New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Yes, ssh jumphost is a legit use — for now we only allow it over IPv6. I will consider later on if it will be available also for ipv4, for now is blocked by pf rule.
If not, can always blame @yoursunny
Thanks! Just signed up for some daemon party.
60mb shall be enough for my statically linked nmap binary!
(which i'm not going to upload but someone certainly will...)
I just got my account! Thanks @elusiVeRPG for these amazing projects! 🙂
That would be beneficial for many providers - keep up the good work.
Re freedns - again just keep abuse in mind and decide how you wish to deal with it. Not good if the entire TLD is blocked.
Wishing you well.
Mike
Happy to serve as your abuse nest!
:P Can you tell me your ident ? :P
Trust me, i totally would but i don't have one. I have enough boxes to not upload static nmaps to already. Just watch out. There's bound to be that guy.
But backing to the topic seriously, IPv4 scan is not possible right now (blocked) and I'm working on a solution which will prevent doing the scan also by IPv6.
. But also like I mentioned before we cannot prevent all tryouts of abuse. So if the users will not help sooner or later somebody will try to test us.
True, IPv6 complicates scanning quite a bit (as long as people don't use easily guessable parts of their /64 at least). Being free there might be users not minding long run times or low success rates though
Anyways, i figure mere scanning probably won't be that much of a problem. Sure it might trigger a bunch of abuse mails from sensitive providers but scanning is not illegal anywhere (at least as far as i know). Depending on your upstream you might be able to get a bit of leniency there and once its reported figuring out the source user shouldn't be very hard (at least for any kind of long running scan, which i imagine IPv6 scans to be pretty much by default).
The only thing you can do to prevent it technically is probably running an IDS on your outbound traffic to detect scan patterns. I don't know how good that'll work if the scanner doesn't follow a sequential pattern but at some point the abysmal success rate of the connections should easily separate it from some P2P thing or whatever.
So I start making "research" in this area and I will consider (first I need to learn them) Suricata + ET-open and auditd for host side. I hope to get them running as soon as possible. Thanks @totally_not_banned for pointing me in the right direction.
yeah also put some warning 'this ... were logged to be audited when abuse report(s) were recieved' or whatever wording you can came out with. just don't do what c-server had done blaming & kicking alot of users without provable reasoning behind the action.
Warnings are a double edged sword. Sure it might scare of a couple abuser but to the dedicated ones this basically reads as "Use VPN/proxy to connect". In the end chances of anything happening besides the account being toast are extremely slim anyways. Most enduser ISPs (even otherwise quite reputable ones) are extremely bad/slow at acting upon complaints (maybe outside of copyright or related ones). Outside of copyright (or depending on jurisdiction speach - weird priorities but it is what it is...) everyone knows that there's a higher probability of hell freezing over than legal action being taken (especially over something that isn't exactly illegal to begin with) or even if it going anywhere. Without provable (and substantial) damages police isn't going to subpoena user data of some IP let alone try to gather evidence, which would usually mean raiding the user to confiscate equipment and need an actual court order. All on in all just very, very unlikely.
Also IT and proof is a very strange combination. Once i know your IP/username/younameit i can doctor up logs/screenshots/... claiming pretty much anything. After all it's just a bunch of text/pixels/whatever and the only authentication they have is me claiming that those were produced in a legitimate manner. There's very little difference between simply claiming that you used my server to try to assemble an atomic bomb and copy/pasting some log stating the same. In the end it's both just me claiming something even if one version looks more legit than the other.
What are some cool usecases for shells like this?
Historically the prime use case would probably have been IRC bouncers/screened clients. Nowadays i don't really know but there's a lot of things that can be done with 60mb. You could easily stick cloudflare in front of your IPv6 and host a website, scrape the web or run a Monero miner (don't do this kids...). It's pretty much the same as with a very tiny VPS. Main difference being that if you want to run some custom application you'll likely have to compile it offsite and just upload the binaries.
This bring back so many memories of 2002-10 IRC era
Back then it was only shell accounts and not only they were expensive, most of the countries had no other way than bank transfer to pay.. GJ and GL with the project
Yes i try to do it more transparent but for example i do not accept new account registrations for usernames like r00t or random like e.g jvcstwno and with random like maila. Users who use something like this will be rejected. I can accept it after a talk here by pm or on irc.
Okay, just to let you know we are now using the automated abuse activity scanner which is flagging users that try to penetrate our hosts or any other abuse activity, and till now one user has been flagged, checked, and suspended as it was a real probe to penetrate our system. Just to be clear, nothing was exposed except our two internal WireGuard IPs that we use to connect our apis, which are not really thread, but this is already fixed and nobody can see which IPs are used by WireGuard.
s/all/our
Now I need also advice from the community what we should do in case of abuse from the users. Should we post here username and email used by abuser? How to deal with it? As we are new in that kind of stuff. :)We will appreciate all advice from the community.
@elusiVeRPG
My application was declined, then tried to connect to irc as instructed, then that's the error.
Sorry, but the "default" username is on our registration forbidden usernames with admin panel, etc. But if I know You from here as a legit user, pm me I will let you to register with this user name
About expiring certificate from IRCnet server. IRCnet is known from not keeping everything up to date. So it's normal on this network. They not so often do updates on their servers.
@default Please try again
Thank you for access.
This service is pretty neat, especially considering it is FreeBSD.
Some simple suggestions:
We will get those suggestions under consideration, but for email for now we do not think it will be available. As for me email topic is for now "risk"
I need to read and learn more to do it right and prevent abuse in this topic. 
The rest, I think we will provide soon.
Hard to tell about the abuse, as I've never managed anything like this, but please tighten and limit things as you see fit.
I played with the shell just a little and everything is very fast and cool
Definitely would love to see the service staying afloat for the long haul.
just to let you know that those are now installed on the server:
- vim
- elinks
- rclone
Just a reminder shellter is NOT:
a proxy endpoint for proxy, hives or "pretending" to be legit website of other brands. Our scanners are improving. We have suspended first and purged 6 accounts today. Those were poking around host infrastructure, penetration tryouts, proxy endpoint for big proxy relays, hiveproxy for hive content moderation and cherry on cake - website pretending to be EB Games waiting page, so probably scam tryout.
To be clear, any of normal users was not harmed in any way by those abusers.
ok it's working! thank you
http://[2a03:94e0:257e:42::1]:8080/
Your shell account samoht999 has been suspended. Active sessions were terminated and new logins are blocked.
It didn't last much Loool
Telegram notification did wake me up