Jump to content

The Scanners - How they take over your computer


Recommended Posts

Do you realize that every minute of every day, 7 days per week and 52 weeks per year, EVERY single appliance connected to the internet is being scanned to check what software you have and to test for open ports and vulnerabilities.

 

Do you know there are over TWO THOUSAND of these evil fucking things being operated?

 

Here's the list. https://github.com/krsmanovic/block-shodan-stretchoid/blob/master/mikrotik-blacklist-result-example-rsc.txt 

 

These companies running these scanners claim that it's purely for research. making the internet a safer place—BOLLOCKS!

 

They claim it's 'ethical hacking—BOLLOCKS! One of the primary rules of ethical hackers is THOU SHALT FIRST ASK PERMISSION. These cunts feel they have RIGHT to scan your computer.whenever they feel like it.

 

The worst of all is stretchoid. I bet they are run by the USA there are over a THOUSAND all running on Digital Ocean a US company with world-wide tentacles.

 

Do you wonder why your computer is running so slowly sometimes? I've had as many as 20 of these fucking scanners busy scanning my servers at the same time. They never stop.

 

There are two ways to stop these evil twats.

 

If you have server (like the one running this forum) you look for a hidden file called .htaccess you take each and every ip address/subnet and put it into a text file with the two words 'deny from' in front of it.

e.g

deny from 104.131.128.8
deny from 196.52.43.56/29
deny from 104.131.128.12

 

It's a fucking long list, there are over 2000 and they keep creating new ones. Add these fucking scanners to the shitload of spam mails and hackers bots and you wonder why the internet is so slow and your computer is being hacked without you even knowing it.

 

But I only have computers in my house for my family. How can I prevent them?

 

Take an old PC (get one from ebay or the second hand shop). a 5 or 10GB hard drive is plenty. 8MB RAM is fine. Install either FREE OPNsense Firewall (best) or FREE Smoothwall Express Firewall. Add every one of these asshole nasty fucking IP addresses to it.

 

Make sure you have a PROPER Password. These bots try every dictionary word, your bank account number, Car Registration number, birthdays, wives, children, dogs names. You think they don't know these. THEY DO. Most of them are run by Govt agencies and they have access to the DVLA, Births, deaths, even fucking veterinary records.

 

So how do you make a password and stop using password123 or qwerty or xxxx?

 

Pick a phrase. Any phrase you can remember. DO NOT USE THIS EXAMPLE

The Lord is my shepherd I shall not want.

Take the first letter of each word - tlimsisnw 

Make the first two letters Upper case - TLimsisnw

Convert i=1, a=4, o=0, s=5 so TL1m515nw

Good start. Now add either one of @#$! followed by your birth year

TL1m515nw@1963

Let them crack THAT!

 

You think your IP Address hasn't been hacked by someone? Test it.

1. https://whatismyipaddress.com/

This gives you your PUBLIC IP Address

2. https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a+85.234.199.231&run=toolpage

Enter the IP address you got from Step 1

 

Run down the page and you'll see if you have a clean IP address or not

 

Why bother?

 

Because if you have a blacklisted IP address, any mail you send to a PROPERLY configured mail server (like mine or protonmail) with be REJECTED. So when you send a mail to company A and wonder why you don't get a reply, you now know why.

 

What can you do about it?

 

FUCK ALL except COMPLAIN and KEEP COMPLAINING to your ISP. Threaten them with legal action because your mails aren't being delivered and it's THEIR fault and you are losing money. Remember very time you start your computer your ISP hands out your IP address unless you pay extra for a FIXED IP Address and it can be different every time.

 

ISPs should cut of anyone sending spam (usually accidentally because they don't even know they've been hacked—piss poor passwords are the main reason) and force them to fix the problem and create a proper password. It's not rocket science. ISPs KNOW when computers are spewing spam or worse being in a hacker bot. They just don't give a fuck as long as you keep paying.

 

Finally let's look at email. Are you using gmail? Why not just cc all your emails to the CIA, MI6 and every fucking spy agency in the world? Do you REALLY think Google is secure? If you do, you are fucking insane. Hotmail? Yahoo? Any FREE email provider. EVERY mail you send is scanned by every fucking spy agency. If you're happy with that fine. Want to test?

 

Write an email to a few friends, tell them you have Sciatica or AIDS or cancer. Within a day or two you'll be getting targeted ads and spam mails offering 'cures'. Why? No prizes for guessing!

 

If not you could try Hushmail, it's secure, It's cheap, BUT if the CIA demand they release your mails to them, they spring to attention and roll over for their tummy to be scratched!

 

Anonymousspeech VERY secure, but EXPENSIVE and they get a lot of spam and they only blacklist NAMES, which is a total waste of time because ONE IP Address can have a billion forged names.

 

Protonmail is probably the best. It costs less that 1 Euro per week and I've never had a spam mail. It's double encrypted and their servers are encrypted AND you can send PGP encrypted mail with them as well. You can get a months trila (I think) from here https://pr.tn/ref/BXYXAV91T75G

 

If you want lists of just the IP addresses of each of these bastard companies. I've split them up so I have a list for shodan, a separate list for stretchoid etc.

 

If you would like these lists, PM me. 

 

Hope at least you learned SOMETHING from this.

 

  • Like 2
Link to comment
Share on other sites

The fact remains though, ANY password can be eventually discovered by brute force methods.

 

The best you can do is change all of your passwords regularly.

 

Most online attacks involve malicious JavaScript code between<script></script> being injected into non-sanitized, or non-validated, Form inputs. The injected code then gives the hacker full access to your server and they can even blacklist YOUR IP so that you can't view web pages from your own server.

 

If this ever happens to you you need to contact your hosting company and get them to whitelist your IP (or IP Range if your ISP issues Dynamic IP's) on the server.

 

I remember being attacked a good while ago where every .js file on 5 websites I own had malicious JS code attached to the end of every single file. Their were THOUSANDS of these to edit so I had to write a PHP script of my own that read in each .js file in turn, removed the malicious code, then replaced the old files with the new ones. 

 

Developers are very prone to attacks because it's so easy to skip input sanitization when eagerly waiting to test your code. You will, of course, add sanitization routines later on, but the damage may have been done by then.

 

 

 

Edited by webtrekker
Link to comment
Share on other sites

5 hours ago, webtrekker said:

The fact remains though, ANY password can be eventually discovered by brute force methods

 

All passwords that have ever been found go into a dictionary and form the first attempt to hack, when this fails, then as you say, brute force is used by slinging random characters at the machine, however you can severely disrupt this attempt by time intervals allowed versus attempts, for example, three failed attempts in one minute activates a lockout that bans all further attempts for twenty minutes, or whatever you feel is appropriate, 👍

Link to comment
Share on other sites

7 hours ago, Mikheil said:

They claim it's 'ethical hacking—BOLLOCKS! One of the primary rules of ethical hackers is THOU SHALT FIRST ASK PERMISSION. These cunts feel they have RIGHT to scan your computer.whenever they feel like it.

 

You are correct in what you state but not all hacking is evil, there is the desire to learn how the network operates at a much more fundamental level than clicking a link to watch funny cat movies and the like, by doing this you are helping to protect your own machine connected to the net because without this knowledge you are indeed at the mercy of the 'botnets'.

The net is open architecture and anything that uses the right signals can traverse it without restriction so it is important for all that use the net to have some knowledge of what this medium of exchange is and how it operates, and in this way bot farms such as the ones you mention are exposed and policies can be put in place to further prevent intrusion in to your machine, 👍

Just like Neo asks, "what is the matrix", so should all ask the same question of, "what is the net", before you use it, 👍

Link to comment
Share on other sites

Unfortunate, is it not .... a thread which could have helped via good information goes to shit after just 7 posts.

 

ego, ego .... and ego

 

I agree with some knowledge posted and disagree with other parts (and the idea of a forum is to have a discussion .... thus learn or/and teach <<<< and both sides would do both of these).

 

8 hours ago, Mikheil said:

ethical hacking—BOLLOCKS

 

I don't think you have the correct concept of "Ethical Hacking".

No ethical hacker would EVER touch a website/service/application/etc without a formal and agreed contract and scope with an authorised 'person'.

Any action outside of the 'scope' would never be done (unless the contract/scope was changed by the auth person and agreed).

The idea of an ethical hacker is to find vulnerabilities before a "threat actor" finds them .... so that "risk" is reduced, transferred or mitigated (or accepted in many cases).

Without ethical hacking you only leave the risk at the highest level and only leave it for the threat actor to compromise.

It is not 'If' a breach will occur .... it is when <<<< and that 'when' is minimised via removal of vulnerabilities (to the risk appetite which has been put into policy).

 

8 hours ago, Mikheil said:

shodan

 

Yes sites like the above can and do 'help' the bad guys .... but they also help the good guys to stop the bad guys!

And if you really want to freak .... look at https://www.maltego.com

 

7 hours ago, webtrekker said:

change all of your passwords regularly

 

This is no longer considered "best practise" in cyber security (fact is that you may just be changing a 'good' password for a 'crap' one).

A password of at least 8-10 .... with a mix of numbers, lower, upper and special (more than 10 is much better and never use the same one twice .... use a password manager).

While most will not like this .... use multi factor authentication <<<< do it your own way if you run a server .... set it up yourself (even with a burner phone).

 

7 hours ago, webtrekker said:

malicious JavaScript code

 

Yes it is used a great deal but mainly by "script kiddies" who do not know what they are doing (but can still cause a fuck load of problems) .... most problems come from "human error" and that doesn't even need to be malicious! <<<< people naively 'click' on shit that they really should not!

Most real hackers don't go in via the "front door".

 

1 hour ago, sock muppet said:

dictionary and form the first attempt to hack

 

Dictionaries .... yes are used and you can legally get many with millions of 'passwords' in them .... but most is done via osint (open source information which is also legal) which again is just down to people not really knowing the amount of information they allow to be seen!

 

1 hour ago, Mikheil said:

half a dozen Cray computer

 

Not required .... simple software (of which there is a vast amount) will do it on a basic system or even just a mobile!

Look into operating systems such as Kali or Parrot.

 

1 hour ago, Mikheil said:

fail2ban

 

Fail2ban is good but whatever you use comes down to setting it up correctly and keeping it constantly updated.

 

But whatever lol :)

  • Thanks 1
Link to comment
Share on other sites

On 6/12/2023 at 4:30 PM, sock muppet said:

there is the desire to learn how the network operates at a much more fundamental level than clicking a link to watch funny cat movies and the like, by doing this you are helping to protect your own machine connected to the net because without this knowledge you are indeed at the mercy of the 'botnets'.

 

True .... and you could, maybe, perhaps .... do a lot more to help people!

 

IOT (internet of things) and IIOT (industrial internet of things (which is ICS ....  industrial control systems but networked and should never have been networked as much of it is old, unpatched systems, so open to huge abuse)) <<<< these may bring a vast amount of grief for normal folk.

 

Right now it is reckoned that there are 45 Billion IOT networked and by 2025 (yes that soon) there will be over 75 Billion .... all using insecure hardware which was NOT made for the limited purpose!

 

Talk about open your legs and invite a kick!

  • Like 1
Link to comment
Share on other sites

On 6/12/2023 at 9:11 AM, Mikheil said:

Do you realize that every minute of every day, 7 days per week and 52 weeks per year, EVERY single appliance connected to the internet is being scanned to check what software you have and to test for open ports and vulnerabilities.

 

Do you know there are over TWO THOUSAND of these evil fucking things being operated?

 

Here's the list. https://github.com/krsmanovic/block-shodan-stretchoid/blob/master/mikrotik-blacklist-result-example-rsc.txt 

 

These companies running these scanners claim that it's purely for research. making the internet a safer place—BOLLOCKS!

 

They claim it's 'ethical hacking—BOLLOCKS! One of the primary rules of ethical hackers is THOU SHALT FIRST ASK PERMISSION. These cunts feel they have RIGHT to scan your computer.whenever they feel like it.

 

The worst of all is stretchoid. I bet they are run by the USA there are over a THOUSAND all running on Digital Ocean a US company with world-wide tentacles.

 

Do you wonder why your computer is running so slowly sometimes? I've had as many as 20 of these fucking scanners busy scanning my servers at the same time. They never stop.

 

There are two ways to stop these evil twats.

 

If you have server (like the one running this forum) you look for a hidden file called .htaccess you take each and every ip address/subnet and put it into a text file with the two words 'deny from' in front of it.

e.g

deny from 104.131.128.8
deny from 196.52.43.56/29
deny from 104.131.128.12

 

It's a fucking long list, there are over 2000 and they keep creating new ones. Add these fucking scanners to the shitload of spam mails and hackers bots and you wonder why the internet is so slow and your computer is being hacked without you even knowing it.

 

But I only have computers in my house for my family. How can I prevent them?

 

Take an old PC (get one from ebay or the second hand shop). a 5 or 10GB hard drive is plenty. 8MB RAM is fine. Install either FREE OPNsense Firewall (best) or FREE Smoothwall Express Firewall. Add every one of these asshole nasty fucking IP addresses to it.

 

Make sure you have a PROPER Password. These bots try every dictionary word, your bank account number, Car Registration number, birthdays, wives, children, dogs names. You think they don't know these. THEY DO. Most of them are run by Govt agencies and they have access to the DVLA, Births, deaths, even fucking veterinary records.

 

So how do you make a password and stop using password123 or qwerty or xxxx?

 

Pick a phrase. Any phrase you can remember. DO NOT USE THIS EXAMPLE

The Lord is my shepherd I shall not want.

Take the first letter of each word - tlimsisnw 

Make the first two letters Upper case - TLimsisnw

Convert i=1, a=4, o=0, s=5 so TL1m515nw

Good start. Now add either one of @#$! followed by your birth year

TL1m515nw@1963

Let them crack THAT!

 

You think your IP Address hasn't been hacked by someone? Test it.

1. https://whatismyipaddress.com/

This gives you your PUBLIC IP Address

2. https://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a+85.234.199.231&run=toolpage

Enter the IP address you got from Step 1

 

Run down the page and you'll see if you have a clean IP address or not

 

Why bother?

 

Because if you have a blacklisted IP address, any mail you send to a PROPERLY configured mail server (like mine or protonmail) with be REJECTED. So when you send a mail to company A and wonder why you don't get a reply, you now know why.

 

What can you do about it?

 

FUCK ALL except COMPLAIN and KEEP COMPLAINING to your ISP. Threaten them with legal action because your mails aren't being delivered and it's THEIR fault and you are losing money. Remember very time you start your computer your ISP hands out your IP address unless you pay extra for a FIXED IP Address and it can be different every time.

 

ISPs should cut of anyone sending spam (usually accidentally because they don't even know they've been hacked—piss poor passwords are the main reason) and force them to fix the problem and create a proper password. It's not rocket science. ISPs KNOW when computers are spewing spam or worse being in a hacker bot. They just don't give a fuck as long as you keep paying.

 

Finally let's look at email. Are you using gmail? Why not just cc all your emails to the CIA, MI6 and every fucking spy agency in the world? Do you REALLY think Google is secure? If you do, you are fucking insane. Hotmail? Yahoo? Any FREE email provider. EVERY mail you send is scanned by every fucking spy agency. If you're happy with that fine. Want to test?

 

Write an email to a few friends, tell them you have Sciatica or AIDS or cancer. Within a day or two you'll be getting targeted ads and spam mails offering 'cures'. Why? No prizes for guessing!

 

If not you could try Hushmail, it's secure, It's cheap, BUT if the CIA demand they release your mails to them, they spring to attention and roll over for their tummy to be scratched!

 

Anonymousspeech VERY secure, but EXPENSIVE and they get a lot of spam and they only blacklist NAMES, which is a total waste of time because ONE IP Address can have a billion forged names.

 

Protonmail is probably the best. It costs less that 1 Euro per week and I've never had a spam mail. It's double encrypted and their servers are encrypted AND you can send PGP encrypted mail with them as well. You can get a months trila (I think) from here https://pr.tn/ref/BXYXAV91T75G

 

If you want lists of just the IP addresses of each of these bastard companies. I've split them up so I have a list for shodan, a separate list for stretchoid etc.

 

If you would like these lists, PM me. 

 

Hope at least you learned SOMETHING from this.

 

Check out the many varying open blocklists for PiHole and similar. LOADS.
https://codeberg.org/josh/Pi.hole.Adlist

Many more dotted around.

Good post.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...