In BitTorrent terms, TorrentIt has quite a long history. The tracker started out in 2004 as 123Torrents. In early 2005, they lost the 123Torrents domain, and while negotiating to get it back, took on the domain torrentit.com. When negotiations failed, they decided to keep the TorrentIt name, and applied it to the newly created pirate theme for the site.

TorrentIt, which had 27,000 members at its peak, was known for having a large mix of scene and non-scene torrents, and for a very tight community. In April 2006, BREIN went after the original owner, who lived in the Netherlands, forcing the shutdown of the site under legal pressure. The TorrentIt crew decided it was better to take the site down than to have him take the heat, and took the site down.

Almost a year later in January 2007, some of the former staff members decided to bring the site back, under a new domain, one not attached to the original owner. The intention was to open by the end of May, but that never happened. The deadline was missed, and it took more than a year before the site was ready for its official relaunch.

BlastGT1, one of the original crew members, and an Admiral (equivalent to SysOp) at the new site told TorrentFreak: “Unfortunately, due to real life commitments, we missed that deadline, and after months of stagnation, I took it upon myself to find good coders within the torrent community who could help us finish the site, and try to repair the damage we had done to TiT’s good name.”

TorrentIt teamed up with the coders from DigitalHive, who were looking to start a new side project themselves, and this eventually led to the long awaited resurrection of the tracker. “Now, we’re back with a different domain, a different source and the drive to succeed,” BlastGT1 said.

“We don’t care about racing sites for pre times, we don’t care about having the biggest userbase. We care about having quality torrents, scene and non-scene, and most of all, we care about community. That is what made TorrentIt stand out before, and so many are already loving its return, finding their cabins kept warm and cozy,” BlastGT1 added.

The new and improved tracker changed its domain extension from .info to .eu, and now runs on Gazelle. Two days ago, they sent out almost 10K invites to former members, and many of them have joined the new site since. Unfortunately, an invite is needed to sign up, so not everybody will be able to celebrate and participate.

BlastGT1 has a word of advice for newcomers though: “Bide your time, get a good honest reputation elsewhere, have patience like people did once upon a time. Sooner or later you’ll make the right friend and snag an invite.”

Post from: TorrentFreak

torrentlog.com - Full movie downloads (dvdrips and divx)

TorrentIt Makes Long Awaited Comeback torrent downloads.

DDoS attacks are not an unusual event for many private BitTorrent trackers. Although they are sometimes used as an excuse for server issues, most of the larger trackers have been subject to such attacks at least once.

Norbits is one of these trackers, a medium sized community with over 10,000 members, most of them from Norway. Norbits has suffered downtime because of DDoS attacks before, but this time the threat may be more serious than that.

In an NFO file obtained by by IT-Avisen, a group called MORRADi takes responsibility for the attack on Norbits. “Once again we show our power! Once again we show your foolishness! This is not the first time we have done it, and it won’t be the last,” they write (translated).

“Enough is enough, you are becoming a real nuisance, and you are also a bunch of idiots that try to hide, so it’s high time we punish you! P2P is not something we want, when will you understand that? Do we have to take it as far as publishing your user database online?”

The message seems to suggest that “sceners” are behind the hack and the attacks, since they don’t want their releases shared on BitTorrent trackers. IT-Avisen journalist Trond Bie thinks this is plausible, as he told Dagbladet: “I know that there are people on the FTP scene that don’t like Norbits. It’s not improbable that such a group wanted to attack the servers. It’s happened before.” Whether the group actually has access to all the IPs, usernames and transfer logs of Norbits users remains unclear.

This would not be the first time that a private BitTorrent tracker has been hacked. Earlier this year the IP-addresses of seedboxes and of top-users on some of the larger private trackers leaked to BitTorrent. Nevertheless, this kind of information is useless to anti-piracy organizations, as it is impossible to verify whether it is legit or not.

Post from: TorrentFreak

torrentlog.com - Full movie downloads (dvdrips and divx)

Norbits Hackers Threaten to Release User Info torrent downloads.

The popular TBDev code on which thousands of private BitTorrent trackers are built, is said to be vulnerable to a major exploit. A successful attack could allow a malicious attacker to deface the main tracker page (index.php) and hijack the account of anyone who logs into the application. Worryingly it’s even possible to hijack an administrator’s account by using a social engineering attack to get them to click on specially crafted hyperlink, although most admins won’t be tricked by this method.

According to Michael Brooks, a security researcher who brought this issue to our attention, this particular TBDev exploit is down to the fact the developers didn’t protect the administrative interface from Cross Site Scripting attacks (XSS).

The attack uses CSRF in a chain with other flaws to obtain synergy - Michael calls this CSRF Bouncing.

“Unfortunately this Cross Site Scripting attack is accessible by an attacker using a Cross Site Request Forgery” Michael told TorrentFreak. “The Cross Site Scripting flaw is particularly valuable. The XSS payload is stored in the main index.php for the application. This means that an attacker can expose every visitor to their payload.”

Michael goes on: “The CSRF flaw is POST based so it does require the administrator to execute javascript. Finding the administrator account isn’t difficult if you have a user account on the system. Like with just about every SQL powered application the administrator is the first user account created. From this profile you will be able to send a personal message and you may even be able to obtain the admin’s email address.”

Worryingly, even if the attacker doesn’t have a user account, it’s possible to get one using an XSS flaw.

Michael explained how a malicious attacker increases his chances of a success with the exploit, by combining it with a little social engineering.

“In this case I am using the reflective XSS flaw to make it appear as though the administrator is viewing his own web application. The social engineering attack could look something like this: ‘I think there is a bug in your site. Can you check this link, it just does not look right http://localhost/redir.php?url=’ . This now means the flaw is no longer a “Cross Site” Request Forgery, because the request is being sent from the same website.”

After a successful attack it’s possible to deface the site and “hijack every user’s authentication token indefinitely”.

So what can be done to avoid this exploit? Michael told TorrentFreak:

“The most important thing to keep in mind is do not click on links that look like this. The link can be easily modified to be shorter, but the important part is avoiding links to TBDev’s /redir.php.”

“However this isn’t the only way that the flaw can be exploited. If you visit a website that the hacker controls then he can also trigger the attack. If you think you might have clicked on a bad link, change your password immediately.”

So what should an admin do if they already fell victim to the exploit?

“To remove the persistent XSS payload the administrator might have to login to the SQL server manually and delete the offending entry in the “news” table (since they won’t be able to use the web application to delete the news posting) using DELETE FROM news WHERE body LIKE ‘%fromCharCode%’.

The difficult part is that every user will have to change their password. In PHP I suggest defending against XSS using htmlspecialchars($var,ENT_QUOTES); . There are cases where XSS can still be possible without ENT_QUOTES. To defend against CSRF i suggest using PHP CSRF Guard.”

An administrator on a TBDev tracker we spoke with suggested a very quick fix off the top of his head:

in news.php change

$body = $_POST[”body”];

to

$body = htmlspecialchars($_POST[”body”],ENT_QUOTES);

We put this to Michael who told us: “The fix isn’t bad however the same fix also needs to be applied to $_GET[”url”] in redir.php or the administrator account as well as others are subjected to hijack. There are other security problems with this application, but the XSS is the most serious as it leads to immediate attack.”

Earlier today TorrentFreak contacted a number of admins with details of the exploit. Michael tells us he has notified the relevant people of the flaw but it may take a few days until an official patch is made available.

The full details of the exploit are available here.

This is an article from: TorrentFreak

Private BitTorrent Trackers Under Threat From Major Exploit

torrentlog.com - Full movie downloads (dvdrips and divx)

Private BitTorrent Trackers Under Threat From Major Exploit torrent downloads.