A scammer called me today. They were saying that harmful files were moved to my computer and they needed to remove them. I don't think they are ever going to call me again.

S = scammer; M = me;

S: this is tech support we need access to your computer because we detected harmful files and need to remove them.
M: oh my! Hold on, let me go to my computer now. How can you access it?
S: we can just use RDP and delete the files. They are in a hidden folder that is encrypted so this Is the only way.
M: oh ok I believe you. Hm... it looks like my son only allows certain IP addresses to access our computers.. I don't know how to disable this so can you just email me your IP address?
S: Sure...

He then sends me his actual IP address... it doesn't even look like a proxy or VPN.

M: oh my I forgot that you need my password to login. It's really long and complicated... can I just email it to you?
S: Sure!!

I then tell him to hold on I have to find it that my "son" stored it somewhere.

At this time I'm taking a photo of my bare ass and attaching it to the email. I then say in the email "Please note what my job title is in my signature.. I just sent the FBI your name, phone number, email, and IP address. Please enjoy my bare ass, you'll see a lot of it in prison."

Long but worth it...

So I was cleaning out my Google Drive last night, and deleted some old (2 years and up) files. I also deleted my old work folder, it was for an ISP I worked for over 2 years ago. After deleting the files I had a little twinge of "Man I hope they're not still using those". But seriously, it'd be a pretty big security risk if I was still the owner of those files... right? Surely they copied them and deleted all the info from the originals. IP addresses, Cisco configs, username and passwords for various devices, pretty much everything but customer info.

Guess who I get a call from this morning... "Hi this is Debbie from 'ISP'. I was trying to access the IP Master List and I can't anymore. I was just told to call you and see if there's any way to get access to it again" (Not her real name...)

I had to put her on hold so I could almost die of laughter...

Me: "Sorry about that Debbie, I haven't worked for that company for over 2 years. Your telling me in all that time no one thought to save them locally? No one made a copy? I still had the original documents?!"

Long pause

D: "Uh... Apparently not..."

Another long pause

D: "So is there any way you can give me access to them again?"

Me: "They're gone Debbie. I deleted them all last night."

D: Very worried voice "Can... Can you check?"

This kids is why you never assume you'll always have access to a cloud stored file, make local copies!!

A little bit of background on this company, the owner's wife fired me on trumped up "time card discrepancy" issues so she could hire her freshly graduated business major son. The environment over there was pretty toxic anyway...

I feel bad for "Debbie" and the other staff there, it's going to be a very bad week for them. I also hope it doesn't impact any customers. But... It is funny as hell, especially since I warned the owner as I was clearing out my desk to save copies, and plan on them being gone soon. Apparently he never listened.

This is why you should have a plan in place... And not just wing it...

PS. First Post!

This shit is real.

Guy comes to my desk.
Guy: Do you know Python?
Me: Yes
Guy: I want a program that reads a CSV containing IP addresses and tells which of them are valid.
Me: Sure thing. Show me the CSV file.
Guy: (Shows the file)
Me: (Writes a small function for checking whether the IP is valid)
Me: Done Here you go.
Guy: You should be using regex.
Me: Why? This is perfect. No need for regex.
Guy: My manager wants a solution using regex only.
Me: Why so?
Guy: I don't know. Can you do it using regex?
Me: Only if you say so. (Stackoverflow. Writes a humongous regex). Done!
Me: Just for curiosity, what is your application?
Guy: I will port it in Java. You see, regex is easy to debug.
Me: Ohhh Yes. I forgot that. Good luck with your regex.

Me: so, ifconfig, what is my gateway?

ifconfig: [ip address]

Me: nmap, what is this IP address?

nmap: it's a network switch with an open telnet port.

Me: what happens if I connect to it?

switch: WHAT IS THE PASSWORD?!?!

Me: is it blank?

switch: correct. what do you want to do?

Me: can I look at all the IP and MAC addresses on the network?

switch: WHAT IS THE ADMIN PASSWORD?!?!

Me: is it... admin?

switch: correct. Here's everyone that's connected to the network: [400+ IPs and MACs]

Me: ok python, would you filter through these and tell me what manufacturer each one belongs to?

python: sure.
[~50 manufacturer lookups later]
python: there's a bunch of apple product, a bunch of miscellaneous laptop and printer manufacturers, and some raspberry pis.

Me: raspberry pis?

python: yep. about 20 of them.

Me: What happens if I connect to one?

rpi: WHAT IS THE PASSWORD?!?!

Me: raspberry?

rpi: correct. what do you want to do?

Me: can I make you do my bidding in the background when you aren't being used?

rpi: sure, sounds fine.

I love ignorant sysadmins.

That moment when an SEO 'expert' asks if changing ip addresses will put his sites lower in Google.

I'm a fucking Linux engineer, how am I supposed to know that?!

Please live up to your fucking title "SEO *expert*" and don't ask some innocent Linux engineer about this shit 😡

Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

Funny story about the first time two of my servers got hacked. The fun part is how I noticed it.
So I purchased two new vps's for proxy server goals and thought like 'I can setup fail2ban tomorrow, I'll be fine.'

Next day I wanted to install NginX so I ran the command and it said that port 80 was already in use!

I was sitting there like no that's not possible I didn't install any server software yet. So I thought 'this can't be possible' but I ran 'pidof apache2' just to confirm. It actually returned a PID! It was a barebones Debian install so I was sure it was not installed yet by ME. Checked the auth logs and noticed that an IP address had done a huge brute force attack and managed to gain root access. Simply reinstalled debian and I put fail2ban on it RIGHT AWAY.

Checked about two seconds later if anyone tried to login again (iptables -L and keep in mind that fail2ban's default config needs six failed attempts within I think five minutes to ban an ip) and I already saw that around 8-10 addresses were banned.

Was pretty shaken up but damn I learned my lesson!

I had to explain to a customer's head of IT what a public IP is! He is (still) convinced all addresses in the world have to start with 192.168...

How do people like this get/keep their jobs?!

After countless Google searches for the past 3 years, I've written a small script to get my internal & external IP addresses with one command!

Not exactly a security bug, but there was a company that made a Django app for some internal work and later open sourced it. I was browsing through the code and I saw that the config file had an IP address and a hashed password for the database credentials

When I tried to use them, I was able to login directly to their read replica RDBMS, I had access to all their customer data (including phones & home addresses)
Being the saint I am, I informed them of the ignorance made by their developer and was presented with some cool swag.

HO. LY. SHIT.

So this gig I got myself into, they have a whitelist of IP addresses that are allowed to access their web server. It's work-at-home. We just got a new internet provider, and it looks like I get a different public IP address everytime I disconnect and connect to the WIFI. And since it looks like the way they work on their codebase is that you either edit the files right on the server or you download the files that you need to work on, make the changes, and then re-upload the file back to the server and refresh the website to see the changes, now I can't access the server because I get different IP addresses. And it's highly inconvenient to keep emailing them to add IP addresses to the whitelist.

No source control, just straight-up download/upload from/to the server. Like, srsly. So that also means debugging is extremely hard for me because one, they use ColdFusion and I've never used that shit before and two, how the hell do you debug with this style of work?

I just started this last Tuesday, and I already want to call it quits. This is just a pain in the ass and not worth my time. I'll be glad to just go back to driving Lyft/Uber to make money while I look for a full-time, PROPER job.

By the way, can I do that to a contracting job? Just call it quits when you haven't even finished your first task? How does this work?

How do IP addresses work?

Here are the reasons why I don't like IPv6.

Now I'll be honest, I hate IPv6 with all my heart. So I'm not supporting it until inevitably it becomes the de facto standard of the internet. In home networks on the other hand.. huehue...

The main reason why I hate it is because it looks in every way overengineered. Or rather, poorly engineered. IPv4 has 32 bits worth, which translates to about 4 billion addresses. IPv6 on the other hand has 128 bits worth of addresses.. which translates to.. some obscenely huge number that I don't even want to start translating.

That's the problem. It's too big. Anyone who's worked on the internet for any amount of time knows that the internet on this planet will likely not exceed an amount of machines equal to about 1 or 2 extra bits (8.5B and 17.1B respectively). Now of course 33 or 34 bits in total is unwieldy, it doesn't go well with electronics. From 32 you essentially have to go up to 64 straight away. That's why 64-bit processors are.. well, 64 bits. The memory grew larger than the 4GB that a 32-bit processor could support, so that's what happened.

The internet could've grown that way too. Heck it probably could've become 64 bits in total of which 34 are assigned to the internet and the remaining bits are for whatever purposes large IP consumers would like to use the remainder for.

Whoever designed IPv6 however.. nope! Let's give everyone a /64 range, and give them quite literally an IP pool far, FAR larger than the entire current internet. What's the fucking point!?

The IPv6 standard is far larger than it should've been. It should've been 64 bits instead of 128, and it should've been separated differently. What were they thinking? A bazillion colonized planets' internetworks that would join the main internet as well? Yeah that's clearly something that the internet will develop into. The internet which is effectively just a big network that everyone leases and controls a little bit of. Just like a home network but scaled up. Imagine or even just look at the engineering challenges that interplanetary communications present. That is not going to be feasible for connecting multiple planets' internets. You can engineer however you want but you can't engineer around the hard limit of light speed. Besides, are our satellites internet-connected? Well yes but try using one. And those whizz only a couple of km above sea level. The latency involved makes it barely usable. Imagine communicating to the ISS, the moon or Mars. That is not going to happen at an internet scale. Not even close. And those are only the closest celestial objects out there.

So why was IPv6 engineered with hundreds of years of development and likely at least a stage 4 civilization in mind? No idea. Future-proofing or poor engineering? I honestly don't know. But as a stage 0 or maybe stage 1 person, I don't think that I or civilization for that matter is ready for a 128-bit internet. And we aren't even close to needing so many bits.

Going back to 64-bit processors and memory. We've passed 32 bit address width about a decade ago. But even now, we're only at about twice that size on average. We're not even close to saturating 64-bit address width, and that will likely take at least a few hundred years as well. I'd say that's more than sufficient. The internet should've really become a 64-bit internet too.

And BAM. Wrote a quick'n dirty little php script which works with loads of shell_exec calls to block all ip addresses belonging to an ASN number.

For example: If I get Facebook's ASN number and use it as parameter for this script with a custom name (for the iptables chain), the script creates a chain called the custom name, adds all ip addresses/ranges it got from the whois lookup (on the ASN number) with DROP to iptables and then it adds that chain to the INPUT and OUTPUT chains.

I've done some tests and can indeed genuinely not reach Facebook at all anymore, Microsoft is entirely blocked out as well already 💜

Windows, God damn you piece of fucking shit.

Why the fuck can't you make networking fucking easy like literally every other fucking operating system in the goddamn fucking world?

Why the fuck can't I spoof mac addresses so that I have the same IP address regardless of if I'm on a hard line or wireless?

Who in their fucking right mind thought that the pro version of Windows wouldn't need to do that?

I don't even like using you at this point, I'm forced to use you for work.

There's literally not enough explicitives that I can chain together to sufficiently convey how much I fucking hate you Microsoft. So enjoy this seizure inducing tourette's mode compilation.

Fuck shit cock piss mother fucker asshole bitch mother fucker sick and tired of your fucking shit Microsoft you fucking cuck piece of shit nobody fucking likes you they only have to use you because no fucking business in their right mind is going to spend the millions of dollars it cost to fucking switch over to fucking Mac or Linux I hope you fucking choking a bag of HIV riddled flaming dicks you fucking piece of shit.

For fucks sack I just created my server and fail2ban already blocked 6 IP addresses dafuq is going on on the internet 😓

A third party manages access to a web application I’m supposed to begin using. While accessible from the Internet, they whitelist IP addresses, so it rejects the login credentials if not coming from a whitelisted address.

I provided my external IP address to their support team but the application was not letting me in, so I called their help desk. A support technician said that my IP address was 10.x.x.x, a private IP address. I’m not on the same network as this application, so I did a quick check and realized they are reading my internal IP address from my X-FORWARDED-FOR (XFF) header (yes, my employer exposes this).

I explain to him that the application is incorrectly reading my external (connection) IP address and is instead reading my internal IP address from my XFF header. I also explain that it’s not a good idea to add a private IP address to their whitelist as it somewhat defeats the point as anyone can assign that IP address within their network and expose it via an XFF header.

After talking to numerous support personnel, I came to the conclusion that not a single support person on their team understands basic networking and private IP address ranges.

I finally just said, “Fine. Go ahead and add my internal IP address but keep in mind it will change a lot.”

He then proceeded to “explain” to me how my IP address is assigned by my ISP and should change very infrequently. I explained to him that the IP address their application is reading is actually assigned by DHCP inside my network, but I was clearly wasting my breath.

Sometimes I wonder how compromised my parents online security would be without my intervention.

My mom logged into her gmail and there was an red bar on top informing about Google preventing an attempted login from an unknown device.

Like typical parents / old people, that red bar didn't caught her attention but I noticed it immediately. I took over and looked into it. It showed an IP address and a location that was quite odd.

I went ahead with the Account security review and I was shocked to find that she had set her work email address as the recovery email!!

I explained her that work email accounts cannot be trusted and IT department of the workplace can easily snoop emails and other info on that email address and should not be related to personal accounts.

After fixing that issue, me being a typical skeptic and curious guy, I decided to find more info about that IP address.

I looked up the IP address on a lookup website and it showed an ISP that was related to the corporate office of her workplace. I noticed the location Google reported also matched with the corporate office location of her work.

Prior to this event, few days ago, I had made her change her gmail account password to a more secure one. ( Her previous password was her name followed by birth date!! ). This must have sent a notification to the recovery mail address.

All these events are connected. It is very obvious that someone at corporate office goes through employees email addresses and maybe even abuse those information.

My initial skeptism of someone snooping throguh work email addresses was right.

You're welcome mom!

Zuck the Cuck says WhatsApp doesn't share user's location info with Facebook, but shares IP addresses.

Fucking trash.

My GF is a non-tech-savvy linguistics bachelor who uses elementaryOS as her only operating system on her only laptop. I'm not responsible for this, I only helped her install it instead of Windows when she asked me to do so.

She's a living proof that the stereotype of Linux being "too hard" or "exclusively for geeks" is outdated to say the least. Yes, Ubuntu and elementaryOS are not as kewl as Arch and Gentoo, but they are still better than a popular blue-colored American operating system that sends unencrypted screenshots of your desktop to some unknown IP addresses every 10 minutes.

My school just tried to hinder my revision for finals now. They've denied me access just today of SSHing into my home computer. Vim & a filesystem is soo much better than pen and paper.

So I went up to the sysadmin about this. His response: "We're not allowing it any more". That's it - no reason. Now let's just hope that the sysadmin was dumb enough to only block port 22, not my IP address, so I can just pick another port to expose at home. To be honest, I was surprised that he even knew what SSH was. I mean, sure, they're hired as sysadmins, so they should probably know that stuff, but the sysadmins in my school are fucking brain dead.

For one, they used to block Google, and every other HTTPS site on their WiFi network because of an invalid certificate. Now it's even more difficult to access google as you need to know the proxy settings.

They switched over to forcing me to remote desktop to access my files at home, instead of the old, faster, better shared web folder (Windows server 2012 please help).

But the worst of it includes apparently having no password on their SQL server, STORING FUCKING PASSWORDS IN PLAIN TEXT allowing someone to hijack my session, and just leaving a file unprotected with a shit load of people's names, parents, and home addresses. That's some super sketchy illegal shit.

So if you sysadmins happen to be reading this on devRant, INSTEAD OF WASTING YOUR FUCKING TIME BLOCKING MORE WEBSITES THAN THEIR ARE LIVING HUMANS, HOW ABOUT TRY UPPING YOUR SECURITY, PASSWORDS LIKE "", "", and "gryph0n" ARE SHIT - MAKE IT BETTER SO US STUDENTS CAN ACTUALLY BROWSE MORE FREELY - I THINK I WANT TO PASS, NOT HAVE EVERY OTHER THING BLOCKED.

Thankfully I'm leaving this school in 3 weeks after my last exam. Sure, I could stay on with this "highly reputable" school, but I don't want to be fucking lied to about computer studies, I don't want to have to workaround your shitty methods of blocking. As far as I can tell, half of the reputation is from cheating. The students and sysadmins shouldn't have to have an arms race between circumventing restrictions and blocking those circumventions. Just make your shit work for once.

**On second thought, actually keep it like that. Most of the people I see in the school are c***s anyway - they deserve to have half of everything they try to do censored. I won't be around to care soon.**

So I found this in the code:

Inet4Address.getByAddress (new byte[] {0x7f,0x00,0x00,0x01})

It's localhost. Why the actual fuck would you declare 127.0.0.1 as a fucking byte array!

Sometimes, when I write scripts to scan random IP addresses for an unsecure VNC server or develop my own NES emulator and someone asks me "Whatcha doin'?", it's just easier to lie rather than start explaining, so I reply:
- Nothing... Just some web dev.

A few years ago I was browsing Bash.org, and a user posted that he'd physically lost a machine.

A few weeks ago, I'd switched my router out for OPNSense. I figured it was time to start cleaning up my network.

Over the course of tracking down IP addresses and assigning statics to mac addresses, I spotted an IP I didn't recognize.

Being a home network, I'm pretty familiar with everything on the network by IP, so was a little taken aback.

I did some testing, found out that it was a Linux box. Cool.

I can SSH into it. Ok.

Logs show that it's running fine, no CPU/Memory/Harddrive issues. Nice.

So where is it?

Traceroute shows its connected directly to the router... Maybe over an unmanaged switch...

Hostname is "localhost"... That's no help.

I've walked the network 4 times now, and God knows where it is.

I think maybe I'll just leave it alone. If it ain't broke...

Q: Where does a developer use the bathroom at?

A: their IP Addresses 😎😎

Recently started at a new job. Things were going fine, getting along with everyone, everything seems good and running smoothly, a few odd things here and there but for the most part fine.

Then I decided to take a look at our (public facing) website... What's this? Outdated plugins from 2013? Okay, that's an easy fix I guess? All of these are free and the way we're using them wouldn't require a lot of refactoring...

Apparently not. Apparently, we can't even update them ourselves, we have to request that an external company does it (which we pay, by the way, SHITELOADS of money to). A week goes past, and we finally get a response.

No, we won't update it, you'll have to pay for it. Doesn't matter that there's a CVE list a bloody mile long and straight up no input validation in several areas, doesn't matter that tens of thousands of users are at risk, pay us or it stays broken. Boggles the fuckin' mind.

I dug into it a bit more than I probably should have (didn't break no laws though I'm not a complete dumbass, I just work for em) and it turns out it's not just us getting fucked over, it's literally EVERYONE using their service which is the vast majority of people within the industry in my country. It also turns out that the entirety of our region is running off a single bloody IP which if you do a quick search on shodan for, you guessed it, also has a CVE list pop up a fuckin' mile long. Don't get me started on password security (there is none). I hate this, there's fucking nothing I can do and everyone else is just fine sitting on their hands because "nobody would target us because we're not a bank!!", as if it bloody matters and as if peoples names, addresses, phone numbers and assuming someone got into our actual database, which wouldn't be a fuckin' stretch of the imagination let me tell you, far more personal details, that these aren't enticing to anyone.

What would you do in my situation?
What can I even do?
I don't want to piss anyone senior off but honestly, I'm thinkin' they might deserve it. I mean yeah there's nothing we can do but at least make a fuss 'cause they ain't gunna listen to my green ass.

Hi lil puppies what's your problem?

*proxy vomits*

Have you eaten something wrong....

*proxy happily eats requests and answers correctly*

Hm... Seems like you are...

*proxy vomits dozen of requests at once*

... Not okay.

Ok.... What did u you get fed you lil hellspawn.

TLS handshake error.

Thousands. Of. TLS. Handshake. Errors.

*checking autonomous system information*

Yeah... Requests come from same IP or AS. Someone is actively bombing TLS requests on the TLS terminator.

Wrong / outdated TLS requests.

Let's block the IP addresses....

*Pats HAProxy on the head*

*Gets more vomit as a thank you no sir*

I've now added a list of roughly 320 IP adresses in 4 h to an actively running HAProxy in INet as some Chinese fuckers seemingly find it funny to DDOS with TLS 1.0... or Invalid HTTP Requests... Or Upgrade Headers...

Seriously. I want a fucking weekend you bastards. Shove your communism up your arse if you wanna have some illegal fun. ;)

I've tried multithreading with php, wrote a simple script which checks a series of ip addresses and tries to ftp into them.

I've noticed that the script is running very slow, i checked everything, tested the db, tested my code, i've started to doubt, that my compilation of php was fucked up (btw i did that for the first time).

Then i've started to mesure the time of each db request, but the numbers didn't add up. Then it fucking hit me...

I fucking set the timeout for ftp_connect to 5 seconds, and that was causing the slowdown. I wasted two fucking coding sessions on finding that out.

What a fucking blind moron can I be, holy shit.

When TV shows or movies show IP addresses with numbers greater than 255 :/

First rant (well, first on devRant anyway)! So, I'm working on a project to refactor a decade old codebase so that all references to ip addresses are in config. It sucks. But I did find an ascii art fish in an old cron script, so that's something.

This morning I was looking in our database in order to solve a problem with a user registration and I accidentally noticed some users registered with unusual email addresses (temporary mail services, Russian providers and so on...).
I immediately thought about malicious users so I dug into the logs and I found that the registration requests started from an IP address belonging to our company (we have static IP addresses). My first reaction was: «OMG! Russian hackers infiltrated into our systems and started registering new users!»
So, I found the coworker owning the laptop from which the requests were sent and I went to him in order to warn him that someone violated his computer.
And he said: «Ah! Those 7 users? Yeah, I was doing some tests, I registered them. My email address was already registered so I created some new ones».
Really, man? Really? WTF

Watching a piece (a Belgian TV series) about hackers

- Police IT dpt takes a burned down computer (literally burned down -- black from the smoke), plug it into the mains and remove a graphics card. To collect evidence from.

- A policeman from IT dpt is browsing some company's website (while at the police station), looking at their clients. Address bar says: 127.0.0.1.

- The police hacker is browsing some forum. She got the post author's IP and MAC addresses from that forum post metainfo.

<img src="awkward.jpeg" alt="Awkward...">
<img src="confused_jackie.jpeg" alt="Awkward...">

Ideas for a strong password:

- a regex matching my laptop's LAN IP address
- a sed command to enable X11 forwarding in sshd_config
- a shell oneliner extracting all the IP addresses from ifconfig / ip a sh
- an awk command to print processes in D state
-

Chip in!

It's cute how most companies think that someone will take the time to personally hack them. Like nah mate there's countless bots running around the internet like a rabid pack of dogs sniffing ip addresses and running exploit, one of the stragglers will pick you off...

I’m in a big company now. We have all the resources in the world. We promote best practice. We don’t even seem to have deadlines. We mob on everything so that we get the benefit of all our experience combined.

So if all that is true, why in gods name does the first class I open have shed loads of hard coded settings, IP addresses and GUIDs in it?

FML. How did I end up working in this shit.

As usual a rather clickbait title, because only the chrome extensions (as always) seem to be vulnerable:

"Warning – 3 Popular VPN Services Are Leaking Your IP Address"

"Researchers found critical vulnerabilities in three popular VPN services that could leak users' real IP addresses and other sensitive data."

"VPN Mentor revealed that three popular VPN service providers—HotSpot Shield, PureVPN, and Zenmate"

"PureVPN is the same company who lied to have a 'no log' policy, but a few months ago helped the FBI with logs that lead to the arrest of a Massachusetts man in a cyberstalking case."

"Hijack all traffic (CVE-2018-7879) "
"DNS leak (CVE-2018-7878)"
"Real IP Address leak (CVE-2018-7880)"

For the last 20 years, there's one thing I've not been able to do reliably:

Share a folder on a windows computer.

Why the fuck can I write /etc/smb.conf from scratch with a blindfold on and make it securely work from all client devices including auth & acl, but when I rightclick and share on windows it's either playing hide and seek on the network (is it hiding behind //hostname/share? No? Maybe in the bushes behind the IP addresses?), or it's protected by mysterious logins requiring you to sacrifice two kittens a day.

Yes, finally it works! One windows update later... aaaand it's gone.

JUST GIVE ME A FUCKING CONF AND A MAN PAGE, MICROSOFT. I DON'T CARE THAT YOU'RE ORALLY PLEASING ALL THESE MALWARE RIDDEN GUISLUTS ON THE SIDE, JUST GIVE ME A FUCKING TEXT FILE TO STORE AND EDIT.

"I'm so sick and tired of these extortionate IP address lease prices! I need you develop our own system that doesn't rely on IP."

Saw this sent into a Discord chat today:

"Warning, look out for a Discord user by the name of "shaian" with the tag #2974. He is going around sending friend requests to random Discord users, and those who accept his friend requests will have their accounts DDoSed and their groups exposed with the members inside it becoming a victim as well. Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him. Discord is currently working on it. SEND THIS TO ALL THE SERVERS YOU ARE IN. This is IMPORTANT: Do not accept a friend request from shaian#2974. He is a hacker.

Tell everyone on your friends list because if somebody on your list adds one of them, they'll be on your list too. They will figure out your personal computer's IP and address, so copy & paste this message where ever you can. He is going around sending friend requests to random discord users, and those who accept his requests will have their accounts and their IP Addresses revealed to him. Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him. Saw this somewhere"

I was so angry I typed up an entire feature-length rant about it (just wanted to share my anger):

"1. Unless they have access to Discord data centres or third-party data centres storing Discord user information I doubt they can obtain the IP just by sending friend requests.

2. Judging by the wording, for example, 'copy & paste this message where ever you can' and 'Spread the word and send this to as many discord servers as you can. If you see this user, DO NOT accept his friend request and immediately block him.' this is most likely BS, prob just someone pissed off at that user and is trying to ruin their reputation etc.. Sentences equivalent to 'spread the word' are literally everywhere in this wall of text.

3. So what if you block the user? You don't even have their user ID, they can change their username and discrim if they want. Also, are you assuming they won't create any alts?

4. Accounts DDoSed? Does the creator of this wall of text even understand what that means? Wouldn't it be more likely that 'shaian' will be DDoSing your computer rather than your Discord account? How would the account even be DDoSed? Does that mean DDoSing Discord's servers themselves?

5. If 'shaian' really had access to Discord's information, they wouldn't need to send friend requests in order to 'DDoS accounts'. Why whould they need to friend you? It doesn't make sense. If they already had access to Discord user IP addresses, they won't even have to interact with the users themselves. Although you could argue that they are trolling and want to get to know the victim first or smth, that would just be inefficient and pointless. If they were DDoSing lots of users it would be a waste of time and resources.

6. The phrase 'Saw this somewhere' at the end just makes it worse. There is absolutely no proof/evidence of any kind provided, let along witnesses.

How do you expect me to believe this copypasta BS scam? This is like that 'Discord will be shutting down' scam a while back.

Why do people even believe this? Do you just blindly follow what others are doing and without thinking, copy and paste random walls of text?

Spreading this false information is pointless and harmful. It only provides benefits to whoever started this whole thing, trying to bring down whoever 'shaian' is.

I don't think people who copy & paste this sort of stuff are ready to use the internet yet.

Would you really believe everything people on the internet tell you?

You would probably say 'no'.

Then why copy & paste this? Do you have a reason?

Or is it 'just because of 'spread the word''?

I'm just sick of seeing people reposting this sort of stuff

People who send this are probably like the people who click 'Yes' to allow an app to make changes in the User Account Control window without reading the information about the publisher's certificate, or the people who click 'Agree' without actually reading the terms and conditions."

I normally just have nightmares about the projects I'm working on, especially when I struggle with a bug for days. Those are usually about just me stressing out about it. However, I have a lot of dreams about computers/technology, not necessarily coding-related:

- datacenters were just potato fields. If you go work the field, you'd go data mining

- in Biology, when being taught how having children works, you only tell that "parenting is only chmod-ing the rights of your children until they become the owners themselves"

- IP addresses with emojis instead of numbers were a standard now and they actually managed to replace IPv4, because everyone was so into emojis. They named it IPvE

- I witnessed a new Big Bang when the 32-bit Unix time overflown in 2038, and we were all quantum bits

So a few months ago, I got a half-broken old iPhone (microphone, speaker and cameras not working) for testing purposes and it lays 99.9% of the time on my shelf turned off. Today, I turned it on and after I opened Safari, I surprised in not exactly the most pleasant way.
When I started writing in the address bar a strange suggestion from Siri came up for a website my mom searched a few hours ago on her android tablet. Like what the actual fuck?? There is absolutely 0 connection between these 2 devices, there is PiHole running on local network. The only thing that I can think of is that she is using Google (logged out) and it looks like they are actively sharing their data based on IP addresses. Wow...

Question; does anyone know of the ip addresses you get/see when whoissing an asn number are ALL the ip addresses that company (who's under that asn number) has allocated?

Asking for reasons....

Got an update for Firefox 😊 ->
Updated Firefox 🎉 ->
Got a sticky popup that asks if I would answer 3 review questions, why not? 🙄 ->
Went to a fucking website that uses my fucking IP to identify my fucking language automatically, and the result is the one you can see in the image,
half fucking German and half fucking English,
meanwhile I'm the turd from fucking Italy!

Firefox, I didn't knew you like it 🤬 black (pattern(UX))

Message for ALL, take my example and WHENEVER THERE'S A TURD THAT SUGGESTS TO IMPLEMENT THE fucking LOCALIZATION BASED ON IP ADDRESSES, SAY THAT IT DOESN'T WORK, NEVER WORKED(not my first time elsewhere on the web) AND NEVER FUCKING WILL 😤

Good Morning Devs. Funny thing... Why was I dreaming about subnetting 😂. I literally remember in the dream about telling someone to count zeros. I woke up like 🤔🤔. Zeros...zeros. Was I just explaining to someone how to figure the total IP addresses and Hosts....🤭🤦‍♂️🤦‍♂️

So, I move house with my amazing, already configured and stable router with built in VPN, DDNS, Port forwarding and DHCP addresses.

Received ISP shitty router at new address and want to use as modem only, so I go read the manual.

"Bridge mode requires you to configure your other router with PPPoE and the ISP's credentials"

Landline is not working, so I cannot call the number to retrieve my password. After 2 days of waiting, engineer visits, installs master socket, dial tone yaaay.

Call number to get password, automated voice message has such a bad sound quality that I cannot figure out if it's saying F or S, and there are two of those letters.

Put ISP router in bridge mode, set other router to PPPoE and put credentials, nothing. Try with F and F, S and F, F and S, S and S... Nothing. Put it back to dynamic IP address, it works.

I resign myself and manually configure everything I had on the good router to the ISP one. A few issues with my server and DDNS, but hey, internet works.

Start missing the other functionality, try the password idiocy again. Nothing.

Next day, go to work, talk to a colleague that lives close and has the same provider: "I just put it into bridge mode and it worked".

Go back home, bridge mode on ISP router, Dynamic IP on good router, no credentials. It works.

Why do I always overcomplicate stuff?

I have a gitlab instance behind a reverse proxy at gitlab.mydoman.pizza (yeah my TLD is .pizza 😎🍕). I have a personal site hosted on GitHub pages. I have a CNAME record in GitHub repo pointing to mydomain.pizza. I have 4 A records on my domain registrar pointing to the GitHub pages server IP addresses. now both mydomain.pizza and myusername.github.io both go to my gitlab instance??¿¿ what the fuuuuuckkkkk?¿?¿

So I tried to use Opera a few times at a time with different IP addresses(Opera has a VPN but normally only one connection) ...
I decided to copy the portable version
Via CMD to create a few Profiles(6 GB) and create a launch.bat
Now I have Opera running about 50 times and now my Computer starts making noise because I have a total of over 400 Processes running
CPU & RAM love it

Mixing PHP and HTML code with a bunch of if-elses, creating a docker-compose script thats uses the remote database password (and its committed) and set API calls to IP fucking addresses with no explanation. Just make POST requests to undocumented APIs.

How the fuck are these people allowed to code?????

Are there any alternatives to IP addresses?

So here's a random idea: DDoS defence swarm.

Install the daemon on your server, and every time your server gets DDoS'd, all members of the swarm will mobilise to defend you, but the catch is that your server will have to help other members of the swarm too.

The defensive technique in question can be one of many:

1. Automated IP blocking/reporting with a blacklist in distributed form.
2. Other swarm members counterattack and cooperatively DDoS the offending addresses.
3. Flood the ISP with automated emails to force them to pay attention to the problem.

...or a combination of all of the above.

The only issue I can see with this is abuse potential. A clever person can trick the swarm into DDoSing innocents.

Tomorrow our small company moves to another small office. I don't believe that Internet connection or our ip addresses works correctly. it should work and I need those ips for connection to client servers.

Networking Viva

External: how you specify the clients ip address to the server.

Me: Sir, we provide servers address to the client.

External: Where are clients IP addresses in server file

Me: Sir client goes to the server....

External: u know nthg...
😂😂😂

There were two of them, not sure which was completed first. One was malware, the second one -- admin tool.

These were the early XP days

1. A batch [windows] script to ease system users' mgmt. Nothing fancy, just multiple calls to usercontrol. My dad needed it for work, and there, it was born. To extend further I made it into an exe file w/ some icon. I felt very proud of it :)

2. I have already told a story of this one at dR. Anyway, it was also a batch script. Except that it was more advanced. Basicaly it was a trojan. Once executed it discovered all that computer's ip addresses and uploaded them to an ftp. Then - pulled a headless radmin installation and initiated a silent install of radmin server. Added radmin server's executable to autolaunch list so that it would come up after reboots. Once done - uploaded SUCCESS status to my ftp. And then all I had left to do - pick an ip from my ftp and enter it into radmin client's CONNECT window. I had a full controll of over a dozen of pcs

I know I'm a bit late with this, but I thought I'd share it anyway.
A few years ago me and my friend were messing around in computer class and I decided to look at the network devices.
I couldn't believe, what I saw. All of the school security cameras were there, and the best part: when I connected to their ip addresses, they were just showing the live feed, no password or anything.
I didn't really do anything with it since I couldn't think of any great ideas and it has since been fixed.
Technically not hacking but still somewhat related.

Coding would be fun right now.
But seems like i gitta do a night shift to rock network technology test tomorrow. The most annoying thing about this test is, that we have to calculate ip addresses by hand. Not too hard, but damn.. We are not allowed to write it down in hex, only binary (while calculating). And he wants to see interim steps in our calculations.. Even with IPv4 addresses it will be a great amount of 0s and 1s to write.
I better look for a second pen to take with me..

For some reason we store IP addresses as nvarchar(100) in SQL.

Lost 3 days because of shitstorm not knowing why my nextjs localhost app wasnt working just go the 3rd day on mongodb dashboard and have a warning that mongodb will block any connections of ip addresses that are not manually added (i have no idea how mongodb works other than just how to use it in code)

Because the shitstorm knocked me off the internet for 3 days (will probably be for over 7 days cause these assholes dont give a shit to fix it) i dont have wifi access so my localhost app cant work

However my dads android has unlimited gb of 4g internet access so i connect to his hotspot and then try to run the app but still fails. I thought i cant run the app until my internet gets fixed from shitstorm just to find out i had to manually allow the inbound IP address of the android phone into the mongodb dashboard. And now it works fine. Fuck off

So I reinstalled Ubuntu server and set the ip to 204, but I forgot that I assigned a static ip to it in my dhcp. I guess it has two IPv4 addresses now? How? Only one NIC 🤔

When I found out that the server I use weirdly implements SSH login.
For some very odd reason (probably a historical one,) you have to access the web-app console and press a button TO GRANT SSH ACCESS TO THE F*<KING IP ADDRESS FROM WHICH I PRESSED THE BUTTON. The server blocks the wrong IP addresses outright. And only one active allowed IP at a time. This totally obliterates my plan to perform CD on this server. Why can't I just register public keys?
Then I learned several months later that they introduced a new server plan that *does* support the public-key registration. :facepalm:
I'm divided on whether to change my plan in exchange for a rather significant increase in the monthly cost.

Any disposable e-mail address service:
"FIGHT THE SPAM"
"THANK YOU FIGHTING THE SPAM"
"YOU DID GOOD BY FIGHTING SPAM"

The users of disposable e-mail address:
*creates another spam account*
*creates another multiaccount in order to exploit a system*

Companies actually fighting spam:
Now there is even more spam to fight against. (which is not good)

About 2/3 of the accounts created daily on our website are spam accounts. We have to waste our time with this shit instead of actually improving our services. Since we do not track IP-Addresses and there are countless amounts of disposable e-mail domains AND there is still the option to create countless spam e-mail addresses within legit e-mail providers, there is no easy way of stopping this madness.

"Fight the Spam", you could start by deleting your shitty service or at least give us a list of all the domains you're using, srsly.

I am planning on applying for a job doing crime lab IT support. I have acquired the necessary skills and added them to my resume.

Skills:
Visual Basic
Networking
UX/GUI

Interests:
Hacking
Tracking IP addresses

I've been selected as an amazon echo tester for my country.

to agree fill this survey and you will receive a free Echo:
*fine*

do you have WiFi?
yes (you already know that i have a fire tv stick so you know even the password)

what mobile os do you have?
android (you already know also this i have the amazon app installed in it)

where do you live?
*my city* (you know that from ip address & shipping addresses)

imagine what them will now that i will introduces an open in mic in my room....

(i think that i will keep it behind firewall when i am not at home and when i dont want use it)

Having problems with some users ipv6 addresses in my server. For testing purposes I would like to find a free or very cheap vpn so I could obtain a ipv6 ip address proxy/vpn (if its even possible) for testing purposes. Can you recommend something?

Hi fellow devRanters, I need some advice on how to detect web traffic coming from bad/malicious bots and block them.

I have ELK (Elastic) stack set up to capture the logs from the sites, I have already blocked the ones that are obviously bad (bad user-agent, IP addresses known for spamming etc). I know you can tell by looking at how fast/frequently they crawl the site but how would I know if I block the one that's causing the malicious and non-human traffic? I am not sure if I should block access from other countries because I think the bots are from local.

I am lost, I don't know what else I can do - I can't use rate limiting on the sites and I can't sign up for a paid service cause management wants everything with the price of peanuts.

Rant:

Someone asked why I can't just read through the logs (from several mid-large scale websites) and pick out the baddies.

*facepalm* Here's the gigabytes log files.

Yo does bogons stand for anything, the bogon IP addresses? Bot something?