How to use CCcam

To add new user you have to put an F line in the CCcam.cfg file (this file is located in /etc/ directory on your linux receiver or server). Here is an example of F line:

F: user password 3 1 0 { 0:0:5 }

Client gets all our cards at max distance (hops) of 3! He has the right to use our emu keys “1”, for NO rights to emu keys change this number to “0”. He has NO AU rights “0”, for AU rights change this number to “1”. Furthermore he has the right to re-share all our cards 4 more times { 0:0:5 }. When numbers are { 0:0:1 }, he can only watch himself and he has no re-share rights! Using 0:0:5 configuration is NOT RECOMMENDED, i recommend using 0:0:2.

My recommendation for F line is:

F: user password 1 0 0 { 0:0:2 } or this one:
F: user password 0 0 0 { 0:0:2 }

1) First number (1) means your client gets all your local cards  + cards that you have on your hop 1 list. Last number (2) means that your client can reshare your cards 1 more time!

2) First number (0) means your client gets only your local cards. Last number (2) means that your client can reshare your cards 1 more time!

Lets talk about CCcam port setting now. You can set port number by changing this rule:

SERVER LISTEN PORT: 14322 or any number you want.

I really recommend that you change CCcam port, this is for your safety!!

If you want to connect to someone else CCcam server you have to add a C line that looks like this:

C: ip/dyndns_server port user password yes

In the end it should look something like this:

C: 13555 youarethebest blablabla yes 

The yes on the end means that you get EMU keys from that CCcam server. I recommend that you use “no” at the end of the C line.

To connect to a newcamd server you have to add N line:

N: ip/dyndns port user password deskey hops_away

In the end it should look like this:

N: 13000 blabla tralala 01 02 03 04 05 06 07 08 09 10 11 12 13 14

To connect to a Camd3 server you have to add a L line:

L: IP/dyndns port CAID(4digits) providerID(6digits) hops_away 

In the end it should look like this:

N: 13000 blabla tralala 0500 030b00

These are the basics…. Now i will tell you few more advanced tips!

In case you have 2 local cards and you only want that user get to see 1 card you can do this:

Card 1 = provider CDS 0100 00006A
Card 2 = provider Sky DE 1702 000000

Now you want that user only gets to see your CDS card and not the Sky DE card do the following:

F: user password 1 0 0 { 0:0:3, 0100:00006A:1, 1702:0:0 }

This user gets all cards at maximum distance of 1 hop except 1702 because he has no rights to it. He gets to re-share all our cards(local and virtual) 2 times except for provider 0100 0006A because of :1. Say you want the user to have the right to re-share 0100 0006A 2 times further then change the “:1” into “:3”!

As you can see, you decide what your friend(s) are entitled to see and how many rights they get. If your card is set to reshare level 3 nobody but yourself can change that. WARNING! With the increasing popularity of OScam, these setting does not protect you. OScam can bypass them and users can easly reshare your local cards and all your hops even if your F line is set to:

F: user password 0 0 0 { 0:0:0 }

I know, thats nasty stuff from OScam but we need to live with it.

Another tip…

To control receiving hops just add { 0:0:x } at the end of the C line, where x is the number of hops you want to receive.

C: IP/dyndns port user passwd no { 0:0:2 }

This line only gives me shares from that peer with max count of 2. This means i will receive friends local cards and his hop1 cards. He is maybe also sharing with me his hop2 cards, but its not recommended to use so many hops, because your server can become unstable. Unstable servers are not

And another tip…

You can inrease security if you add additional info to your F lines. I am talking about this:

F: user1 pass2 0 0 0 { 0:0:2 } { } { }

Adding DNS address at the end of F line protects you against users that are connecting from IP that is not the same as the IP of DNS address that they use. This means that these peers have CCcam server on different location (usually they use VPS). I recommend that you block these users. Do not delete them, just put F:000 000. If you just delete them, you will get flood of failed login attempts and this can cause instability of CCcam!

Thanks to carp95 and to me, admin of SATNIGMO 🙂


Block unwanted users in CCcam (Fail2Ban)

Why is fail2ban useful function? You probably have unwanted users on your CCcam server. Some users can cause CCcam to crash and this can become very annoying. No one wants unstable CCcam!

If you want to see these users (if they exist), you need to add this line in CCcam.cfg:

LOG WARNINGS: /tmp/warnings.txt

Warnings.txt file can become quite large, so it is good idea to have it in tmp folder.

There are two solutions to block unwanted users

1. Block IP directly in your router. If you have router which supports Tomato firmware, find this section in your router webif —> Administration/Scripts/Firewall. Then add this line:

iptables -I FORWARD -d IP of user that is attacking you -j DROP

This only works if user has static IP (usually not). If user does not have static IP, there is another solution, but you need to be using Linux PC as CCcam server. Solution is called Fail2Ban!

If you use Fedora disto install Fail2Ban with this command: yum install fail2ban
If you use Ubuntu distro use: apt-get install fail2ban

Next command you need to use is (use telnet for this):

nano /etc/fail2ban/jail.conf
Look for these lines:
# "ignoreip" can be an IP address, a CIDR mask or a DNS host
 ignoreip = #here you need to put addresses that will be ignored by fail2ban - add IPs of your receivers/clients at home!
 maxretry = 3

… and add these lines:

 enabled = true
 port = 12000 #port of your cccam server. I have 12333 for example.
 filter = cccam
 action = iptables[name=CCcam0, port=12000, protocol=tcp] #here you only need to change port to 12333 for example.
 logpath = /tmp/warnings.txt
 maxretry = 10
 bantime = 6000 #this is in seconds. User will be banned 6000 seconds.

Next command (use telnet):

nano /etc/fail2ban/filter.d/cccam.conf

Add this into cccam.conf file:

# Fail2Ban configuration file
 # Author: Cyril Jaquier
 # $Revision: 510 $
# Option: failregex
 # Notes.: regex to match the password failures messages in the logfile. The
 # host must be matched by a group named "host". The tag "" can
 # be used for standard IP/hostname matching and is only an alias for
 # (?:::f{4,6}:)?(?PS+)
 # Values: TEXT
 failregex = Connection from IP: Login Failed!
# Option: ignoreregex
 # Notes.: regex to ignore. If this regex matches, the line is ignored.
 # Values: TEXT
 ignoreregex =

Next command is:

/etc/init.d/fail2ban restart

Last command is:

chkconfig fail2ban on

Using this command, fail2ban will start automatically with system start.

Now all CCcam crash problems should be gone. If not, then you have other problems (problematic peer, bad RAM sticks, etc.) If you want to check which IPs are blocked, type this in putty using SSH or telnet:

iptables --list

Powered by