Filehosted - free file hosting and sharing

[moohook]

Hey all, I am looking some support for my project. I am allowing copyright material to be hosted including nulled files.

For any user to reach 5,000 downloads in total I will provide free "Paid user" membership furthermore with 10,000 "Paid plus" and 50,000 you get free unlimited storage with "Paid Pro"

I will be completely out of pocket with those downloads as I display very few adverts and adblocker is widely used across the web but I just want to give back to the community in any way I can. ENXF has helped me a lot on my developer journey.

Current stats:
8,538 Active Files
3TB Storage used
1,204 Active users

You can also take advantage of video streaming with no annoying popups so if anyone here is looking to operate a movie site and doesn't want their visitors to encounter popups, here you go. This allows you to make more money with your own popup if you choose to do so and gain more traffic.

 

[moohook]

Website: https://filehosted.net

 

[ShieldX]

Website: https://filehosted.net

moohookis your site still working ? for me it not openig.

 

[moohook]

FYI here is two of our webmaster partners using filehosted entirely on their site.

https://filmfork.com (movie)
&
https://xpremium.org (adult)

 

[one_finger_man]

FYI here is two of our webmaster partners using filehosted entirely on their site.

https://filmfork.com (movie)
&
https://xpremium.org (adult)

moohookwhy are you posting links to a sexsite

 

[moohook]

why are you posting links to a sexsite

one_finger_manI posted it as an example along side a movie (also an example) of video streaming with filehosted.

If it's not allowed I am sure @enxf or @BattleKing can hit the delete button on that particular comment.

I am aware of the rules it only says no advertising your own pornographic site in signature or no adult profile pictures so I have not actually broken the rules as it's not against rules to post adult material.

Furthermore why are you questioning my actions in the first place?

 

[PlanetMaster]

Have to be honest @moohook as a 25 year systems admin specializing in security this site is neither secure nor private. Would not recommend storing any sensitive data/files here until the issues are corrected and there are many.

• No HSTS
• No DNSSEC
• CA Entries Missing
• Mail server is Swiss Cheese with zero encryption
• No TLS
• No MTA-STS
• No MTA-STS Policy file present
• No TLS-RPT
• No DANE
• Wide open Insecure Cookies and Sessions
• No Security Headers
• No Frame Options
• No XSS Protection
• No Content Type Options
• No Content Security Policy
• Insecure Subresource Integrity
• SSL uses deprecated weak cyphers and insecure outdated protocols / B rating which is as bad or good as an F security wise
• ‼️ Supports TLS v1.0 / v1.1 ‼️ NO! NO! NO! TLSv1.2 / TLSv1.3 only!!!!
• Non-compliant with NIST guidelines
• Non-compliant with PCI DSS guidelines
• Non-compliant with HIPAA guidelines

https://www.ssllabs.com/ssltest/analyze.html?d=filehosted.net&hideResults=on
https://www.hardenize.com/report/filehosted.net/1660665742
https://www.immuniweb.com/ssl/

I could run more tests to dig deeper into the security but there is no need. I would not submit anything to this domain, files or information like ones email. You need to fix this before saying secure and private cause its a false statement and you will be held liable if any sensitive files are compromised. if I wanted I could easily hijack a users session and get into their account as well as the admin account but I don't do that...anymore.

This is what it should look like, 20+ years of sharing and not even listed on the internet now thats secure and private

https://www.hardenize.com/report/centurionunderground.com/1660668059
https://www.ssllabs.com/ssltest/analyze.html?d=centurionunderground.com
https://www.immuniweb.com/ssl/www.centurionunderground.com/U24QgBOl/

 

[moohook]

Have to be honest @moohook as a 25 year systems admin specializing in security this site is neither secure nor private. Would not recommend storing any sensitive data/files here until the issues are corrected and there are many.

• No HSTS
• No DNSSEC
• CA Entries Missing
• Mail server is Swiss Cheese with zero encryption
• No TLS
• No MTA-STS
• No MTA-STS Policy file present
• No TLS-RPT
• No DANE
• Wide open Insecure Cookies and Sessions
• No Security Headers
• No Frame Options
• No XSS Protection
• No Content Type Options
• No Content Security Policy
• Insecure Subresource Integrity
• SSL uses deprecated weak cyphers and insecure outdated protocols / B rating which is as bad or good as an F security wise
• ‼️ Supports TLS v1.0 / v1.1 ‼️ NO! NO! NO! TLSv1.2 / TLSv1.3 only!!!!
• Non-compliant with NIST guidelines
• Non-compliant with PCI DSS guidelines
• Non-compliant with HIPAA guidelines

https://www.ssllabs.com/ssltest/analyze.html?d=filehosted.net&hideResults=on
https://www.hardenize.com/report/filehosted.net/1660665742
https://www.immuniweb.com/ssl/

I could run more tests to dig deeper into the security but there is no need. I would not submit anything to this domain, files or information like ones email. You need to fix this before saying secure and private cause its a false statement and you will be held liable if any sensitive files are compromised. if I wanted I could easily hijack a users session and get into their account as well as the admin account but I don't do that...anymore.

This is what it should look like, 20+ years of sharing and not even listed on the internet now thats secure and private

https://www.hardenize.com/report/centurionunderground.com/1660668059
https://www.ssllabs.com/ssltest/analyze.html?d=centurionunderground.com
https://www.immuniweb.com/ssl/www.centurionunderground.com/U24QgBOl/

PlanetMasterHave you tested ENXF with the resources you have provided? I just have and it's not good. Filehosted has made more effort in security and you are registered here.

Could you get access to admin account as a one off just so I know what you are saying is correct

 

[moohook]

Have to be honest @moohook as a 25 year systems admin specializing in security this site is neither secure nor private. Would not recommend storing any sensitive data/files here until the issues are corrected and there are many.

• No HSTS
• No DNSSEC
• CA Entries Missing
• Mail server is Swiss Cheese with zero encryption
• No TLS
• No MTA-STS
• No MTA-STS Policy file present
• No TLS-RPT
• No DANE
• Wide open Insecure Cookies and Sessions
• No Security Headers
• No Frame Options
• No XSS Protection
• No Content Type Options
• No Content Security Policy
• Insecure Subresource Integrity
• SSL uses deprecated weak cyphers and insecure outdated protocols / B rating which is as bad or good as an F security wise
• ‼️ Supports TLS v1.0 / v1.1 ‼️ NO! NO! NO! TLSv1.2 / TLSv1.3 only!!!!
• Non-compliant with NIST guidelines
• Non-compliant with PCI DSS guidelines
• Non-compliant with HIPAA guidelines

https://www.ssllabs.com/ssltest/analyze.html?d=filehosted.net&hideResults=on
https://www.hardenize.com/report/filehosted.net/1660665742
https://www.immuniweb.com/ssl/

I could run more tests to dig deeper into the security but there is no need. I would not submit anything to this domain, files or information like ones email. You need to fix this before saying secure and private cause its a false statement and you will be held liable if any sensitive files are compromised. if I wanted I could easily hijack a users session and get into their account as well as the admin account but I don't do that...anymore.

This is what it should look like, 20+ years of sharing and not even listed on the internet now thats secure and private

https://www.hardenize.com/report/centurionunderground.com/1660668059
https://www.ssllabs.com/ssltest/analyze.html?d=centurionunderground.com
https://www.immuniweb.com/ssl/www.centurionunderground.com/U24QgBOl/

PlanetMasterFYI, I appreciate your input massively as improvements especially when it comes to security is always important most of what you mentioned in your post has now been added.

I'm confused with this one:

• Mail server is Swiss Cheese with zero encryption

Mail server does have encryption .... can you elaborate further on this?

 

[PlanetMaster]

I haven't tested the security here was just giving you a free security audit to try and help.

As for accessing/hacking your site look up session hijacking, its actually easy when the security is not there a kid can do it. When cookies are insecure and you have 100% insecure cookies, the following doors are opened

• Predictable session token;
• Session Sniffing;
• Client-side attacks (XSS, malicious JavaScript Codes, Trojans, etc);
• Man-in-the-middle attack
• Man-in-the-browser attack

The session token could be compromised in different ways. This cookie, which has been sent over an encrypted channel, doesn't have the secure flag set. As a result, an active network attacker can easily recover it. Before you question my knowledge or abilities my CU crew and I wrote the book on PHP downloads / sessions 17 years ago just to give you some insight into my expertise. We were the forces, along with many others, behind the jump from PHP 4 to 5, wrote the first secure session and most stuff you see today we were involved in bringing to life back then. So I am only wanting to guide you with good and professional advice.

https://www.php.net/manual/en/function.readfile.php#57861

You Mail Server is Swiss cheese and has NO encryption thats what TLS (Transport Layer Security) is and its missing the tests are correct, Certificates are missing so without an SSL cert you cant have encryption, No DANE No MTS. Now you may have SSL certs but it is obviously not configured correctly so they are ineffective towards TLS encryption. Also get a SMTP Response 221 so the mail server is having network issues as stated in the test, highlighted areas means missing or not enabled. The network issue can be blocking the full test so you need to fix that first.

Correct configuration

 

[PlanetMaster]

Here's your email server test, not good

Supports
Your MX(s) supports plain text AUTH meaning all logins are in plain text not encrypted so anyone with the knowledge can view logins

https://www.emailsecuritygrader.com/results?id=262482

No Encryption

• Connected to Imap Server fails
• Clear Text Allowed
• Connected to Imap Server SSL fails
• SMTP Server fails
• SMTP Server SSL fails
• Connected to Pop Server fails
• Connected to Pop Server SSL fails

 

[moohook]

Here's your email server test, not good

Supports
Your MX(s) supports plain text AUTH meaning all logins are in plain text not encrypted so anyone with the knowledge can view logins

https://www.emailsecuritygrader.com/results?id=262482

No Encryption

• Connected to Imap Server fails
• Clear Text Allowed
• Connected to Imap Server SSL fails
• SMTP Server fails
• SMTP Server SSL fails
• Connected to Pop Server fails
• Connected to Pop Server SSL fails

PlanetMasterMail server removed as it's unstable with CP I am using

 

[moohook]

Making some progress...

 

[PlanetMaster]

Getting better, like I said tackle one area at a time and it will all come together. You will feel much better knowing you are doing all you can to secure your site while making it as private and comfortable as possible for your clients thats all they want.

 

[moohook]

Getting better, like I said tackle one area at a time and it will all come together. You will feel much better knowing you are doing all you can to secure your site while making it as private and comfortable as possible for your clients thats all they want.

PlanetMasterI have checked small sites and big sites are none have full green. Either red or yellow on many for example streamtape is one of the largest affiliate video streaming sites:

Would you register on this site and upload content or no?

 

[PlanetMaster]

I have checked small sites and big sites are none have full green. Either red or yellow on many for example streamtape is one of the largest affiliate video streaming sites:

View attachment 30122

Would you register on this site and upload content or no?

moohookyeah security online is bad, people don't understand even the basics so the majority of sites are insecure. if your register you always risk the chance of your private data being mined.
I just got this from PLEX, they were hacked and my email mined. They also lied saying it was limited, if a hacker takes the risk believe me they are going for everything and clean sweep so these companies also bullshit when it comes to your privacy

 

[moohook]

@PlanetMaster is a great member for bringing this to my attention and helping me improve the security of the site. He definitely deserves some kind of recognition @ENXF NET

 

[ENXF NET]

@PlanetMaster is a great member for bringing this to my attention and helping me improve the security of the site. He definitely deserves some kind of recognition @ENXF NET

moohookIt's great, I hope he will share more useful things <3 ,thanks @PlanetMaster

 

[PlanetMaster]

Anytime gentleman, security is paramount and its easily available if you do the research and work. Ones site is only as good as its administrator never assume all is fine make sure for yourself.

 

[BattleKing]

Anytime gentleman, security is paramount and its easily available if you do the research and work. Ones site is only as good as its administrator never assume all is fine make sure for yourself.

PlanetMasterPossibly some tutorials might be helpful for other users, so that they are aware what they have to do, what do you think @PlanetMaster

 

[PlanetMaster]

Possibly some tutorials might be helpful for other users, so that they are aware what they have to do, what do you think @PlanetMaster

BattleKingAbsolutely I would be more than happy to share my experience with IPS and server security over past 20 years. Using IPS since version 1 in 2002/2003 which I still have for PHP 3 <> 4

Apologies very busy with several side projects and family but I hope to release my new version of the IPS Torrent Tracker for IPS 4.7+ if you will allow it, Will be updated at GitHub months end but if ready sooner (like next week I hope) will pre release here as well as at my own site of course.

This is a total refactoring and rewrite for PHP 8+, my older versions are deprecated
https://github.com/devCU/IPS-BitTracker

Requirements
https://github.com/devCU/IPS-BitTracker/issues/7#issuecomment-1279621169