User mcgree using ip tracker in signature

tr1cky

Since admins on these forums don't respond to messages:

User mcgree is using an invisible image in his signature:

Since the corresponding site just throws a 403, it's probably to collect your IP addresses.

Oh, and some advice to @mcgree:
It's easier to not get caught if you use a valid certificate for your domain.

CheepCluck

I use sextuple NAT. Im good to roll

AlwaysSkint

Instaban!

JabJab

No fucking idea how those v4 and v6 were supposed to work if you point them to Cloudflare DNS... but fucking permaban please

    u@f:~$ dig A v4v6.govpolybetul.org +short
    1.1.1.1
    u@f:~$ dig A v4.govpolybetul.org +short
    1.1.1.1
    u@f:~$ dig AAAA v6.govpolybetul.org +short
    2606:4700:4700::1111
    u@f:~$ whois 2606:4700:4700::1111

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#


NetRange:       2606:4700:: - 2606:4700:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
CIDR:           2606:4700::/32
NetName:        CLOUDFLARENET

szymonp

Hey that's me

CheepCluck

@szymonp said:
Hey that's me

hey i've seen you around before

Levi

Remote images should be banned in signatures to avoid such activity. And degenerates who use such methods should be banned without question. I feel violated.

szymonp

@JabJab said:
No fucking idea how those v4 and v6 were supposed to work if you point them to Cloudflare DNS... but fucking permaban please

    u@f:~$ dig A v4v6.govpolybetul.org +short
    1.1.1.1
    u@f:~$ dig A v4.govpolybetul.org +short
    1.1.1.1
    u@f:~$ dig AAAA v6.govpolybetul.org +short
    2606:4700:4700::1111
    u@f:~$ whois 2606:4700:4700::1111

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2022, American Registry for Internet Numbers, Ltd.
#


NetRange:       2606:4700:: - 2606:4700:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
CIDR:           2606:4700::/32
NetName:        CLOUDFLARENET

Cloudflare can still show user IP via api

Void

Evacuate the forum
Engage all defenses
And get this man a ban.

CheepCluck

Where I come from is a proud place. You have unlawfully used the inspect data resource, and have compromised billions. The FBI office of Kolkata begs you to bring yourself in, pronto

Liso

@CheepCluck said:
I use sextuple NAT. Im good to roll

When the last time someone achieved sextuple ?

CheepCluck

@Liso said:

@CheepCluck said:
I use sextuple NAT. Im good to roll

When the last time someone achieved sextuple ?

Right now, doi! 🤪

FAT32

@LTniger said:
Remote images should be banned in signatures to avoid such activity. And degenerates who use such methods should be banned without question. I feel violated.

It has been blocked, but I assume this guy added it before we blocked so it wasn't caught

default

dane_doherty

1. Register a generic domain that looks like image hosting
2. Post a random unsuspicious meme
3. Harvest IP addresses because LowEndAdmins can't into image proxy
4. Profit!

vedran

@LTniger said:
Remote images should be banned in signatures to avoid such activity. And degenerates who use such methods should be banned without question. I feel violated.

https://lowendtalk.com/profile/signature "Strip images out of signatures".

Otus9051

@CheepCluck said:
I use sextuple NAT. Im good to roll

i have cgnat so yeah

DanSummer

@FAT32 said:

@LTniger said:
Remote images should be banned in signatures to avoid such activity. And degenerates who use such methods should be banned without question. I feel violated.

It has been blocked, but I assume this guy added it before we blocked so it wasn't caught

was he or would he be able to match those harvested IP to usernames?

FAT32

@DanSummer said:
was he or would he be able to match those harvested IP to usernames?

Not easy but possible (I wouldnt tell how though)

yoursunny

@mcgree puts my name in his signature and brings shame to Team push-ups.

ehhthing

The correct way to do this is to use a server side image proxy rather than allowing image embeds directly.

CheepCluck

@ehhthing said:
The correct way to do this is to use a server side image proxy rather than allowing image embeds directly.

No, just no.

@yoursunny said:
@mcgree puts my name in his signature and brings shame to Team push-ups.

What the sunny has to say is the way to go

default

@DanSummer said:

@FAT32 said:

@LTniger said:
Remote images should be banned in signatures to avoid such activity. And degenerates who use such methods should be banned without question. I feel violated.

It has been blocked, but I assume this guy added it before we blocked so it wasn't caught

was he or would he be able to match those harvested IP to usernames?

Yes, this can be done, by matching links with replies, then comparing results of multiple threads. One just needs to solve any issue at concept level, then implement it technically.

Fortunately, most abusers and hackers don't have patience or deep focus thinking, therefore most hackers use tools already created to get things done fast. The world in general is good, and people in general are nice in their hearts, so they can't stay focused on evil projects for too long, otherwise their mind cracks (hackers included).

ralf

It's interesting that he's doing v4v6, v4 and v6 as separate images. Just going from the names, maybe to be charitable he's doing an experiment one which people have both IPv4 and IPv6 configured to see which gets used in practice. Or maybe he has a sinister reason to correlate the two.

I guess whatever, he's a very naughty boy.

CheepCluck

@ralf said:
I guess whatever, he's a very naughty boy.

Lets flog them!

ralf

@CheepCluck said:

@ralf said:
I guess whatever, he's a very naughty boy.

Lets flog them!

First we must all learn to think for ourselves!

CheepCluck

@ralf said:

@CheepCluck said:

@ralf said:
I guess whatever, he's a very naughty boy.

Lets flog them!

First we must all learn to think for ourselves!

I got BilohBucks, that can wait til later

varwww

This happens in every forum

Zyra

Each day it just keeps on getting better

NoComment

This isn't the first time this has happened anyway. Wasn't there a guy who did cookie stuffing to get easy affiliate money and he's still around here?

dane_doherty

@default said: The world in general is good, and people in general are nice in their hearts, so they can't stay focused on evil projects for too long, otherwise their mind cracks (hackers included).

I think this is untrue. You hear all the time of burned-out programmers, accountants, office clerks. Ever heard of burned-out drug dealer or mafia gangster? Doing evil stuff keeps your adrenaline level high and you never wanna stop.