Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


[TOOL] IP BlackHole - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

[TOOL] IP BlackHole

2

Comments

  • dIsKdIsK Member
    edited April 2023

    Version: 0.9-βeta 🔥
    Upgraded the main server
    -> 2 CPU cores to 4 CPU cores
    -> 4 GB RAM to 8 GB RAM
    -> HDD to SSD

    search for IP should also be little faster

  • @dIsK said:

    @treesmokah said: if cloudflare goes to shit, so will your frontend.

    so if gcore goes to shit? its the same everywhere no?

    Gcore is not proxying anything, and the DNS cache will still live locally.

    Thanked by 2dIsK BasToTheMax
  • dIsKdIsK Member

    @treesmokah said: Gcore is not proxying anything, and the DNS cache will still live locally.

    thanks for info, but well, for now it works perfectly with CF so i wont change that

    Thanked by 1emgh
  • emghemgh Member

    @treesmokah said:

    @dIsK said:

    @treesmokah said: if cloudflare goes to shit, so will your frontend.

    so if gcore goes to shit? its the same everywhere no?

    Gcore is not proxying anything, and the DNS cache will still live locally.

    Point of CF proxying is to improve stability

    I consider CF to be very reliable

    Maybe everyone don’t agree

    For a hobby project they’re however far more stable than anyone could require

    Thanked by 1dIsK
  • emghemgh Member

    Question: do you do anything special to make bots attack you?

    Thanked by 1dIsK
  • dIsKdIsK Member
    edited April 2023

    @emgh said: Question: do you do anything special to make bots attack you?

    umm no, i just let them play on ssh and telnet

    2023 April 15
    Version: 0.11-βeta 🔥
    - Page ASNs moved to IPs
    -> /ips
    - Created new page for ASNs
    -> /asns
    -> Possible to filter the ASN by name to get all the IPs logged

    2023 April 15
    Version: 0.10-βeta 🔥
    - Created changelog page 😊
    -> /changelog

    Thanked by 2emgh mrTom
  • emghemgh Member

    @dIsK said: i just let them play on ssh and telnet

    What does this mean? That you don't block tries and therefore they just keep coming and trying?

    Thanked by 1dIsK
  • dIsKdIsK Member
    edited April 2023

    @emgh said: What does this mean? That you don't block tries and therefore they just keep coming and trying?

    exactly, they even comes with new IPs :)

    soon the stats page of attacks per day:

    Thanked by 1emgh
  • emghemgh Member

    @dIsK said:

    @emgh said: What does this mean? That you don't block tries and therefore they just keep coming and trying?

    exactly, they even comes with new IPs :)

    soon the stats page of attacks per day:

    So if I spin up a Hetzner VPS, don't setup any security, disable everything if there's something, and track login attempts to a database, I'll get a crazy amount from day 1?

    Thanked by 1dIsK
  • @emgh said:

    @dIsK said:

    @emgh said: What does this mean? That you don't block tries and therefore they just keep coming and trying?

    exactly, they even comes with new IPs :)

    soon the stats page of attacks per day:

    So if I spin up a Hetzner VPS, don't setup any security, disable everything if there's something, and track login attempts to a database, I'll get a crazy amount from day 1?

    As soon as Censys/Shodan catches up, you will surely get shit ton of login attempts.
    People scanning entire internet should catch later on, due to their mostly limited capacity.

    Thanked by 1emgh
  • dIsKdIsK Member

    @emgh said: So if I spin up a Hetzner VPS, don't setup any security, disable everything if there's something, and track login attempts to a database, I'll get a crazy amount from day 1?

    not from day 1, from 1 minute or even 1 sec. ;)

    Thanked by 1emgh
  • emghemgh Member

    ok challenge accepted, I'll try it with a VPS on my OVH dedicated SolusVM installation and just see how it goes

    Thanked by 1dIsK
  • emghemgh Member
    edited April 2023

    Thanks @treesmokah & @dIsK

    Thanked by 1dIsK
  • emghemgh Member

    Very boring 10 minutes in and NOTHING

  • @emgh said:
    Very boring 10 minutes in and NOTHING

    Post the IP here, LET gets indexed at google very quick so you can expect scanners to catch quick :)

    Thanked by 1emgh
  • emghemgh Member

    @treesmokah said:

    @emgh said:
    Very boring 10 minutes in and NOTHING

    Post the IP here, LET gets indexed at google very quick so you can expect scanners to catch quick :)

    lol so that's how it works

    I'll try again with an IP that isn't connected to everything that's important in my life xD

  • dIsKdIsK Member
    edited April 2023

    @emgh said: Very boring 10 minutes in and NOTHING

    well, thats why i have servers at different providers, but probably sooner or later they will catch on you :D are you sure you have port open to the world?

  • emghemgh Member

    @dIsK said:

    @emgh said: Very boring 10 minutes in and NOTHING

    well, thats why i have servers at different providers, but probably sooner or later they will catch on you :D are you sure you have port open to the world?

    Yes

  • chihcherngchihcherng Veteran
    edited April 2023

    @emgh said:
    Very boring 10 minutes in and NOTHING

    On the first day of setting up an HAProxy to listen on almost 20,000 TCP ports, I received connection attempts from over 800 unique IP addresses. If you're only monitoring failed SSH logins (a single TCP port), it would be wise to wait a bit longer.

    Thanked by 2emgh dIsK
  • dIsKdIsK Member
    edited April 2023

    @chihcherng said: HAProxy to listen on almost 20,000 TCP ports

    so does haproxy spawn 20k listening TCP ports o.O ? wouldnt be better listen on one port and redirect all other into that single port? ;)

  • chihcherngchihcherng Veteran
    edited April 2023

    @dIsK said:

    @chihcherng said: HAProxy to listen on almost 20,000 TCP ports

    so does haproxy spawn 20k listening TCP ports o.O ? wouldnt be better listen on one port and redirect all other into that single port? ;)

    Excerpt from my haproxy.conf, with some modification:

    frontend fr_tcp
        mode tcp
        bind 0.0.0.0:1-10000
        bind 0.0.0.0:10001-20000
        log-format %ci:%cp\ =>\ %fi:%fp\ %ft\ %b/%s
        default_backend bk_tcp
    
    backend bk_tcp
        mode tcp
        server www-2 127.0.0.1:25904
    

    I use HAProxy to listen on many TCP ports, which are redirected to a single backend on 127.0.0.1:25904. You can use an SSH server as the backend. Make sure it will refuse any login attempts.

    The "=>" in the log-format statement is used to separate [source IP:source port] (attackers) and [destination IP:destination port] (detection hosts).

    This is what it looks like in action (attakers' source ports and detection hosts' IPs were masked):

    Thanked by 1dIsK
  • dIsKdIsK Member

    2023 April 15
    Version: 0.12-βeta 🔥
    - Created new page for Sponsors
    -> /sponsors
    - Got our first sponsor - IncogNet.io
    -> Server #13 - 🇳🇱 Netherlands
    -> Server #14 - 🇺🇸 United States

    Thanks goes out to @MannDude :)

    Thanked by 1MannDude
  • nullroutenullroute Member, Host Rep
    edited April 2023

    Is it possible to run your application inside a Docker container? If so, I'll be happy to make some servers available for free.

    Thanked by 1dIsK
  • dIsKdIsK Member

    i dont use docker, but we can try, can you PM me?

  • MannDudeMannDude Host Rep, Veteran

    @dIsK said:
    2023 April 15
    Version: 0.12-βeta 🔥
    - Created new page for Sponsors
    -> /sponsors
    - Got our first sponsor - IncogNet.io
    -> Server #13 - 🇳🇱 Netherlands
    -> Server #14 - 🇺🇸 United States

    Thanks goes out to @MannDude :)

    No problem, happy to help.

    Thanked by 2dIsK mrTom
  • dIsKdIsK Member

    2023 April 16
    Version: 0.15-βeta 🔥
    - Added #11 new server - 🇬🇧 Great Britain
    - Added #12 new server - 🇨🇦 Canada
    - Added #13 new server - 🇳🇱 Netherlands
    - Added #14 new server - 🇺🇸 United States

    2023 April 15
    Version: 0.14-βeta 🔥
    - When searching now the output is sorted properly, newest attacks at the top

    2023 April 15
    Version: 0.13-βeta 🔥
    - When searching for IP you can now see which server is sponsored
    - Clicking to the sponsor favicon will take you to our page /sponsors

  • dIsKdIsK Member

    2023 April 16
    Version: 0.16-βeta 🔥

    • Got our second sponsor - Albanian Hosting SH.P.K.
      -> Server #15 - 🇦🇱 Albania

    Thanks goes out to @AlbaHost :)

    Thanked by 1AlbaHost
  • Have you consider using Hpfeeds for shipping data from other honeypots? https://github.com/hpfeeds/hpfeeds

    Thanked by 1dIsK
  • I just send all my traffic to 100::1

  • dIsKdIsK Member

    @pointgod
    latest update was Mar 28, 2021 ? thats 2 years without any update to the code, probably stable but idk... why would i use that? we just provide a list of IPs (on our site with detailed info about their malicious activity), thats all

Sign In or Register to comment.