Hackers at large!
So we've been targeted quite badly by a group of Italian hackers, coincidentally as the Streamcreed service has launched. We believe Streamcreed to be either the original developers of Xtream Codes under a new guise, or a new company who has purchased the panel from XC and have now integrated it (less likely). Either way I'd recommend staying away from it as you do not want to have ties to the creators who are currently under investigation by the law. If you don't want to use Xtream UI then I'd recommend ZapX, it's CMS hosted but they're a good, honest bunch.
Anyway, there's a big flaw in Xtream Codes v2.93 that allows remote code execution on your server. I'm in the process of fixing this is in the core files but for now to ensure you are secure you will need to do the following in MySQL:
FOR THOSE RUNNING CLOUDFLARE:
UPDATE `settings` SET `flood_limit` = 0, `get_real_ip_client` = 'HTTP_CF_CONNECTING_IP';
FOR THOSE NOT RUNNING CLOUDFLARE:
UPDATE `settings` SET `get_real_ip_client` = '';
This will ensure the exploit cannot be run on your server. ZapX customers should also do this, however the developers have been notified and are working on a fix too.
However, you may have been infected and know of it, or have been infected and may not know... I've created an expiremental tool available here
that will check your server and load balancers for infection and also help you secure your MySQL installation if you ask it to. It's a work in progress and you should only do it if you've been targeted, but it's available for you to try. Run this on your MAIN server.
Latest Version (22F)
Download it here
, but follow instructions in release section.