What can people use my ip address for?

[Arika]

[removed]

[KuJoe]

On 6/22/2017 at 4:00 PM, Lord Nicoll said:

Well why don't we see. I run a minecraft server so my IP is static and I have a single machine in the DMZ, happy hacking. 

93.107.39.104

 

There isn't much in terms of super good protection, so I doubt it would take much to hack it if you know what you're doing.

Mr. J, it looks like you live in Swords or Rathmines (I can't tell where the borders are), you have an account with AIB Bank, and you like to register .ninja domains. You used to run a Rust server and a TOR server back in December. For $50 I could get more info including your address but not worth it.

 

Am I close?

[Lord Nicoll]

Just now, KuJoe said:

Mr. J, it looks like you live in Swords or Rathmines (I can't tell where the borders are), you have an account with AIB Bank, and you like to register .ninja domains. You used to run a Rust server and a TOR server back in December. For $50 I could get more info including your address but not worth it.

The only ones that are correct are the Tor and Rust ones (I thought TOR still worked, shit it must have broken again) other than that idk what .ninja is, I don't use it. The geo location is a good bit off too but I knew that, this IP has been static for almost a year so I'd thought it'd have gotten better but it hasn't. I'd be faster to just use the IP to gather as much info as possible based off stuff I said ( I don't mind my personal info really, I'm permanently broke so it's not worth anyone's time) Good work on the other stuff though.

[KuJoe]

Just now, Lord Nicoll said:

The only ones that are correct are the Tor and Rust ones (I thought TOR still worked, shit it must have broken again) other than that idk what .ninja is, I don't use it. The geo location is a good bit off too but I knew that, this IP has been static for almost a year so I'd thought it'd have gotten better but it hasn't. I'd be faster to just use the IP to gather as much info as possible based off stuff I said ( I don't mind my personal info really, I'm permanently broke so it's not worth anyone's time) Good work on the other stuff though.

Yeah, gathering the location based solely on an IP takes some social engineering which I refuse to do. I'm using the IP to get breadcrumbs from other sites you've used that link me to unique phrases (like ByranLand) and show me what ports are open (9001). It's telling me that you have 6 domains registered in your name (or have in the past), it could be another J Nicoll though. I'm seeing your reviews that you wrote for AIB Bank telling me which branch you visit and which station you use for commuting which narrowed down your location quite a bit along with pictures you took of libraries and stores within a rather small area. I wasn't going to bring up any personal stuff since this is just us having some fun.

[Lord Nicoll]

Just now, KuJoe said:

Yeah, gathering the location based solely on an IP takes some social engineering which I refuse to do. I'm using the IP to get breadcrumbs from other sites you've used that link me to unique phrases (like ByranLand) and show me what ports are open (9001). It's telling me that you have 6 domains registered in your name (or have in the past), it could be another J Nicoll though. I'm seeing your reviews that you wrote for AIB Bank telling me which branch you visit and which station you use for commuting which narrowed down your location quite a bit along with pictures you took of libraries and stores within a rather small area. I wasn't going to bring up any personal stuff since this is just us having some fun.

The email I use for this forum account is my main personal one, it shouldn't be too hard to also use that. However I do some small internet banking so there should be deeply hidden stuff there. Do be careful, my mum was recently "hacked" however that was through Netflix which they tried to use to get her Paypal, which was a pretty half hearted attempt since we handed the police investigating it 5 IP's, all from the name range, 3 of which where IPV6 addresses, and they confirmed where the same ones they where investigating, so thread carefully (if they come back to use I'll make it clear I has some friends try to gain access so they know nobody else is illegally trying) however if you can find some useful info on my PC's or servers you can have an internet cookie. I do own a domain but it's a .ie one, have fun looking up those registrars if you're bored and want imaginary cookies (because who doesn't)

[Cyberspirit]

@KuJoe Is there any way to improve security?

[KuJoe]

24 minutes ago, Lord Nicoll said:

The email I use for this forum account is my main personal one, it shouldn't be too hard to also use that. However I do some small internet banking so there should be deeply hidden stuff there. Do be careful, my mum was recently "hacked" however that was through Netflix which they tried to use to get her Paypal, which was a pretty half hearted attempt since we handed the police investigating it 5 IP's, all from the name range, 3 of which where IPV6 addresses, and they confirmed where the same ones they where investigating, so thread carefully (if they come back to use I'll make it clear I has some friends try to gain access so they know nobody else is illegally trying) however if you can find some useful info on my PC's or servers you can have an internet cookie. I do own a domain but it's a .ie one, have fun looking up those registrars if you're bored and want imaginary cookies (because who doesn't)

I didn't find an e-mail for you but I completely forgot to look at your profile, there's a lot more info there that would have made it easier on me. I did find your domain which is how I found your full name which led me to your reviews and pictures. I would never try to access any of your machines, that's a dick move even with permission.

 

I do have a recommendation though and that is to change your SSH port to anything other than the default since it will reduce the amount of automated bots who stumble upon it.

 

Are you running a bittorrent client on your Ubuntu server with Minecraft? Doesn't that impact performance? I see you're also running Samba on that server, I recommend blocking that port at your firewall because of stuff like this. I also didn't realize Huawei made routers but good thing they're using OpenWRT instead of something home cooked (I like seeing more consumer routers using open source software), the 24 days uptime isn't reassuring though unless it was a power outage or something.

 

EDIT: I'd also disable remote access to your router's login page if it lets you, I didn't try to open it but I see the port is open.

[Cyberspirit]

@KuJoe I am running a torrent client but on windows 10. Also i'm not using samba or anything like that.

[KuJoe]

2 minutes ago, Cyberspirit said:

@KuJoe Is there any way to improve security?

Yes there are, but the easiest method is not to become a target. Here's some suggestions which I personally don't follow but you can if you're really paranoid:

1. Don't forward ports (I do).
2. Use a VPN whenever possible (I kinda don't).
3. Don't put anything online you wouldn't tell a stranger or a criminal (I do).
4. Don't put anything sensitive/important on a device connected to the internet (I do).
5. Never sign up for any social media (I have).

I would say to just use common sense, but that's not enough these days so the best thing you can do is not stand out. If a person targets you and they are determined then the likelihood of you stopping them is slim, just do your best to avoid the automated bot attacks and that's the best you can hope for without severely limiting your online experience.

[KuJoe]

Just now, Cyberspirit said:

@KuJoe I am running a torrent client but on windows 10. Also i'm not using samba or anything like that.

My post was directed at @Lord Nicoll since he posted his IP and I did a quick scan of his network for him.

[Cyberspirit]

@KuJoe I don't forward ports at least i don't think so. Also i'm not using a VPN because they are so slow. 3-5 Those are kinda impossible to avoid to me at least.

[KuJoe]

2 minutes ago, Cyberspirit said:

@KuJoe I don't forward ports at least i don't think so. Also i'm not using a VPN because they are so slow. 3-5 Those are kinda impossible to avoid to me at least.

Yeah, it's hard to be safe online and have an online life at the same time. Just limit the amount of people that have your IP address, your phone number, and your e-mail address then hope for the best.

[Cyberspirit]

@KuJoeAlright thanks

[Lord Nicoll]

1 minute ago, KuJoe said:

I didn't find an e-mail for you but I completely forgot to look at your profile, there's a lot more info there that would have made it easier on me. I did find your domain which is how I found your full name which led me to your reviews and pictures. I would never try to access any of your machines, that's a dick move even with permission.

 

I do have a recommendation though and that is to change your SSH port to anything other than the default since it will reduce the amount of automated bots who stumble upon it.

 

Are you running a bittorrent client on your Ubuntu server with Minecraft? Doesn't that impact performance? I see you're also running Samba on that server, I recommend blocking that port at your firewall because of stuff like this. I also didn't realize Huawei made routers but good thing they're using OpenWRT instead of something home cooked (I like seeing more consumer routers using open source software), the 24 days uptime isn't reassuring though unless it was a power outage or something.

Yes, that router is a Vodafone OEM one, it runs what they put on it, which is a very custom firmware, as far as ISP provided routers, it's an amazing one. My friend loves OpenWRT and I've been working on a raspberry Pi + RouterBoard 450G openWRT server thing for sometime with him, but he noted a router that Vodafone replaced for use worked fine (I have him it) and it did everything he wanted, out of box. The passwords for OpenSSH is pretty secure, so I'm not worried, if I was I'd put a 3 attempts max try thing on the SSH config. The Linux Mint (not ubuntu) is just the normal one, so it has some of the normal stuff still on it. It's not actually port forwarded, it's in the DMZ as well as being a Virtual Machine on a VMware ESXi 6.5 server Host (an actual rack server) so there is clearly a lot of protection and stuff that'd confuse casuals. The fact my home network is so bodged and has so many bridges it could be an island (all that's well hidden, since it does stuff I don't want others to know about) probably makes it annoying more than anything. We recently had a new electrical meters installed about 34 days ago, as well as sometimes just rebooting it for config reasons and the occasional fuck up, the server gets taken down every fortnight  on average for cleaning. 

 

 

 

There really shouldn't be anything there that'd help massively in a hack, and the fact you don't seem to have seen it's a VMware host is good (well you know now). I know this network isn't that secure, I rely on the fact it really is worthless to hack me, if you really wanted you could just ask for something and I'd probably give it to you. 

 

[KuJoe]

3 minutes ago, Lord Nicoll said:

Yes, that router is a Vodafone OEM one, it runs what they put on it, which is a very custom firmware, as far as ISP provided routers, it's an amazing one. My friend loves OpenWRT and I've been working on a raspberry Pi + RouterBoard 450G openWRT server thing for sometime with him, but he noted a router that Vodafone replaced for use worked fine (I have him it) and it did everything he wanted, out of box. The passwords for OpenSSH is pretty secure, so I'm not worried, if I was I'd put a 3 attempts max try thing on the SSH config. The Linux Mint (not ubuntu) is just the normal one, so it has some of the normal stuff still on it. It's not actually port forwarded, it's in the DMZ as well as being a Virtual Machine on a VMware ESXi 6.5 server Host (an actual rack server) so there is clearly a lot of protection and stuff that'd confuse casuals. The fact my home network is so bodged and has so many bridges it could be an island (all that's well hidden, since it does stuff I don't want others to know about) probably makes it annoying more than anything. We recently had a new electrical meters installed about 34 days ago, as well as sometimes just rebooting it for config reasons and the occasional fuck up, the server gets taken down every fortnight  on average for cleaning. 

 

 

 

There really shouldn't be anything there that'd help massively in a hack, and the fact you don't seem to have seen it's a VMware host is good (well you know now). I know this network isn't that secure, I rely on the fact it really is worthless to hack me, if you really wanted you could just ask for something and I'd probably give it to you. 

Weird that it's reporting OpenWRT, it might just be a skinned OpenWRT install like Buffalo used to do with DD-WRT. There have been OpenSSH exploits in the past though so I'd still change the port, disable PasswordAuthentication, and switch to SSH keys if you're going to keep it open to the public. At the very least, changing the port will reduce all of the extra entries in the log files from bots. As for the Linux Mint, that makes sense why it's reporting back Ubuntu since it's based off Ubuntu Xenial. The DMZ isn't a great idea because things like the Samba exploit could be carried out easily even if it's just a VM, pushing out ransomware to your home network would be annoying and take some time to do re-installs. I do love how ESXi is completely transparent on the network level (I even run a virtual router in mine to keep my VMs talking even if I take my physical router or switch offline), but it doesn't really offer any level of security especially if a VM is in the DMZ. It's not a horrible network, I just wanted to make you aware of some red flags I saw since you posted your IP publicly and wanted people to test it.

[Lord Nicoll]

7 minutes ago, KuJoe said:

Weird that it's reporting OpenWRT, it might just be a skinned OpenWRT install like Buffalo used to do with DD-WRT. There have been OpenSSH exploits in the past though so I'd still change the port, disable PasswordAuthentication, and switch to SSH keys if you're going to keep it open to the public. At the very least, changing the port will reduce all of the extra entries in the log files from bots. As for the Linux Mint, that makes sense why it's reporting back Ubuntu since it's based off Ubuntu Xenial. The DMZ isn't a great idea because things like the Samba exploit could be carried out easily even if it's just a VM, pushing out ransomware to your home network would be annoying and take some time to do re-installs. I do love how ESXi is completely transparent on the network level (I even run a virtual router in mine to keep my VMs talking even if I take my physical router or switch offline), but it doesn't really offer any level of security especially if a VM is in the DMZ. It's not a horrible network, I just wanted to make you aware of some red flags I saw since you posted your IP publicly and wanted people to test it.

Yeah, that all seems like a lot of work, I might just get my friend to do it in exchange for a firepro or something (I literally have shelves of old Firepro and Xeons, it's really quite amusing, especially when my friend saw me reconfigure a server and died at the sight of all the memory which does make me giggle too). Then again I'm not doing anything now so might as well. The router doesn't like port forwarding for some reason, only the DMZ works, which is super annoying as I could also port forward my other servers and VMs so much easier. 

[KuJoe]

4 minutes ago, Lord Nicoll said:

Yeah, that all seems like a lot of work, I might just get my friend to do it in exchange for a firepro or something (I literally have shelves of old Firepro and Xeons, it's really quite amusing, especially when my friend saw me reconfigure a server and died at the sight of all the memory which does make me giggle too. Then again I'm not doing anything now so might as well. The router doesn't like port forwarding for some reason, only the DMZ works, which is super annoying as I could also port forward my other servers and VMs so much easier. 

Why not spin up a second VM to handle the bittorrent and Samba then lock down your Minecraft server so it can stay in the DMZ? You can disable SSH all together and just manage it through the console if you need it. The beauty of VMs if you can just spin up more if you need them.

[Lord Nicoll]

Just now, KuJoe said:

Why not spin up a second VM to handle the bittorrent and Samba then lock down your Minecraft server so it can stay in the DMZ? You can disable SSH all together and just manage it through the console if you need it. The beauty of VMs if you can just spin up more if you need them.

Because Samba and Transmission don't do anything, I have literally just installed them lol, they're not part of the two windows file server or anything else even. They're just two programmes that survived the post installation purge

 

 

[KuJoe]

1 minute ago, Lord Nicoll said:

Because Samba and Transmission don't do anything, I have literally just installed them lol, they're not part of the two windows file server or anything else even. They're just two programmes that survived the post installation purge

 

 

Oh, then that makes the decision even easier. EXTERMINATE!

[Lord Nicoll]

Just now, KuJoe said:

Oh, then that makes the decision even easier. EXTERMINATE!

That usually is my main recourse, fuck fixing it, uninstall