CCcam 2.3.0 Spyware installed.
Taken from another forum. (chinese dream box)
Quelle: Cccamforum

Zitat:
CCCAM 2.3.0 is taking the backdoor crap even a step further.

The lowest scum of the earth, UVADI TEAM, have done it even better this time. Making sure sharing will die for sure if they keep this crap up.

Before I continue, I would urge people with BRAINS and PROGRAMMING SKILLS, to download IDA PRO (torrent) and decompile it for themselfs to find the ******** remotely triggered backdoor.

How it works.

When you install CCcam 2.3.0 , nothing special is happening at first, and cccam will check for input activity on the pc or box to make sure nobody is watching. When it finds itself comfortably alone, it will start sending your ENTIRE CCCAM.CFG info to this IP 176.9.242.159 (a rented root server in germany).
Now I recompiled a version so I could trigger the backdoor myself, and TADA, some ******** ITALIAN dialup asswipe connected to the server I just set up , IP : 2.32.190.9. So traffic on my card started. THIS THEY CAN NOT HIDE in Cccam, it shows as a CONNECTED CLIENT from one of your clients in cccam.cfg where the dyndns has been removed (still lack of cccam, if dyndns is non-existing) the security feature doesn't work anymore and everybody can connect on that user.

I have 2 words for UVADI TEAM -> YOU SUCK !!!!!!

The future of CCcam is dead thanks to these low life asswipes , just after free sharing and making their own "spidernetwork" on your card.

BLOCK ALL CLIENTS that have 2.3.0 connected to your server as it will still read all connected clients from the server, trough the client !!

latest original CCcam 2.1.3 and 2.1.4 which are secure and don't have this backdoor code.


ps: AGAIN , if you don't want to take the warning for granted, decompile and look for yourself !!!!!!! "

__________________________________________________ _____________

Test these commands with Telnet :

netstat (will work also on dreambox, as well as PC Linux)

tcpdump (PC Linux)

Been cut and pasted across numerous forums over the last few days, and I have seen a few decompiles but not any posted.

But one or two small servers I know have been hacked, (hijacked is probably a better word). CCcam doesn't need a backdoor, there are many other CAMs to avail of.

lmfao !

Come on ffs, install dodgy software from god knows where to do dodgy things and its almost inevitable it will be infested with some kinds of trojan !!!

The description of the above sounds like a pretty basic trojan. If the coders had been half decent it would of been damn near impossible to detect.

noticed 2.2.1 was not mentioned is this ok to use?

the general train of thought has always been that anything after 2.1.04 was risky as the c**am team was dead although i always take anything i hear/read with a pinch of salt. as with anything in this game you/we all do it at our own risk. regards mdt

So whats the verdict on this is CCcam 2.3.0 best to stay clear of it or is it safe as any other may be?

the same story was going about with cccam 2.2.1 and 2.2.0 many people thought sly had something to do with it so they can read the cards being used i think its safer to use 2.1.4 or lower have read some servers are using 2.0.5 or try mgcamd/newcamd

I use Oscam only, but more thinking about other receivers on the server, but all changed to lower than 2.3.0 now.

you think TS-Panel has Spyware

you think TS-Panel has Spyware

No idea mate. Never seen any concern towards ts-panel.

something like this

you connect to a server via your box
that server then has your ip

that server then auto issues this command

# wget your-dream-ip/var/etc/cccam.cfg

your cccam.cfg file has just been nicked

so are you saying ts-panel is a concern?

i always have

TS Panel doesn't have spyware I think Davvo is using what it's intention is as a means of using it as an example when something is taken out of context.

If not I can get the author here to have a discussion about it.

Regards:


# wget your-dream-ip/var/etc/cccam.cfg

I don't know about you are any others' set up but I presume that you would change your server/client default password etc?

After this we can go back on topic ;)

not just TS Panel
but any plugin thats installed

also the programs that you install on your pc
then that program ask for your dream login details
netbios spring to mind

have you seen how many c lines google can bring in
thats not some bloke trying his luck with filezilla

Yes I have seen many lists and posted them elsewhere warning those that may have been affected to beef up their security.

But then again that's why we have forums like DK so all can learn this in the first instance.

ive heard that this is all bs,

It could be, but we are not talking about the topic at hand :)

my main concern is CCcam 2.3.0 I am hearing mixed reports that its fine or dont go near it with a barge pole.

I have never heard of any concern over tspanel. Yet this 2.3.0 issue has been copied over many forums.

Sats you mentioned you seen 2.3.0 decompiled what was the results you seen. Is this fact or fiction?

ive heard that this is all bs,

Plain fact of the matter is any competant software type person can either get the source code or reverse the binaries and add anything they please. Done correctly and you really would have no idea.

Any pre-compiled program you download can only ever be as trusted as the place you download it from

This also applies to 'closed' source boxes if the programmer is good enough. Just look at the modifications done to various firmwares by the likes of 'Astra' in the old N1 days to keep unsupported boxes up and running.......

Just wanted to drop some light on this topic, although this post may only be weakly related.

The idea of "backdoor" has been in CCcam since version 1.6.0 and it's nothing new. It's not even any harm UNLESS it is used in the wrong way, which would be the only way.

As for it being in version 2.3.0, then I do not know, but personally I wouldn't say it is in it.

This is what I found yesterday, for it wasn't CCcam 2.3.0 that was a problem, but rather an innocent looking FlashFXP tool that not even ESET detected. The way it goes is that Server providers know your IP address (by default) and so that all they need is your boxes username which by default would be "root" and password which again by default would be "dreambox" to gain complete access and control to your box. I found it fishy that I always saw my router lights blinking off the hook even when the box was turned off. Here's the reason why and see for yourselves:

http://farm8.staticflickr.com/7280/6896037842_236a1e34be_b.jpg

No matter how many times you change your username and password, it will always be compromised if you're simply and unknowingly sending to another person. They will access your box, got to ./var/etc/CCcam.cfg and take your lines and getting you knocked off the server permanently for "sharing" the lines which you were asked no to do but of course you are innocent and didn't know anything. No need for a CCcam 2.3.0. Too easy, almost like stealing candy from a baby. Almost.

The FlashFXP tool I downloaded was from this Forum. Someone has some explaining to do. I've quarantined the FlashFXP.exe with ESET. MUST always change username and password.


Finally, would anyone kindly recommend a FTP tool for configuring my CCcam.cfg with, now that FlashFXP can't be trusted by me? I just need to move my files back and forth, you know the usual, nothing much. Thanks.

any ftp tool will set off that alert ,,, as far as i'm aware :hmmmm:

any ftp tool will set off that alert ,,, as far as i'm aware :hmmmm:

If so then I take all what I said back. However, I'd stay my ground as a precaution. Also still open to any recommendation an FTP tool. Cheers.

If so then I take all what I said back. However, I'd stay my ground as a precaution. Also still open to any recommendation an FTP tool. Cheers.

i use flashfxp and have eset nod32 installed and had no problems.


try Coreftp or Cuteftp

i use flashfxp and have eset nod32 installed and had no problems.


try Coreftp or Cuteftp

I didn't have any problems with EST either, that's because it didn't pick up the "threat" lol.
Dr.Web CureIt! is what picked it up, threat or not, I'm playing it safe. Small tools usually pull out the hard to find things.

Thank You for the recommendation btw =)

My cccam seems to have been hacked all my servers are off only one line is left working in the box with just an IP address and no dyndns

how do i stop it?


do i need to reflash and start again and tell all my servers,clients??

or is there a way of just cutting them and using it again with new security

thanks

My cccam seems to have been hacked all my servers are off only one line is left working in the box with just an IP address and no dyndns

how do i stop it?


do i need to reflash and start again and tell all my servers,clients??

or is there a way of just cutting them and using it again with new security

thanks

Doesn't sound hacked mate. Just look at ips is no lines are connecting I would say it's.something else.

You only need to change the DNS user pass if that's been stole and being used elsewhere.

Also if you change the DNS then make sure your change the router mac to give you a new external ip as just changing the DNS don't not matter as the ip can be got from the DNS.

So you need a new ip.

Also I don't buy into the whole 2.3.0 is a trojan.

More ppl lax with security default pass and having unknowns on.

Also more likely to have a trojan on pc and not cam related.

Also I don't buy into the whole 2.3.0 is a trojan.

More ppl lax with security default pass and having unknowns on.

Also more likely to have a trojan on pc and not cam related.

password and port are both my own


Doesn't sound hacked mate. Just look at ips is no lines are connecting I would say it's.something else.

You only need to change the DNS user pass if that's been stole and being used elsewhere.

Also if you change the DNS then make sure your change the router mac to give you a new external ip as just changing the DNS don't not matter as the ip can be got from the DNS.

So you need a new ip.


definately hacked though there is one line working if i take it out my cccam ifo crashes put it back in and its ok

there is 2 rogue lines in box that work but only one at a time they do not have a dns address just an ip address

i will issue myself a new ip now and get a new dns address for it. But will that mean my c lines work again or will the theif still have them

thanks

password and port are both my own




definately hacked though there is one line working if i take it out my cccam ifo crashes put it back in and its ok

there is 2 rogue lines in box that work but only one at a time they do not have a dns address just an ip address

i will issue myself a new ip now and get a new dns address for it. But will that mean my c lines work again or will the theif still have them

thanks


Rouge lines what ip are they linked too ? If the user pass is same in box akd not been changed and the ip is the same as the client DNS it doesn't matter.

Is any external ip showing ?

Rouge lines what ip are they linked too ? If the user pass is same in box akd not been changed and the ip is the same as the client DNS it doesn't matter.

Is any external ip showing ?

078.129.231.54 is one thats on now

and when i turn that one off with a # this one turns on

94.249.209.215

1st one is in maidenhead the second is in Germany

078.129.231.54 is one thats on now

and when i turn that one off with a # this one turns on

94.249.209.215

1st one is in maidenhead the second is in Germany

So they 2 IPs are not of ure group ?

1st thing scan pm or laptop. Change password again.

Factory reset box.

Use OScam as server.

Are you adsl or cable ?

So they 2 IPs are not of ure group ?

1st thing scan pm or laptop. Change password again.

Factory reset box.

Use OScam as server.

Are you adsl or cable ?

not familair with oscam will that work with c lines??

where can i get a new dyndns address?

which password router or dynds?

Virgin BB

Thread in here about it. If you want I will pm you the night with how to inc configs etc ec.

Now depending on how many clines. You can start from scratch or let them.use same cline etc.

If you use same then the ppl who hacked line still have the details.

So you can get a new ip then goto noip for a free account then redo clines.

That would eliminate outsiders.

Oscam straight fwd mate you can see instantly. Let me know if you want the info

definitely use oscam and a new no-ip dns address

easy to check oscam in the webif and to control who can do or see what

Thread in here about it. If you want I will pm you the night with how to inc configs etc ec.

Now depending on how many clines. You can start from scratch or let them.use same cline etc.

If you use same then the ppl who hacked line still have the details.

So you can get a new ip then goto noip for a free account then redo clines.

That would eliminate outsiders.

Oscam straight fwd mate you can see instantly. Let me know if you want the info

yes please m8

definitely use oscam and a new no-ip dns address

easy to check oscam in the webif and to control who can do or see what

Exactly mate.

Happened to me. But was my bro and I know it all downloading daft things he has no knowledge of.

Anyway his cline wouldn't work and I noticed the ip was from luxembourg.

I just removed user.

Cheeky ****er

Out at swimming lessons the now but if your on msn mate pm.me ure details and I will add you.

In meantime setup. If you want a new ip.

Logintp router and change the router mac. Just change last 2 digits. Reboot router AMD you will have a new ip.

Now create a noip DNS acc.

Exactly mate.

Happened to me. But was my bro and I know it all downloading daft things he has no knowledge of.

Anyway his cline wouldn't work and I noticed the ip was from luxembourg.

I just removed user.

Cheeky ****er

Out at swimming lessons the now but if your on msn mate pm.me ure details and I will add you.

In meantime setup. If you want a new ip.

Logintp router and change the router mac. Just change last 2 digits. Reboot router AMD you will have a new ip.

Now create a noip DNS acc.


cheers got new ip and dns account will be in touch later thanks very much