nTorrents Down.

**Kryatle** · 07-15-2010, 06:34 PM

Just letting everyone know that nTorrents . Supposedly they have gotten hacked. I'm not staff or anything just a member, so I don't know all the details, and also who knows they might come back.

-------------
* technovert has changed the topic to: NTorrents.net CLOSED | if you have accounts at scenehd or F*N, please change your password

<technovert> no they had hacked ntorrents the first time successfully on july 11th
<technovert> they had administrator level access on the site until July 14th
-------------

They are saying they have found the exploit and have fixed it.. nTorrents is now back up, be cautious though and if you have been to the site in the past week, may want to change your passwords, to be safe.

**Champo101** · 07-15-2010, 07:05 PM

Never used it but RIP

**Quarterquack** · 07-15-2010, 07:09 PM

Didn't they change their name a month or so go? Either way, what's special about scenehd and FtN to warrant a special warning for those users? Doesn't make sense; if passwords were compromised then the warning should be one given out to users regardless of what other tracker accounts they own.

**anon** · 07-15-2010, 07:16 PM

Originally Posted by ringhunter

Didn't they change their name a month or so go?

I think the plan was to create a separate tracker from its ashes, which would indeed have a different name:
http://filenetworks.blogspot.com/201...to-launch.html

**Quarterquack** · 07-15-2010, 07:32 PM

Originally Posted by anon-sbi

I think the plan was to create a separate tracker from its ashes, which would indeed have a different name

Bingo. Of worthy note:

The raffle is currently closed, the eta for PWN is early July-ish and ntorrents invites are closed atm, so #nt-invites isn't being used.

Thanks for the positive write up though, we appreciate it.

So they got hacked right about when they had an estimated time for pulling the plug on the site?

Something smells fishy, and it's not "hooked: Real Motion Fishing."

**Kryatle** · 07-15-2010, 08:23 PM

They are now saying nTorrents is back up.. found and removed the exploit. Proceed with caution aren't completely sure if there are more. Also people should probably change their passwords.

**technovert** · 07-17-2010, 12:04 AM

Yeah. From what we can tell everything is fine as of now. The situation is being monitored closely.

technovert
ntorrents.net sysop

New site should launch very soon, can't promise anything but we're looking at in a few weeks probably.

Analysis of the code of the iframe exploit that was used it attempted to script to ftn and scenehd.org to send invites if you had them. So as long as you were not logged into those sites at the time you visited ntorrents.net within the 3 days the exploit was present you are fine. I recommend people use unique passwords for every site that you visit and use adblock and no script. No script would have prevented this attack if the users had it installed and on. Even if ntorrents.net was whitelisted.

**Quarterquack** · 07-17-2010, 12:09 AM

Originally Posted by technovert

Yeah. From what we can tell everything is fine as of now. The situation is being monitored closely.

Thanks for the explanation.

You do know who the user is at least, or have a way of getting to him, right? I mean his script obviously lead to a legitimate email address at which he was planning to harvest the invites.

**technovert** · 07-17-2010, 12:16 AM

The users involved are well known to other trackers. This is not the first time or the last time they have pulled these stunts. The actual damage is likely minimal if at all because its very unlikely users during the timeframe the exploit was live visited ntorrents.net and executed it while logged into FTN and/or scenehd.org. I do not believe there is any risk to the passwords on those accounts at this time, but advise users to use unique passwords for all sites and chance them on the affected sites. Mainly I advise them if they had invites on the above sites to watch for suspicious invite activity.

I posted the following advice for our users to help them address any implications of this exploit: While its at a very basic level of security, there may be people who benefit from this information.

While the events of the last few days may have caught everyone off-guard. I would like to arm our user base with some preventative measures to help address the current situation.

While we do not at this time have reason to believe that our database was comprimised, I still advise users to change their passwords on the following sites. FTN, SceneHD and NTorrents.net. Passwords should be randomly generated and never stored in clear text or written down. Databases like 1passwd and Keepass can be very helpful. You should select one unique, as long as possible, random password for each site. Do not use the same password from more than one site.

While we believe the threat has been addressed, hundreds of eyes are better than the handful of staff. Should you notice anything suspicious please notify our staff immediately.

Browsing:
I recommend Firefox + No Script + Adblock. This would have prevented this exploit even if ntorrents.net was whitelisted.

PC Security:

I recommend having an up-to-date firewall and antivirus software.

Remember tracker staff should NEVER ask you to reveal your password or other personal details.