CCcam 2.3.0 spyware installed

Yes I have seen many lists and posted them elsewhere warning those that may have been affected to beef up their security.

But then again that's why we have forums like DK so all can learn this in the first instance.

ive heard that this is all bs,

It could be, but we are not talking about the topic at hand

my main concern is CCcam 2.3.0 I am hearing mixed reports that its fine or dont go near it with a barge pole.

I have never heard of any concern over tspanel. Yet this 2.3.0 issue has been copied over many forums.

Sats you mentioned you seen 2.3.0 decompiled what was the results you seen. Is this fact or fiction?

Plain fact of the matter is any competant software type person can either get the source code or reverse the binaries and add anything they please. Done correctly and you really would have no idea.

Any pre-compiled program you download can only ever be as trusted as the place you download it from

This also applies to 'closed' source boxes if the programmer is good enough. Just look at the modifications done to various firmwares by the likes of 'Astra' in the old N1 days to keep unsupported boxes up and running.......

Look closer to home

Just wanted to drop some light on this topic, although this post may only be weakly related.

The idea of "backdoor" has been in CCcam since version 1.6.0 and it's nothing new. It's not even any harm UNLESS it is used in the wrong way, which would be the only way.

As for it being in version 2.3.0, then I do not know, but personally I wouldn't say it is in it.

This is what I found yesterday, for it wasn't CCcam 2.3.0 that was a problem, but rather an innocent looking FlashFXP tool that not even ESET detected. The way it goes is that Server providers know your IP address (by default) and so that all they need is your boxes username which by default would be "root" and password which again by default would be "dreambox" to gain complete access and control to your box. I found it fishy that I always saw my router lights blinking off the hook even when the box was turned off. Here's the reason why and see for yourselves:



No matter how many times you change your username and password, it will always be compromised if you're simply and unknowingly sending to another person. They will access your box, got to ./var/etc/CCcam.cfg and take your lines and getting you knocked off the server permanently for "sharing" the lines which you were asked no to do but of course you are innocent and didn't know anything. No need for a CCcam 2.3.0. Too easy, almost like stealing candy from a baby. Almost.

The FlashFXP tool I downloaded was from this Forum. Someone has some explaining to do. I've quarantined the FlashFXP.exe with ESET. MUST always change username and password.


Finally, would anyone kindly recommend a FTP tool for configuring my CCcam.cfg with, now that FlashFXP can't be trusted by me? I just need to move my files back and forth, you know the usual, nothing much. Thanks.

any ftp tool will set off that alert ,,, as far as i'm aware

Possible

If so then I take all what I said back. However, I'd stay my ground as a precaution. Also still open to any recommendation an FTP tool. Cheers.

i use flashfxp and have eset nod32 installed and had no problems.


try Coreftp or Cuteftp

I didn't have any problems with EST either, that's because it didn't pick up the "threat" .
Dr.Web CureIt! is what picked it up, threat or not, I'm playing it safe. Small tools usually pull out the hard to find things.

Thank You for the recommendation btw =)

My cccam seems to have been hacked all my servers are off only one line is left working in the box with just an IP address and no dyndns

how do i stop it?


do i need to reflash and start again and tell all my servers,clients??

or is there a way of just cutting them and using it again with new security

thanks

Doesn't sound hacked mate. Just look at ips is no lines are connecting I would say it's.something else.

You only need to change the DNS user pass if that's been stole and being used elsewhere.

Also if you change the DNS then make sure your change the router mac to give you a new external ip as just changing the DNS don't not matter as the ip can be got from the DNS.

So you need a new ip.

Also I don't buy into the whole 2.3.0 is a trojan.

More ppl lax with security default pass and having unknowns on.

Also more likely to have a trojan on pc and not cam related.

password and port are both my own


definately hacked though there is one line working if i take it out my cccam ifo crashes put it back in and its ok

there is 2 rogue lines in box that work but only one at a time they do not have a dns address just an ip address

i will issue myself a new ip now and get a new dns address for it. But will that mean my c lines work again or will the theif still have them

thanks

Rouge lines what ip are they linked too ? If the user pass is same in box akd not been changed and the ip is the same as the client DNS it doesn't matter.

Is any external ip showing ?