IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2024/11/08
~dr|z3d
@RN
@RN_
@StormyCloud
@T3s|4_
@eyedeekay
@orignal
@postman
@zzz
%Liorar
+FreefallHeavens
+Xeha
+bak83_
+cumlord
+hk
+profetikla
+uop23ip
Arch
DeltaOreo
FreeRider
Irc2PGuest19353
Irc2PGuest22478
Irc2PGuest48042
Irc2PGuest64530
Meow
Nausicaa
Onn4l7h
Onn4|7h
Over1
acetone_
anon4
anu3
boonst
juoQuua9
mareki2pb
not_bob_afk
plap
poriori_
shiver_1
simprelay
solidx66
thetia
tr
u5657
weko_
orignal hk what language do you use? go?
hk orignal: hello orignal, yes yes primarily go now
hk but I started with C++ long ago, about 3 years ago it was just C/C++, all private and nothing public
hk then I dabbled in rust; but I like C++ better to be honest
hk a lot of memory issues can be solved with std::unique_ptr
hk only recently have I started to code in public projects, and that has been entirely in go as it is my new fascination and im growing to like the language
bak83 I forgot that I could use netcat to send tcp packets, so thank you orignal. That makes life so much easier. I'm still looking for it, but sending a malformed or unsupported SAM message falls through to an infinte loop somewhere. I suspect that is what possibly prevents new SAM messages from being handled
RN bleep bloop
hk RN: huh
hk you're a bot now?
hk I meant no offense <:) just jesting
dr|z3d latest + dev build, light/dark themes now have collapsible /help/advancedsettings entries. other themes to follow.
dr|z3d also, page has been refactored into sections, so should be easier to browse.
RN if you think I'm a bot, you can bite my shiny metal arse
RN ;)
RN (quoting Bender Rodriguez there)
RN *** giggles and runs away to where the robots hide ***
T3s|4 dr|z3d: nice work on /help/advancedsettings :)
dr|z3d thanks T3s|4!
orignal bak83_ I will check and make sure to disconnect if message is incomplete
hk RN: I got that reference :D
dr|z3d so, without XG routers in the mix, transit request count looks normal. definitely something dubious with those XG routers.
zzz individual routers don't seem to last long but I am starting to see new ones at the same IPs; no use in hash bans
dr|z3d all XG?
zzz StormyCloud, see my retweet re: tor attack, might happen to you
dr|z3d StormyCloud's no longer hosting Tor exits.
zzz i know, still might happen to him
dr|z3d ssh scanners is nothing new, I've seen that before.
dr|z3d you attempt to connect to a ssh server over ssh, and guess what, ssh reports that the key/host has changed.
dr|z3d or the server id, whatever it is.
dr|z3d *over Tor
dr|z3d not frequently, but I've seen that a handful of times.
hk or scanning for password protecting ssh vs public key
hk protected*
dr|z3d sure, never a good idea to keep p/w access enabled on an ssh server.
hk you'd be surprised how widespread it is lmfao
hk I dont understand it either, i can understand the motivations if its a shared server and they prefer ease of use but man... I hope that they have fail2ban
hk even that be surprassed with residential proxies
dr|z3d doesn't matter, shared server or not. upload key(s), disable p/w access, disable root login, done.
hk amen
hk public key is the only way to go
eyedeekay Too bad about the upload keys step, it would be nice if there were an easy way to set that up that allows the keys to be copied without shipping a default config that tolerates password authentication
hk yeah there is a short period of paranoia where you rush to setup ssh_config
hk sshd_config*
eyedeekay Well also not everybody's going to remember to change it, or know to change it, or they might just make a mistake
eyedeekay Better defaults would prevent that if it was clear how to make them work
hk it's like
hk forgetting to lock your doors at home lol
hk yeah
hk well except, it's just one and done
hk I imagine if there's a sysadmin managing multiple servers, it could be easy to forget but it's so critical
eyedeekay Yeah and also there are plenty of non-sysadmins, or at least people who don't consider themselves that, with "servers" out there they don't even know about
eyedeekay I know a guy who's off-the-shelf home mesh equipment has an SSH server exposed on port 22 which has the same password as the WebUI for his router
hk jesus man lol
hk the fact that he even told you, bad opsec on his part XD
eyedeekay Oh yeah he's a whole idiot
hk no offense meant, but I wouldn't even tell my parents if they could understand what my ssh config is
hk again it's like... the keys to your house
eyedeekay Well the dumbest part is that he didn't actually configure it that way, the ssh server and the webUI share a password by default
hk "hey man I leave my keys under my doormat"
hk brutal
eyedeekay And like it's a whole SSH server, I can like compile stuff on my laptop and upload it
hk ahahahh
eyedeekay And the SSH server is running by default
hk looool man I can never understand
hk there has to be a word for the opposite of paranoia
hk like complete openness and lack of anxiety
eyedeekay pronoia
hk there you go
eyedeekay Honestly if he or I had the time it would be cool hardware to target with an OpenWRT port if somebody else hasn't already, just because it comes so completely blown open by default
eyedeekay But larger point, people like that need way better defaults than he got from whatever fly-by-night company he bought his hardware from
hk for sure, they just assume taht the end-user will secure it themselves but it seems like they need to package for pronoia people and have a disclaimer on the ramifications of defaults lol
eyedeekay Yeah and the truth we've all come to understand here is that basically no one changes the defaults
eyedeekay If the default is bad, consumers rarely change it
RN they should put pictures of lung cancer on the box of consumer routers with text saying "this could happen to you if you don't change the default password"
RN "the tyrany of the defaults"
eyedeekay European cigarette packaging is fucking brutal
RN yeah it is
RN LOL
RN doesn't stop smokers though, we are a stubborn bunch
eyedeekay crying babys covering up their mom's tracheotomy scars and stuff
eyedeekay I only ever smoke tobacco in Europe because I'm only in Europe for a couple weeks a year
zzz you missed the point folks. the ssh scans to random places have spoofed source IPs of tor exits, so the abuse reports are wrong
RN ouch
zzz this IS something new
RN *** goes off to double check passwords are disableded ***
T3s|4 RN, as you know its PasswordAuthentication no and PubkeyAuthentication yes :)
RN yeah
RN just wanted to make sure I didn't miss it somewhere
T3s|4 always worth a recent check :D
RN gotta have pubkey established before disabling password
RN ;)
T3s|4 ^yep; and I've never figured out a way around that
RN just like you can't avoid first connection to a vps before you set up I2P/Tor tunnels for ssh
RN but you can do that first connect from an IP other than "home"
eyedeekay Oh I didn't see the tweet until now
eyedeekay This rings a bell somewhere for me
eyedeekay Pretty good article from one of the people running the affected relays posted here: delroth.net/posts/spoofed-mass-scan-abuse
orignal I'm not a sysadmin, for example
orignal RN you don't need to disable password
orignal just set one generated by pwgen
orignal There were 18987 failed login attempts since the last successful login.
orignal just logon to one of my VPS
eyedeekay Apparently they're doing it to relays too
orignal relay what?
eyedeekay Tor relays, there's an attack going on against Tor where the attacker triggering abuse complaints against the relays by making it appear that scans of port 22 are originating from the relays
RN orignal, but why even give them the opportunity to try? Simpler solution for me to just turn off pw access.
dr|z3d that doesn't seem like a difficult attack to pull off, just torsocks nmap or whatever.
dr|z3d and I'd question whether the attack is intended to trigger complaints, sounds more like a side effect from running a scan over Tor.
eyedeekay The attackers have a website, they are quite overt about the intent
dr|z3d oh, then color me wrong.
eyedeekay You're right though it seems very simple to pull off, but the difference here is that it doesn't actually turn out to be exit traffic at all, it's spoofed and sent from other addresses
eyedeekay the attackers don't care about getting the results of the scan at all, they just care about making it seem like Tor nodes are the bad guys
eyedeekay That's why they can do it to relays as well as exits
dr|z3d same treatment for /help/faq as per /help/advancedsettings in latest + dev build (dark theme only, others to follow)
T3s|4 dr|z3d: new FAQs look great, thanks :)
T3s|4 dr|z3d: I see truncated under Where are my i2p config files stored? > Configuration files for the router, installed plugins, and router logs are stored in the following location:'
T3s|4 ^when you have time, not sure why it got truncated
dr|z3d thanks, T3s|4, will fix.
orignal wtf going on?
orignal postman keeps kicking me out
cumlord postman is very tired
orignal I mean this irc server
orignal * [orignal] idle 05:59:10, signon: Mon Nov 4 18:53:41
orignal see my uptime at Ilita
orignal on Monday I just rebuilt
cumlord don't think i've been having disconnects with either
cumlord ilita runs on i2pd right?
T3s|4 np dr|z3d - minor stuff :)
dr|z3d fix coming up, ETA 10m.
orignal WebClient56: 13:57:16@15/error - Reseed: Mammoth's shit
orignal some reseed is outdated
dr|z3d and now you know.
dr|z3d reseed-pl.i2pd.xyz <- stale RIs.
orignal so which one?
dr|z3d any in yellow.
orignal thanks
dr|z3d mouseover the dot and it'll tell you the status.
orignal this reseed is not longer in the list
orignal thar guy says he used outdated version of i2pd
dr|z3d which? pl?