OMG, HDBits has been hacked

Sylar the HDbits tracker was hacked about 2weeks ago. Not now.
Yesterday there was a leak of the passwds of BitHDTV but all passwds were reset because of that.

"terrorize" I think you were probably disabled because you haven't used enough your account. All other users have no problems.

i fixed it its workin now
thx anyway

--

Quote:

---

Originally Posted by Sylar666

Is it HDbits or Bit-HDTV ? Which one was hacked, for God's sake? I thought it was Bit-HDTV. Or both have been screwed up?

---

Bit-HDTV was recently hacked, HDBits was hacked a while ago
:pinch:

[quote=terrorize;2203826]i fixed it its workin now
thx anyway
btw this is their .txt file:


why would you post that file here are you nuts? edit your post i don't think everyone here needs to see this.

okok if thats what you want :)

the passwds have all been automatically reset by the system now goblin.
However, these data could be used on other trackers to steal same passwds of same usernames...

Quote:

---

Originally Posted by znik

the passwds have all been automatically reset by the system now goblin.
However, these data could be used on other trackers to steal same passwds of same usernames...

---

+1 mate

my Bit-HDTV account is stolen :(

anyone got their irc server and channel name?

# - connect to irc.p2p-network.net
# - join our channel #BiT-HDTV

on my way

Quote:

---

Originally Posted by mforcex

lets lower the hdbits ranking now

the recent site that stores stuff in plaintext is RTS... oh no i blew the whistle. damn me.

---

Hope u burns in Hell and
RTS stuff must do something about that

Standard TB source will always hash the password using secrets as the salt, so the default storage of passwords is MD5 (excepting the very early TB source snapshots which used plaintext, but they are way past their sell by dates, and should not be used).

For a modern tracker to store passwords as plaintext requires the site operator to modify the takelogin and takesignup to store a plaintext password (and do the comparison on login) into the 'users' table (a column already exists called 'oldpassword').

In other words, this is not an accident, but intentional. The only reason that anyone would store passwords in plaintext is so that they can discern your passwords. The only reason for this is so that they can harvest your accounts at other trackers.

A number of individuals, such as Jait, have shown that TB derived scripts have numerous vulnerabilities, and they have also shown how to seal these holes. There is an entire thread on TBDev addressing all manner of exploits, including the stealing of the passhash (which can be made secure through the cookie mechanism, contrary to popular belief).

The simple point I am making is that there is enough information at TBDev to secure any source, and the simple fact remains that too many site operators are either too complacent to think it will happen to them, or too damn stupid to even run their own site. Anyone who thinks they don't need to scrutinise their code from time to time is asking for trouble. New vulnerabilities are discovered all the time, and new measures to deter these attacks are being created all the time.

The web waits for no man.

man... this is so messed up. and knowing that the storage of the user base in plain text had to be done intentionally.... it's very disappointing :no:

i would suggest to stay away from the invites section for some time, as there could be many stolen accounts giveaways (as we have already seen) and invites giveaways form this stolen accounts.

Quote:

---

Originally Posted by TheFoX

For a modern tracker to store passwords as plaintext requires the site operator to modify the takelogin and takesignup to store a plaintext password (and do the comparison on login) into the 'users' table (a column already exists called 'oldpassword').

In other words, this is not an accident, but intentional. The only reason that anyone would store passwords in plaintext is so that they can discern your passwords. The only reason for this is so that they can harvest your accounts at other trackers.


The simple point I am making is that there is enough information at TBDev to secure any source, and the simple fact remains that too many site operators are either too complacent to think it will happen to them, or too damn stupid to even run their own site.

The web waits for no man.

---

So sad but true
:O

Are these nasty rats developing this good old habit of just hacking around? There has to be done something. Thanx for the info.

Quote:

---

Originally Posted by DV8type

Quote:

---

Originally Posted by Sylar666

Is it HDbits or Bit-HDTV ? Which one was hacked, for God's sake? I thought it was Bit-HDTV. Or both have been screwed up?

---

Bit-HDTV was recently hacked, HDBits was hacked a while ago
:pinch:

---

i just hope that HDBits is safer now...

STOP REQUESTING THE.txt FILE!!!!
DO NOT PM ME ANYMORE!!!!

unencrypted passwords..?
fucking loosers

I first noticed the hack when a leecher was uploading to me after I was at 100% and I was seeding. Didnt think nothing of it at first. Three hours later I was still downloading bad data from the same leecher while seeding. I immediately blocked the IP address and informed staff.For the next two days the hacker was trying to gain access to my PC, to no avail. I changed my IP address and haven't seen him since. This dickwad needs to be hung from his testicles and lowered into a pail of $&^&#*@%!.

Quote:

---

Originally Posted by jokzor

...fucking loosers

---

Yes, they definitely need tightening.

Quote:

---

Originally Posted by Chewie

Quote:

---

Originally Posted by jokzor

...fucking loosers

---

Yes, they definitely need tightening.

---

lol
i didnt think things could get any looser.....i wouldnt touch that site w/ a ten foot pole

hi dv8type :)
so at this point which trackers are safe and unsafe?
and where did you get the idea you wouldn't touch it w/a ten foot pole

Quote:

---

Originally Posted by DV8type

Quote:

---

Originally Posted by Chewie

Yes, they definitely need tightening.

---

lol
i didnt think things could get any looser.....i wouldnt touch that site w/ a ten foot pole

---

LMAO

Me either.
I dont really see why ANY site would feel the need to store passwords in plain text. What would be the login behind doing so unless they had intentions of seeing peoples passwords and using them on other sites for the same users they have on theirs.

Quote:

---

Originally Posted by Melvinmeow

Quote:

---

Originally Posted by DV8type

lol
i didnt think things could get any looser.....i wouldnt touch that site w/ a ten foot pole

---

LMAO

Me either.
I dont really see why ANY site would feel the need to store passwords in plain text. What would be the login behind doing so unless they had intentions of seeing peoples passwords and using them on other sites for the same users they have on theirs.

---

Melvin & DV8Type <3

Quote:

---

Originally Posted by jokzor

hi dv8type :)
so at this point which trackers are safe and unsafe?

---

There are a few more established trackers out there that have active coders and a proven track record when it comes to privacy.

@Melvin: Seriously....either they have an inept coder who just patches TBdev (and does a bad job of that) or the intent was malicious from within.

Hi

I have tried several times to reset my password but only get the first email, never the 2nd one with the new password-please can someone kindly give me the email addy for the administrator at BIT-HDTV please ?

Thanks

Ok...so i was on vacation and when i returned i realise that i lost access to my mail, and many torrent sites...that's when i found this topic.

i don't know if it happened to any other of u people, but what can i do now? nothing?

i lost hdbits, sct, oink, scn, and of course my mail...who did this? who is this guy ?? how can i gain back access to m accounts and mail?

hope this doesn't happen to any of u guys :(

Cangaceiro, send me a PM and Ill try and help you get back up on your feet.