signup.php
[php]
$secret = mksecret();
$passhash = md5($secret.$password.$secret);
[/php]

takelogin.php
[php]
$password = trim($_POST['password']);
if ($row['passhash'] != md5($row['secret'] . $password . $row['secret']))
{
//Invalid Login
}
[/php]

Nobody can see user’s passwords. They are secured while registering and logging so xam’s (templateshares) source looks secure.

We’re still checking his source and nothing noticed wrong so far.

the last version of his code I saw wasn’t encrypted, and along with some security holes (that made a back door for him) the code was basically TBDev code with a bunch of modifications and code by different coders at TBDev including myself (and many many others)… he didn’t even bother trying to hide it lol.

he managed to take advantage of some people who didn’t know he was a scammer, then basically held them hostage for as long as they kept using the code..

I agree if you want to build a site, you should know how to code, but not all communities are built that way… some start with a community and a need for a home. My site started like that, and that’s how I got into coding… but I was totally lost for the first 2 years, and it took about 4 years to even start to “get it” lol.

people like xam make it bad for everyone in the torrent scene, there is nothing about community or sharing involved where he is there.

my 2 cents,
xox,
snuggs

Or are they just ‘raising the alarm’…?

If you have any common sense you use different usernames and passwords, at the bare minimum you use different ones from your piracy to your more legit stuff.. If you use the same stuff everywhere then it’s no ones fault but your own when someone logs it and tries to use it elsewhere..

i mean, why the hell would they use something thats known to have backdoors, what a bunch of dolts.

please, if your a dumbass dont run a torrent site. save the other idiots from getting in trouble.

http://www.invitescene.com/

Get all your exclusive private torrent invites which includes TL, SCL, SCT, RevTT, FTN, PTN, What.cd, waffles, iptorrents, demonoid, hd-torrents, bitmetv etc.

InviteScene is your ultimate guide for all torrent trackers & your access to best Scene of the Web.

Get Access to updated Private Torrent Reviews.

Subscribe to our Open Sign Up Tracker section to get automatic email notification about currently open torrent sites.

I guess he grabs this headline now that a big concern like Twitter instead of a disgruntled tracker is squawking. DANG IT you could have wrote this story last year! You didn’t want the “FACTS”… Yeah xam has back doors & can dump or steal the database BUT smart trackers got out of the trap by going to the nulled/decoded versions. Next step is to import out of TemplateShares then into another code like TBdev. Xam is a liar, a thief, a bully, & an arsonist as far as my experience would show.

I lost huge respect for TorrentFreak when this was not taken seriously before Twitter got involved.

the message to any user of their ‘services’ is: “use us cuase it helps our bankaccounts, but don’t expect to be anonymous or safe or to keep your data private”

which means for me: no google, no facebook, no twitter ecetera. and can you beleive it?: i am still alive and kickin’

TF did not say that Template Share was the culprit – we said that these backdoor allegations are nothing new and they’ve been leveled at Template Shares before.

Hundreds of torrent sites run by BitTorrent experts operate both TBDev and Gazelle code and would never allow backdoors on their sites, particularly since the code is available to all and in clear view.

Both Gazelle and TBDev come free of charge, providing they are obtained from the correct sources.

What’s the best way for anti piracy to get details of torrent users, if ISP’s won’t release details?

It’s not hard to fathom, anti piracy putting dodgy script into torrent site software and floating it.

Just putting that one out there being as nobody is mentioning an obvious dimension to this, something i’ve considered for a while now.

As much as any dodgy phishing lowlife etc, there’s other undesirables, torrent site software should be as secure as you can get, not bootlegged versions which can be messed with.

Anti piracy oiks have proved they have no respect for criminal law, they feel justified in breeching criminal law when it comes to people who merely breech copyright which is civil.

Use proper site software!

Please improve the technical and legal quality of these articles – I love reading them but they aren’t very supportive really.

Looks like Xam’s way of typing things ;)

leave torrent sites to people who knows their shit.

You are ALL right!

You’re both wrong

The terms are Twatspace and Spookbook.

Just data mining operations for the gullible.

he is the lowest of the low i know the guy personally, i worked hard with another group in de-zending/de-ioncubing the script upto v5

we don’t even bother with version 6 now its just not worth the hassle.

his source in the begining was 100% TBDev and their communitys work all bundled together to create his own script which he sells for like 50-60 bucks and now is even more expensive.

At the moment even though i hate the guy and cannot stand him the script now is hardly anything to do with tbdev/source theirs hardly a trace of that coding left its more crammed full of DRM, call backs, phone homes, activations, Licence checks, and other nasties.

from version 5 here is the list of un-ioncubed content we found in his builds.

1. Disabling of localhost (stupid if you want to say test and design the tracker before you make it live

2. a feature to purge and wipe the mysql database from a remote location (i.e.) not from the server side.

3. a call home feature to allow him to see what url/domain is using his source

4. a curl feature which updates his sites AdminCP section when a domain is using a version which isn’t in his Green light list,

5. Soon as you install the script it also emails him the domain, ip address and location where the scripts been tested/loaded from.

6. A feature to un-salt the username/password/secret/email of any of his customers details in their databases (not sure how he managed this but its there)

All in all the guy should be investigated for what he is doing.

yes selling open source gpl code is one thing but breaching every customers privacy and data without their concent is a fedral crime.

Having said this his source works and is great in theory just his ethics, if we was to open his source 100% and remove all his nasty work it would be one of the best scripts around.

i understand he wants money for all the time he put into it, but just how much does he want / need?

a search on google is like 35,000 + sites using his script at 80 bucks a pop i’m sure that should of covered by now all his hard work ripping of tbdev and other torrent scripts lol

There is a brand new FREE open source Torrent Script/NZB script which torrentfreak soon will hopefully do a full page story on.

it’s going to beat XAM’s templateshares into the ground and it’s completely free and open source too,

This would be done with the site owners and users even knowing that he had accessed there private information.

While the source is encoded and locked by what ever means he is now using no-one is able to see just what back doors he has open to him and for what reason…

Only download True versions that are not locked down with encryption …

Stay staff and use a real TBdev source and not some crap thats been locked away from your own eye’s

http://news.bbc.co.uk/2/hi/technology/8495087.stm

seriously grow up.. losers.

would not surprise me if they also sell their database of torrent site admins to the MAFIAA. they have the bank account details and IPs of everyone who paid them

This is why I use a different password for them. It only takes one shady admin of any site to sneak around and test going in to someones e-mail account to find out if they’re using the same password.

Not to mention if their system gets hacked and the hackers can then run a script to automatically log in to e-mail accounts and hack them all.

A very very bad idea.

Anyway, security is a thing not to be sneezed at. Whoever uses these shady private trackers of unknown origin, digs his own grave and – here we see – also put a dent filesharing reputation in general.

WOW, if an Anonymous poster says it’s legit then that’s got me convinced. Where do I signup?