Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Lolekhosted - Bulletproof Hosting - Seized by police
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Lolekhosted - Bulletproof Hosting - Seized by police

sandozsandoz Veteran

No information was been released by Police for now, this looks like only rumors about why this takedown was been made.

On Tuesday, BleepingComputer learned that the platform's site at lolekhosted[.]net had been seized, now displaying a message stating that an international law enforcement operation between Poland and the US seized the site.

"This domain has been seized by the Federal Bureau of Investigation and Internal Revenue Service - Criminal Investigation as part of a coordinated law enforcement action taken against LOLEK HOSTED," reads the Lolek seizure message.

Source: https://www.bleepingcomputer.com/news/security/police-seize-lolek-bulletproof-service-for-hosting-malware/

Update 2#: https://www.justice.gov/opa/pr/administrator-bulletproof-webhosting-domain-charged-connection-facilitation-netwalker

Thanked by 2kait SirFoxy
«1

Comments

  • lol

  • old news sir

  • MannDudeMannDude Patron Provider, Veteran
    edited August 2023

    First decent write up on the matter.

    Was wondering what the cause was, and where the servers were located. Their webiste (via archive.org) never showed service locations.

  • I suppose we need bullet- and handweaponproof hosting now.

  • jarjar Patron Provider, Top Host, Veteran

    I honestly expected the "they were hosting child porn" line, it's almost connected at the hip with "we seized the domain of a bulletproof host."

  • next we will need policeproof and raidproof hosting

  • kaitkait Member

    @shruub said: I suppose we need bullet- and handweaponproof hosting now.

    Deep down in Alaska somewhere.

  • @kait said:

    @shruub said: I suppose we need bullet- and handweaponproof hosting now.

    Deep down in Alaska somewhere.

    Heard there was a sunny provider in Antarctica & South Pole, might be worth checking out.

    Thanked by 1kait
  • @SirFoxy said:
    old news sir

    I shouldn't consider old news. Since the update was posted 2h ago in justice.gov

    Lack of info, now seems a bit clear.

  • the platform accepted PayPal and cryptocurrency for payments

    Paypal? Really? Why would a bulletproof hoster accept Paypal...

  • SirFoxySirFoxy Member
    edited August 2023

    @sandoz said:

    @SirFoxy said:
    old news sir

    I shouldn't consider old news. Since the update was posted 2h ago in justice.gov

    Lack of info, now seems a bit clear.

    We posted the article on LEB about it on the 9th at 2 PM Eastern (before both of those articles) and mentioned the person in the justice.gov article before it was released here:

    https://lowendbox.com/blog/polish-bulletproof-host-lolek-hosted-seized-by-fbi-kiwi-farms-host/

    Their other brand AstroVM is still online:

    https://astrovm.net/

  • Just encrypt your disks, setup either dropbear-initramfs to unlock / during boot - over SSH, or at the poor-man's method of doing it over VNC. Then your "fear" or being seized up by any party, of any of your remote hosting asstets will dissapear. But keep backups ofcourse. The funny thing is, statistically, all the clients who should use disk encryption, never do it, while some small customers and white projects like me, do it always.

    Thanked by 2Calin tentor
  • @sillycat said:

    the platform accepted PayPal and cryptocurrency for payments

    Paypal? Really? Why would a bulletproof hoster accept Paypal...

    I've seen DDOS-for-hire sites that accept PayPal. They're popular, I guess.

  • @MallocVoidstar said:

    @sillycat said:

    the platform accepted PayPal and cryptocurrency for payments

    Paypal? Really? Why would a bulletproof hoster accept Paypal...

    I've seen DDOS-for-hire sites that accept PayPal. They're popular, I guess.

  • crimecrime Member
    edited August 2023

    @SirFoxy said: Their other brand AstroVM is still online:

    https://astrovm.net/

    It isn't operational, and wasn't even before the seizure. Not that I expected reliable information from you in the first place.
    https://astrovm.net/klient/announcements.php?id=39

  • @crime said:

    @SirFoxy said: Their other brand AstroVM is still online:

    https://astrovm.net/

    It isn't operational, and wasn't even before the seizure. Not that I expected reliable information from you in the first place.
    https://astrovm.net/klient/announcements.php?id=39

    Joined 2:14PM

  • Artur, godspeed. Lolek was a strong name.

  • SirFoxySirFoxy Member
    edited August 2023

    @crime said:
    Artur, godspeed. Lolek was a strong name.

    How is the fact the owner of Lolek and AstroVM are the same not accurate? It’s the same person… and the AstroVM brand is still online, not seized.

    You can still see ranges for “Agata Grabowska trading as FUFO Studio” on Sprint PLs network.

  • @SirFoxy said: How is the fact the owner of Lolek and AstroVM are the same not accurate? It’s the same person.

    When did I say otherwise? Astrovm was Lolek for domestic market.

  • @crime said:

    @SirFoxy said: How is the fact the owner of Lolek and AstroVM are the same not accurate? It’s the same person.

    When did I say otherwise? Astrovm was Lolek for domestic market.

    @treesmokah @tinyweasel @neckbreaker

  • @SirFoxy said:

    @crime said:

    @SirFoxy said: How is the fact the owner of Lolek and AstroVM are the same not accurate? It’s the same person.

    When did I say otherwise? Astrovm was Lolek for domestic market.

    @treesmokah @tinyweasel @neckbreaker

    You are puffin on some farts.

  • @crime said:

    @SirFoxy said:

    @crime said:

    @SirFoxy said: How is the fact the owner of Lolek and AstroVM are the same not accurate? It’s the same person.

    When did I say otherwise? Astrovm was Lolek for domestic market.

    @treesmokah @tinyweasel @neckbreaker

    You are puffin on some farts.

    Seek help, seriously.

  • @SirFoxy said:

    @crime said:

    @SirFoxy said:

    @crime said:

    @SirFoxy said: How is the fact the owner of Lolek and AstroVM are the same not accurate? It’s the same person.

    When did I say otherwise? Astrovm was Lolek for domestic market.

    @treesmokah @tinyweasel @neckbreaker

    You are puffin on some farts.

    Seek help, seriously.

    I'm a vindictive mf. Regardless, I'm not whoever You accuse me of being.
    Cheers.

  • kaitkait Member

    @crime said: I'm a vindictive mf. Regardless, I'm not whoever You accuse me of being.

    Cheers.

    Why do you run doxbin, they doxxed so many people, that is not nice of you :angry:

  • @kait said: Why do you run doxbin, they doxxed so many people, that is not nice of you :angry:

    Doxbin users at least know how to dox, pathetic fox man tries and fails.

  • darkimmortaldarkimmortal Member
    edited August 2023

    @xoctopus said:
    Just encrypt your disks, setup either dropbear-initramfs to unlock / during boot - over SSH, or at the poor-man's method of doing it over VNC. Then your "fear" or being seized up by any party, of any of your remote hosting asstets will dissapear. But keep backups ofcourse. The funny thing is, statistically, all the clients who should use disk encryption, never do it, while some small customers and white projects like me, do it always.

    On anything other than encrypted memory / ‘confidential computing’ this is a fools errand. Piece of piss for a provider to dump VM memory or plug in one of the many PCIe memory dumpers

    If your threat model includes being raided, the only low end option is SEV instances at Oracle, if you can get past their sign up process. If raiding is not a risk, then EC2 as well

  • @darkimmortal said: On anything other than encrypted memory / ‘confidential computing’ this is a fools errand

    Coldboot is a myth. Never heard of it being pulled in actual case involving seizing servers.
    There is Intel MKTME/TME using SGX and AMD SEV/SME which could help you with memory, but as I said, in 99,99% cases there shouldn't be a need for that. Coldboot is hard to pull off on modern memory.

  • darkimmortaldarkimmortal Member
    edited August 2023

    @crime said:

    @darkimmortal said: On anything other than encrypted memory / ‘confidential computing’ this is a fools errand

    Coldboot is a myth. Never heard of it being pulled in actual case involving seizing servers.
    There is Intel MKTME/TME using SGX and AMD SEV/SME which could help you with memory, but as I said, in 99,99% cases there shouldn't be a need for that. Coldboot is hard to pull off on modern memory.

    Agreed I don’t think that is a reasonable attack. However when I saw how easy it is to dump via pcie I thought twice about trusting dedis

    SGX is shite and SEV is hard to find a provider for other than oracle at sane pricing (gap in the market for any providers there…)

  • crimecrime Member
    edited August 2023

    @darkimmortal said: If your threat model includes being raided, the only low end option is SEV instances at Oracle, if you can get past their sign up process. If raiding is not a risk, then EC2 as well

    Being raided and lowend does not mix. You need money to stay resilient and secure.
    Get a cab colo with cctv(common) anonymously, purchase hardware with crypto and ship it there, do your work and monitor cctv on any weird outages, active killswitch as needed.

    In ideal scenario you would shut everything down before they get their hands on hardware. Disabling common connectors such as serial port, usb etc can also help with physical resilience.

Sign In or Register to comment.