blogman9
                                                                              Confirmed User
                                                                              • Dec 2005
                                                                              • 1261

                                                                              #39
                                                                              This thread submited to: http://www.thereisnomoneyinporn.com
                                                                              Adult industry news

                                                                              Comment

                                                                              • blogman9
                                                                                Confirmed User
                                                                                • Dec 2005
                                                                                • 1261

                                                                                #40
                                                                                sorry not this thread :/
                                                                                Adult industry news

                                                                                Comment

                                                                                • pussyserver - BANNED FOR LIFE
                                                                                  So Fucking Banned
                                                                                  • Oct 2005
                                                                                  • 5133

                                                                                  #41
                                                                                  Redtube.com just got hacked

                                                                                  told you fuckers

                                                                                  Comment

                                                                                  Working...