14 DAY TRIAL // An unresolved security bug has forced a large part of the 1337x staff to leave the torrent portal and start their own website from scratch.
1337x is one of the biggest torrent portals on the Internet, being ranked #9 on TorrentFreak's list of Top 10 torrent sites for 2015 and ~1,200 in Alexa's traffic rankings.
It appears that, for the past few weeks, after the site went through a redesign, a security hole was opened on the portal, which the site's owner did not want/could not fix, TorrentFreak reports.
Unfixed account hijacking issue forces moderators to leave
According to accounts from various 1337x moderators, an unconfirmed stored XSS (cross-site scripting) vulnerability exists in the portal's comments system, one that allows attackers to take over the accounts of users who reply to a comment.
Attackers are using this technique to hijack accounts and then post various types of spam on the site, from comments to malicious torrents.
In the light of this situation, many members of the 1337x staff have reported the issue to the site's owner, the only one with access to the portal's source code.
Former staff starts new torrent sharing portal
After weeks during which no reply came, most site moderators and some users with admin privileges have left the site and started a new torrent portal from scratch.
Some of the moderators and admins were also in charge of some of the portal's domains, such as 133x.com, 1337x.net, and 1337x.org, but not the original 1337x.to domain. Some of these domains are now dead, but 1337x.net redirects to the staff's new website, the leetxtorrents.org domain.
After the runaway cast of 1337x admins left, the owner of the 1337x.to finally resurfaced and posted a message on the site, claiming there is no security hole: "An article appeared quoting 1337x as unsecure website. Rest assured 1337x is secure and actively developed website and its content moderated for user security. We are actually working on new features that will be available soon."