 |
Post Ax5aOT7nLnkDpv4YLI by [email protected] |
 |
More posts by [email protected] |
|
Post #AwCLlMu7QpILsuYeQa by [email protected] |
|
0 likes, 4 repeats |
|
|
|
if you put a webserver up on the internet. anywhere, hosting anything, you will… |
|
|
|
Post #AwCLlN1D0SxyEtsJTk by [email protected] |
|
0 likes, 0 repeats |
|
|
|
and what you can take away from this log is that the reason they are blasting t… |
|
|
|
Post #AwCLlN6sfNVGWUWqJs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
this is because everywhere has gone "DX" - or "optimizing for th… |
|
|
|
Post #AwCLlNCuIyK8pBLeiG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss when I self hosted mine I autoblocked (iptables, drop) whatever IP that a… |
|
|
|
Post #AwCLxDvGeNwDVJkRlI by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss You should probably block that 127.0.0.1 address. |
|
|
|
Post #AwCML8ZwAf33scAquG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@FritzAdalis no good comes from that ip |
|
|
|
Post #AwCML8h1kIigEbUVxQ by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @FritzAdalis you think 127.1 is bad? try 127.3.13.37 |
|
|
|
Post #AwCMny0IZCwHTrFdaq by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss @FritzAdalis 0x7f030d25and 2130906405are also bad IP addresses |
|
|
|
Post #AwCMny6KCnl9mY4RzE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @FritzAdalis but 🤫 all the real hackers use 127.13.37 |
|
|
|
Post #AwCNcw1dgLd076BKOu by [email protected] |
|
0 likes, 0 repeats |
|
|
|
and if youre lucky, sometimetimes you catch one that may be actually interestin… |
|
|
|
Post #AwCNcw7JLGAIOgprF2 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss I believe this could be HAFNIUM APT |
|
|
|
Post #AwCQG82X98HYZsPuWe by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss yeah. if you ever want to be convinced that the internet is doomed, just … |
|
|
|
Post #AwCR13PUB47PpSWofg by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss @paul_ipv6 "background radiation" ... love it! |
|
|
|
Post #AwCR13WZkhn2BRqTiq by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@dariusdunlap @Viss @paul_ipv6 yeah, makes me think if mapping of it leads to a… |
|
|
|
Post #AwCRKL2SrILW0OxJpo by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss vti scannersFrontPage? in this day and age, in this internet localized en… |
|
|
|
Post #AwCRik2nXabwVZkRua by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss Chum. |
|
|
|
Post #AwCg8Hs0JRgg10m5XE by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss Yeah, for a while I was working on a real time visual log scanner....abou… |
|
|
|
Post #AwCgipcQJTdr6sudqi by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss someday ill write the script that responds to a random 20 percent of 404s… |
|
|
|
Post #AwCh5cQvVD1csPOubQ by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@h2onolan apache:RewriteEngine OnRewriteCond %{REQUEST_URI} ^/$RewriteCond %{RA… |
|
|
|
Post #AwCh5cXJ7U85CCO0Y4 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss ❤️ ❤️ ❤️ |
|
|
|
Post #AwChDpHHdAkb1tntjs by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss according to some orgs, those all count as attacks.congratulations, you a… |
|
|
|
Post #AwChVQmtQJHwHrz2ye by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss What's the highest ratio zip bomb available? |
|
|
|
Post #AwClyUzFI02JWdsT8S by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss Dammit. You just made me add another subtask in the grey traffic generato… |
|
|
|
Post #AwCnT4yKA5uHlzambw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss Is it possible to respond to every URN not referring to an actual reachab… |
|
|
|
Post #AwCnT5BnM0gMRltXbk by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@mattl @Viss Yeah. I guess that would be bad. |
|
|
|
Post #AwCnT5HT0vDejMY4Rs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@jackwilliambell @mattl oh, @cR0w and @neurovagrant have some fun here, with a … |
|
|
|
Post #AwCnT5N8fpkx0xCbI0 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @jackwilliambell @mattl @neurovagrant Don't point random Internet peo… |
|
|
|
Post #AwCoMNwnJV8QYEFTn6 by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss and they even fail at that |
|
|
|
Post #AwCxgs7tiWxxWrHmXw by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@johntimaeus you can literally just open up netcat on port 80 and skip the webs… |
|
|
|
Post #AwCxgsDvM7mppY6awK by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss I'll probably build a stupid that opens a separate logger on ports 1-… |
|
|
|
Post #AwD16uzzxXMfpVhbzk by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss I'm mainly mad at self. I had grand plans for lateral email, chat, et… |
|
|
|
Post #AwDKrf58r28JCg6vIG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss .vscode/sftp.js 👀 |
|
|
|
Post #AwDRYPdGlqEzSrqGUC by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@[email protected] Can confirm lol |
|
|
|
Post #AwDSpUZvjZqXgKzKUK by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@nieldk @Viss I'm trying to set that up myself. Do you have a script snippe… |
|
|
|
Post #AwDSpUinCcw47p8PIm by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@xdydx @nieldk @Viss You can probably do that with fail2ban. I have not used it… |
|
|
|
Post #AwDSpUqEkwtGUucLuC by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@joelvanderwerf yeah, this is my current line of thinking, but I was interested… |
|
|
|
Post #AwDSpUwyLuHIpnljP6 by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@xdydx @joelvanderwerf @Viss ill see if i can dig it up somewhere. But the fai… |
|
|
|
Post #AwPlEi3GuLclmPPDcG by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss > just make sure the devs are comfy My Joker origin story in a past li… |
|
|
|
Post #AwPlEwfMZWPd6bKpvs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@joy lets flee to the woods |
|
|
|
Post #AwesuVy9pmp5WGIHZI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@[email protected] Not just webservers. SSH logs start filling up within abo… |
|
|
|
Post #AwesuW5bO6mHtLmEAi by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@ferricoxide fail2bans default setup is to immediately squash ssh bruteforece :D |
|
|
|
Post #AwesuWBH31JaAwQl0q by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@[email protected] Even with a good userData payload, getting f2b installed … |
|
|
|
Post #AwesuWHIgc8STdFZPE by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@ferricoxide apt install fail2ban is ten seconds and directly out of the gate i… |
|
|
|
Post #AwesuWNKKCxKmK4Nnc by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss @ferricoxide Fail2ban is default in all of our new VM. First item install… |
|
|
|
Post #Ax5aOT7nLnkDpv4YLI by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@Viss "this is because dockerthis is because k8s"I'm curious to h… |
|
|
|
Post #Ax5aOTFasnz0E6imUy by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@crocodisle i have seen the inside of probably 30 companies worth of k8s infras… |
|
|
|
Post #Ax5aOTMKTlN2Yzs9zs by [email protected] |
|
0 likes, 0 repeats |
|
|
|
@crocodisle if you want free advice:- if you want to host a thing and you want … |
|
|
|
Post #Ax5aOTSM7MBurggyOG by [email protected] |
|
0 likes, 1 repeats |
|
|
|
@Viss from your toots I'm gathering the problem with K8S is 1. expanded att… |
