Torrent Sites Blamed For Twitter Attack

Ernesto
February 3, 2010
59
backdoor,
twitter
Print

Twitter has published an announcement on its blog where it attributes a recent phishing attack to an unnamed torrent site script. Twitter is blaming a torrent site developer for intentionally installing backdoors into the code he sells to people who want to run a torrent site of their own. The big question is, who is behind this attack?

Twitter alleges that a torrent script developer has installed backdoors into his software, allowing it to gain login credentials of users. These credentials have been abused to boost the follower count of unnamed Twitter accounts.

Below is an excerpt of Twitters blog post revealing the threat.

It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own. However, these sites came with a little extra — security exploits and backdoors throughout the system. This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up. Additional exploits to gain admin root on forums that weren’t created by this person also appear to have been utilized; in some instances, the exploit involved redirecting attempts to access the forums to another site that would request log-in information. This information was then used to attempt to gain access to third party sites like Twitter.

So, the company blames ‘someone’ of installing backdoors in a torrent site script that was sold to prospective torrent sites operators, something that has apparently gone unnoticed for years. The question that comes to mind immediately is, if this is such a serious and widespread threat, why doesn’t Twitter name the source or at least give some examples of affected sites?

All of the popular public torrent sites are custom built and cannot be the source of the exploit. From the information Twitter has made available it seems they could be blaming a private tracker script for the attack – most private trackers also operate forums which matches Twitter’s description of the sites involved.

There are quite a few private tracker scripts out there and the most established ones, such as TBDev and Gazelle for example, have been examined by untold numbers of experts and come free of charge – any suggestion that they could be involved in underhand activity is unthinkable. But there are also a few scripts that are created by middle-men whose reputations are less-easily tested.

Accusations of including back doors and exploits in tracker code are not new. The owner of Template Shares, a site that sells a heavily modified version of the TBDev BitTorrent tracker script, has been accused by several people of installing backdoors which provide access to the user databases of customers’ sites.

Template Shares is used by hundreds of smaller private BitTorrent trackers.

To warn the public, other online services and the operators of the affected torrent sites, it would be appropriate if Twitter gave out some more information. TorrentFreak will continue to look into this case and will post an update if we find out more.

Previous Post | Next Post

Follow @torrentfreak

Phogo

Defiantly XAM’s template shares source.

He’s a dick who’s making money out of gpl and free sources.

this is a sample from v6.2 install sql

$__step = (isset ($_POST['step']) ? ($_POST['step']) : (isset ($_GET['step']) ? ($_GET['step']) : 0));
$_banned = array (’127.0.0.1′, ‘bvlist’, ‘localhost’, ’1tam1ogrenci.com’, ’78.159.111.12′, ’82.137.61.162′, ’82.137.61.162′, ’83.99.133.91′, ‘ancientbits.com’, ’82.47.208.141′, ‘angels-torrents.net’, ’89.149.255.72′, ‘biotorrents.org’, ‘blades-heaven.co.uk’, ’88.191.26.186′, ‘blades-heaven.com’, ’74.86.40.71′, ‘chixy.org’, ’82.81.156.237′, ‘ddtorrents.com’, ’66.90.109.57′, ‘demonicsouls.net’, ’88.191.35.248′, ‘destamkroeg.org’, ’85.214.110.80′, ‘iraqigate.org’, ’66.49.137.208′, ‘learnbits.info’, ’70.47.114.167′, ‘omarco.eu’, ’91.196.170.205′, ‘ransackedcrew.com’, ’88.191.35.248′, ‘sicktorrents.com’, ’88.198.53.215′, ‘tailz.us’, ’209.11.245.165′, ‘test.biotorrents.org’, ‘thedvdclub.no-ip.org’, ’192.168.1.30′, ‘tnt-vision.com’, ’86.105.223.222′, ‘top-balkan.com’, ’203.121.68.164′, ‘top-balkan.net’, ’203.121.69.26′, ‘top-torrent.com’, ’212.112.250.157′, ‘torrents-gate.com’, ’69.72.149.25′, ‘torrents4u.org’, ’85.17.145.104′, ‘torrentsworld.org’, ’66.90.109.57′);
Tommy

I’d place my money on Templete shares.

He actually forces his uses to install ionCube so they can run his encrypted PHP code.
http://www.eZee.se www.eZee.se

Thats why go for open source software…
any such code would be caught lonnnng ago by the hundreds of eyeballs who contribute code to open source development.
dc!

While it may be true, that certain torrent engine vendors might put some backdoor, it cannot be nowhere near as widespread as it is told here.

With this generalized statement lame twatter bastards show nothing more than complete ignorance of torrents and hate of P2P.

I have an advice, though. Please, go and patch your own stupid service, that has more holes than a good piece of Emmentaler. It leaks stuff like a sieve that has been worked on with a rocker drill.

We can’t illegally download followers, leave us alone.
passwords

this is why your login credentials should be different for every site. Use a password manager to make it easier, but you shouldn’t use the same password for twitter, facebook, your email, etc.
Ninja

Some1 present the concept of botnets to Twitter admins.

I don’t like Twitter, never did. They lack what I’d expect from a serious company. Maybe they should call Google to run their service with more security.
znix

@ 4
There are many, many, many torrent sites out there. Yes, only a few handfuls are very popular, but there really are a lot of small sites languishing around the web.
United Hackers Association

ALSO some older stock code has a link to a banned ip image one pixel by one pixel so know your code people
fr3ak

@1 what the hell does that prove? that the IPs of some other torrent sites are banned from accessing TS sites… good analysis there… fail.
United Hackers Association

ps torrent trader code that is and i havent looked at sources for others but i may ….
anon

It’s not a secret the Xam at TemplateShares.net has a bunch of backdoors in his script. He can empty out the database on nulled versions.
Pingback: Torrent Sites Blamed For Twitter Attack – TorrentFreak | Twitter Traffic Experts
Anonymous

We are using templateshares script since 2007 and it’s best & secure script we ever seen. It has only a License check system.. If you use a legal version of any software, you don’t worry about it..
Loonytoad Quack

@#12

WOW, if an Anonymous poster says it’s legit then that’s got me convinced. Where do I signup?
dc!

#7:
In my understanding, this generalized twatter statement puts fault on every torrent user. While that is a potential attack vector, it’s just a lame speculation without any kind of proof. Given that way, any private site that requires some kind of registration, can gather login credentials, personal information, you name it.

Anyway, security is a thing not to be sneezed at. Whoever uses these shady private trackers of unknown origin, digs his own grave and – here we see – also put a dent filesharing reputation in general.
Unauthorized Content Consumer

Any social networking site (or any site for that matter) that asks me to register with an e-mail address I’ve always thought was a bad idea.

This is why I use a different password for them. It only takes one shady admin of any site to sneak around and test going in to someones e-mail account to find out if they’re using the same password.

Not to mention if their system gets hacked and the hackers can then run a script to automatically log in to e-mail accounts and hack them all.

A very very bad idea.
h33t

who needs enemies when you have templateshares ….

would not surprise me if they also sell their database of torrent site admins to the MAFIAA. they have the bank account details and IPs of everyone who paid them
Anonymous

There’s many more torrent site scripts than the usual suspects, they’re just not targeted at an English population.
Anonymous

Uhh, that reference looks a bit shady to me. Someone from TF staff should check it out.
meh

What is all this nonsense about twatter.com? who even cares.. its the biggest load of crap ive ever seen people get addicted to next to fagspace and dickbook…

seriously grow up.. losers.
metal freak..

excuse me but the terms are myspazz and fookbook!!
Anonymous

Looks like the BBC reported on it…. and completely misread the blog post:

http://news.bbc.co.uk/2/hi/technology/8495087.stm
blade

iam owner of blades-heaven and dnt use that code no more not used it for years as he encrypts the code wot good is that it is i dnt like that code
23

@22 STFU you… You’re on the ban list see post of #1
blade

ye because it is shite code thats y
ray

Phogo could u please update your list and take blades-heaven off it as we dont use that code and havent for yrs
Dididve

The sites listed in the first post comment are all sites that have had the misfortune of using the code at some time or other and have used a nulled source so not to have to pay Xam’s fee for using what should be a free source.
The whole tracker is no more then other coders work and bolted together as a full moddem version of TBDev source code….
He add’s a few functions to enable the distruction of such sites that do use nulled versions and also he’s the one able to enter any sites database and get what ever information from them he wishes.

This would be done with the site owners and users even knowing that he had accessed there private information.

While the source is encoded and locked by what ever means he is now using no-one is able to see just what back doors he has open to him and for what reason…

Only download True versions that are not locked down with encryption …

Stay staff and use a real TBdev source and not some crap thats been locked away from your own eye’s
LoC Big Dog

can someone tell http://www.pakdevilz.info King of Warez World that all their software downloads are filled with viruses and to clean them out. I downloaded about 20 applications and each said virus, trojan, backdoor, etc. Thanks
GrX

People might be thinking were jumping the gun here but the source they are talking about is Templateshares.

he is the lowest of the low i know the guy personally, i worked hard with another group in de-zending/de-ioncubing the script upto v5

we don’t even bother with version 6 now its just not worth the hassle.

his source in the begining was 100% TBDev and their communitys work all bundled together to create his own script which he sells for like 50-60 bucks and now is even more expensive.

At the moment even though i hate the guy and cannot stand him the script now is hardly anything to do with tbdev/source theirs hardly a trace of that coding left its more crammed full of DRM, call backs, phone homes, activations, Licence checks, and other nasties.

from version 5 here is the list of un-ioncubed content we found in his builds.

1. Disabling of localhost (stupid if you want to say test and design the tracker before you make it live

2. a feature to purge and wipe the mysql database from a remote location (i.e.) not from the server side.

3. a call home feature to allow him to see what url/domain is using his source

4. a curl feature which updates his sites AdminCP section when a domain is using a version which isn’t in his Green light list,

5. Soon as you install the script it also emails him the domain, ip address and location where the scripts been tested/loaded from.

6. A feature to un-salt the username/password/secret/email of any of his customers details in their databases (not sure how he managed this but its there)

All in all the guy should be investigated for what he is doing.

yes selling open source gpl code is one thing but breaching every customers privacy and data without their concent is a fedral crime.

Having said this his source works and is great in theory just his ethics, if we was to open his source 100% and remove all his nasty work it would be one of the best scripts around.

i understand he wants money for all the time he put into it, but just how much does he want / need?

a search on google is like 35,000 + sites using his script at 80 bucks a pop i’m sure that should of covered by now all his hard work ripping of tbdev and other torrent scripts lol

There is a brand new FREE open source Torrent Script/NZB script which torrentfreak soon will hopefully do a full page story on.

it’s going to beat XAM’s templateshares into the ground and it’s completely free and open source too,
Hamish Mcduff

@ 19 and 20

You’re both wrong

The terms are Twatspace and Spookbook.

Just data mining operations for the gullible.
DJDANKVT

@19,20,29

You are ALL right!
l00kies

@28
What is the name of that script I am interested in it, as I own a site running TBDev, and it’s just too punishing on my server, and cannot afford to upgrade it and was thinking of changing to a different script.
Radz

@28 Well said brother..
Hans Pandeya

Twatter…
lilars

You mean that thrd follower I
got may not be real?
Obedient

Didn’t someone also blame .torrent sites for the Haiti earthquake???
phineas

this is what happends when noobs try to run a torrent site. purchasing some lame soft lol. serves them right for not knowing how to mod code …

leave torrent sites to people who knows their shit.
Yatti420

I don’t use Twitter for a reason.. It’s like target #1 for spammers and crackers is it not?
Daz

@ 12

Looks like Xam’s way of typing things ;)
Snedra

As much as Twitter doesn’t give any details, neither does this article. There’s no proof or references saying that TempleShare is a culprit, and neither is there any evidence/expert quotes to support the statement that “TBDev and Gazelle … have been examined by untold numbers of experts and come free of charge”.

Please improve the technical and legal quality of these articles – I love reading them but they aren’t very supportive really.
Anon

DDoS anyone?
DeltaPan

I refer back to the Media Defender leaked emails a few years back.

What’s the best way for anti piracy to get details of torrent users, if ISP’s won’t release details?

It’s not hard to fathom, anti piracy putting dodgy script into torrent site software and floating it.

Just putting that one out there being as nobody is mentioning an obvious dimension to this, something i’ve considered for a while now.

As much as any dodgy phishing lowlife etc, there’s other undesirables, torrent site software should be as secure as you can get, not bootlegged versions which can be messed with.

Anti piracy oiks have proved they have no respect for criminal law, they feel justified in breeching criminal law when it comes to people who merely breech copyright which is civil.

Use proper site software!
http://www.torrentfreak.com enigmax

@39 – Snedra

TF did not say that Template Share was the culprit – we said that these backdoor allegations are nothing new and they’ve been leveled at Template Shares before.

Hundreds of torrent sites run by BitTorrent experts operate both TBDev and Gazelle code and would never allow backdoors on their sites, particularly since the code is available to all and in clear view.

Both Gazelle and TBDev come free of charge, providing they are obtained from the correct sources.
Pingback: Torrent Sites Blamed For Twitter Attack - AionSource.com
pete

it just shows that all these companies, facebook, twitter, google, ecetera can’t even secure their networks, while making a lot of money.

the message to any user of their ‘services’ is: “use us cuase it helps our bankaccounts, but don’t expect to be anonymous or safe or to keep your data private”

which means for me: no google, no facebook, no twitter ecetera. and can you beleive it?: i am still alive and kickin’
MRSMITH

THIS DICK AXAM WANTS HES SITE TOOK DOWN ASP RIPPING USERS OFF WITH MONEY
MtnVision

Last year I BEGGED Earnesto of TorrentFreak to write about Xam & his evil ways but he refused…

I guess he grabs this headline now that a big concern like Twitter instead of a disgruntled tracker is squawking. DANG IT you could have wrote this story last year! You didn’t want the “FACTS”… Yeah xam has back doors & can dump or steal the database BUT smart trackers got out of the trap by going to the nulled/decoded versions. Next step is to import out of TemplateShares then into another code like TBdev. Xam is a liar, a thief, a bully, & an arsonist as far as my experience would show.

I lost huge respect for TorrentFreak when this was not taken seriously before Twitter got involved.
Rob

But if you used different usernames and password granted I tend to use the same username but multiple passwords as most security sources would say anyhow. Its a shame that the world is filled with people like this, but what goes around comes around. I am pretty sure that the hacking community will have some revenge on behalf of everyone who’s credentials he stole, complete ass hole
Anonymous

This is one of the site much spreaded on Tweeter..
Invite Scene | .::IS::.
——————————–
Get your all exclusive private torrent invites. InviteScene is your ultimate guide for all torrent trackers & your access to the best scene of web.

http://www.invitescene.com/

Get all your exclusive private torrent invites which includes TL, SCL, SCT, RevTT, FTN, PTN, What.cd, waffles, iptorrents, demonoid, hd-torrents, bitmetv etc.

InviteScene is your ultimate guide for all torrent trackers & your access to best Scene of the Web.

Get Access to updated Private Torrent Reviews.

Subscribe to our Open Sign Up Tracker section to get automatic email notification about currently open torrent sites.
Pingback: Siti Torrent incolpati dell’attacco subito da Twitter
ferb

blame the idiots who runs torrent sites. these noobs dont know anything bout administering sites, php, or probably even html.. for gods sake. they put the other idiots (the users) at risk.

i mean, why the hell would they use something thats known to have backdoors, what a bunch of dolts.

please, if your a dumbass dont run a torrent site. save the other idiots from getting in trouble.
dieXamyoupieceofshit!!

personally if a site is not using TBDEV then stay away from it as there’s a good chance that it’s XAM’s shit run by some complete n00b who knows jack shit about php and is putting all their members at risk. Anyone who starts a pre-modded tracker knows shit about coding a site and should be avoided at all costs.
Crud

Twerrible tworrent sites will not be twolerated by twitter!
Anonymous

@43 It’s hard to secure a site against the stupidity of it’s own users.

If you have any common sense you use different usernames and passwords, at the bare minimum you use different ones from your piracy to your more legit stuff.. If you use the same stuff everywhere then it’s no ones fault but your own when someone logs it and tries to use it elsewhere..
Grim

That’s what people get for wanting to be part of the twitter cattle (or similar social webz for tards), without having the least understanding of computers or the internet
”

why, if you were going to go to all the trouble of selling bt scripts with findable holes, would you bother to use the stolen information to get on Twitter? wtf? Not like, banks or even email. Twitter. What can you possibly get off Twitter?

Or are they just ‘raising the alarm’…?
Pingback: Pirate Home Page » Torrent Sites Blamed For Twitter Attack
SirSnuggleBunny

of course it was xam’s code… he is a thief, a scammer and an asshat.

the last version of his code I saw wasn’t encrypted, and along with some security holes (that made a back door for him) the code was basically TBDev code with a bunch of modifications and code by different coders at TBDev including myself (and many many others)… he didn’t even bother trying to hide it lol.

he managed to take advantage of some people who didn’t know he was a scammer, then basically held them hostage for as long as they kept using the code..

I agree if you want to build a site, you should know how to code, but not all communities are built that way… some start with a community and a need for a home. My site started like that, and that’s how I got into coding… but I was totally lost for the first 2 years, and it took about 4 years to even start to “get it” lol.

people like xam make it bad for everyone in the torrent scene, there is nothing about community or sharing involved where he is there.

my 2 cents,
xox,
snuggs
yordanov2010

We all hate xam because his source isn’t free but very secure and nice.

signup.php
[php]
$secret = mksecret();
$passhash = md5($secret.$password.$secret);
[/php]

takelogin.php
[php]
$password = trim($_POST['password']);
if ($row['passhash'] != md5($row['secret'] . $password . $row['secret']))
{
//Invalid Login
}
[/php]

Nobody can see user’s passwords. They are secured while registering and logging so xam’s (templateshares) source looks secure.

We’re still checking his source and nothing noticed wrong so far.

TorrentFreak

The place where breaking news, BitTorrent and copyright collide

Torrent Sites Blamed For Twitter Attack

Related Posts

Previous Post | Next Post

NewsBits

Pirate Bay Founder Gottfrid Svartholm on Freedom of Speech

Blu-ray Anti-Piracy Tech Stops Discs and Promotes Purchases

Foxtel Breeds Pirates by Locking Up Game of Thrones

UK Student Admits Breaching Sony Copyrights With Leak of PS3 SDK

Pirates Can Be Identified Despite Sharing IP Addresses, ISP Claims

MostDiscussed

Pirate Bay Takes Over Distribution of Censored 3D Printable Gun

McAfee Patents Technology to Detect and Block Pirated Content

Pirate Bay Finds Safe Haven in Iceland, Switches to .IS Domain

Copyright Trolls Threaten to Call Neighbors of Accused Porn Pirates

Game Pirates Whine About Piracy in Game Dev Simulator

CopyQuote

PopularArticles

VPN Services That Take Your Anonymity Seriously, 2013 Edition

Top 10 Most Popular Torrent Sites of 2013

Which VPN Service Providers Really Take Anonymity Seriously?

What’s The Best VPN / Proxy for BitTorrent?

BTGuard Review: How Does it Work?

Optimize Your BitTorrent Download Speed