If You Are Running Any Canned Tube Script.... Beware
 

I swear your shit is most likely hacked

the script kiddies on IRC are looking for ways to profit after rooting your box

MAJOR holes major major major holes

there is an app now that just about just ask the kiddy to put in URL and click go after he clicks go the script auto hacks the entire server ( even jailed accounts ) and sets ups a bot on a hidden IRC channel

from here it is realy bad biz since not only the kiddy has access but whoever it it whom wrote the script

you are especialy vuln if you run any type of host manager software like cpanel , ensim, plesk, etc etc

just an FYI :1orglaugh:1orglaugh:1orglaugh

good night

You must be kidding me... http://www.cpanel.net

That shit is written by a phenom.

Some very poor code out there in this market.

I'll be releasing a free script sometime soon that will be robust and work how it should.

edit: and yeah why would you install cPannel and open up admin functions to
HTTP. Just get a better host that fixes things fast. i.e. Cyberwurx.

-Ben

what do you mean by "canned tube script"?

lol I just posted another thread about cpanel... is it really that vulnerable?

go to google type in youtube script or clone script

if rthe solution you use is in the top 20 results os rybe etc etc then yeah most likely you you have a backdoor

from I am being told this is connected to ffmpeg so if your site dosent use ffmpeg for conversion you shouild be ok

This guy has no idea what he's talking about.

This is GFY, after all.

o rly?


and you know this because....?

You must be confused, FFmpeg vulnerability sounds plausible. Infact, google says so too;

http://www.google.com/search?hl=en&client=opera&rls=en&hs=syh&q=ffmpeg+v ulnerability&btnG=Search

And off the shelf scripts? no brainer, most are likely to be full of security holes.

That is so 2005

lol.. ok.

Watch it all go down. Because 99% of webmasters are 100% absolutely retarded and understand anything about the web

Which makes it how much less plausible?

the script that has been floating around for months ... good luck with that. It's not hard to secure your .flv's or a process that produces them with ffmpeg. Just know what you're getting into when you decide to make a "tube" site and hire a "flash guy" that knows his shit ... better yet just read a little ... otherwise stick to thumbnail image galleries:2 cents:

that TonyB guy some clueless surfer

in any case

from my understanding there is a way to execute
arbitrary code just like the above sploit except this one uses a high level priv account ( you know like apache and anything else use ) I do know that is has something to do with a buffer overflow and stack vuln in a key piece of code associated with FFMPEG

I would not have any reason at all to make this shit up

no way for me to profit

get that crap off your box and run a rootkit checker

major corporations and gov agencies are still runing exploited boxes from 2001...


age means nothing here

You're absolutely right, there are already vulnerabilities on record.

fucking LOL... anyone who is dumb enough to install a "free anything" script without having a security consultant or hacker as a "trusted" friend look a the script, deserves anything they get...

i would venture to guess that 50% or more of all the worlds servers and pc's are compromised with some type of backdoor...

rootkits are even worse because they allow for full takeover and monitoring of a pc or server....

My guess is that it's only problematic for tubes sites that have the option of user submitted videos if the bug is with ffmpeg. I guess the script's will be publicly disclosed pretty soon since a lot of people seem to be aware. I will ask around.

quoted for truth

my 2 flash cents
 

okay then ...

It would be great not to worry about flash. I love it. So many great things you can do. On the other hand... their(there) is an extremely large potential for just about anything you can think of with an .swf. When ffmpeg is converting a file it's making an .flv. An .flv can't execute any code as far as I know.The malicious code being executed in the process on these fucked scripts is php. Know the code in your player(swf).

thank you and fuck you very much :)

I am not here to prove anything

..... if you are running one of those backdoored ass scripts just know that more then likely your system has already been hacked they cann acces your emails, passwords and even take over your domain

word of advice...uninstall that crap...imediately:2 cents:

and by the way... this thread is absolute fact:warning

there are other ways to make money and or better scripts but common sense should tell you all that anytime something is availible for free on such a large scale... there has to be a reason... think about it

also if you have a flash player make sure the code is in a seperate .as file with the correct permissions ... otherwise you're shootin craps homie :D

this is why you should go custom, because most of the scripts out there you can get one way or another, and then people can examine the code, and a lot of them arent even encoded, easier for them to find bugs

Any badly written script that has holes or backdoors in it is vunrable. As I found out with a badley scripted Top Site. The hackers got into my cpanel through a hole in the script and deleted my website.

I was kinda looking forward to contradicting your useless uneducated ramblings. Well, now I can.

http://www.kb.cert.org/vuls/id/544656

No doubt tube sites utilising FFmpeg compiled with libFLAC / FLAC support are now at risk of malicious user uploads.

if you run apache any higher than nobody you're asking for trouble

Bah, it doesn't matter much anyway. Most of those sites are stocked with the same videos that have been saturated on p2p apps for years now. It's a fad and still most I doubt are making any profit.

Remember a few years back they had those canned PPC sites - run your own search engine for $20? Where are they all now.

[QUOTE=Kevsh;13396043]Bah, it doesn't matter much anyway. Most of those sites are stocked with the same videos that have been saturated on p2p apps for years now. It's a fad and still most I doubt are making any profit.
QUOTE]

:thumbsup

Well... if you are worried about hackers then switch over to a Linux or Unix box and you will have much less troubles... providing you are a full time geek that is!

Later,

This means people who are affected use FFMPEG. There are many other encoders/decoders available so people who use these others are not affected. Also people who don't accept public submissions are not affected. Also like somebody already said if anyone is running apache with user that has way too many permissions he is asking for trouble anyway.

I don't remember FFMPEG running on Windows anyway... or many people running Windows servers or tube scripts in Windows. So what you are saying here basically is total nonsense :)

ahahahahahahahahaha :pimp

If you're running your video encoding routines on the same server the videos get served from, you arent getting shit for traffic anyways. Wont lose much:P

LOL.... Sorry to jump on the pulling down of others that seems to be the
trend on this thread.... but that's just silly mate. The exploits we're talking
about are designed for *nix servers.

No one in their right mind runs a windows box for anything except windows
media streaming. It's just not done that way in adult.

-Ben

people that use canned scripts are racists!

heh, I thought I'd tinker with a tube site a bit. Bought ClipShare, put it up oin my server. no real traffic. with in a month we were hacked. I had it staged out on a dev server, so it was no big deal, but thats just an example to support the thread.

congrats :thumbsup :)

This thread submited to: http://www.thereisnomoneyinporn.com

sorry not this thread :/

Redtube.com just got hacked

told you fuckers