~dr|z3d
@RN
@RN_
@StormyCloud
@eyedeekay
@postman
@zzz
%Liorar
+FreefallHeavens
+Xeha
+bak83_
+cumlord
+hk
+poriori
+profetikla
+uop23ip
Arch
DeltaOreo
FreeRider
Irc2PGuest10850
Irc2PGuest19353
Irc2PGuest23854
Irc2PGuest46029
Irc2PGuest48064
Meow
Nausicaa
Onn4l7h
Onn4|7h
Over
T3s|4__
acetone_
anon4
anu
boonst
enoxa
glowie
mareki2pb
mittwerk
orignal
plap
shiver_
simprelay
solidx66
u5657_1
weko_
orignal
hk what language do you use? go?
hk
orignal: hello orignal, yes yes primarily go now
hk
but I started with C++ long ago, about 3 years ago it was just C/C++, all private and nothing public
hk
then I dabbled in rust; but I like C++ better to be honest
hk
a lot of memory issues can be solved with std::unique_ptr
hk
only recently have I started to code in public projects, and that has been entirely in go as it is my new fascination and im growing to like the language
bak83
I forgot that I could use netcat to send tcp packets, so thank you orignal. That makes life so much easier. I'm still looking for it, but sending a malformed or unsupported SAM message falls through to an infinte loop somewhere. I suspect that is what possibly prevents new SAM messages from being handled
RN
bleep bloop
hk
RN: huh
hk
you're a bot now?
hk
I meant no offense <:) just jesting
dr|z3d
latest + dev build, light/dark themes now have collapsible /help/advancedsettings entries. other themes to follow.
dr|z3d
also, page has been refactored into sections, so should be easier to browse.
RN
if you think I'm a bot, you can bite my shiny metal arse
RN
;)
RN
(quoting Bender Rodriguez there)
RN
*** giggles and runs away to where the robots hide ***
T3s|4
dr|z3d: nice work on /help/advancedsettings :)
dr|z3d
thanks T3s|4!
orignal
bak83_ I will check and make sure to disconnect if message is incomplete
hk
RN: I got that reference :D
dr|z3d
so, without XG routers in the mix, transit request count looks normal. definitely something dubious with those XG routers.
zzz
individual routers don't seem to last long but I am starting to see new ones at the same IPs; no use in hash bans
dr|z3d
all XG?
zzz
StormyCloud, see my retweet re: tor attack, might happen to you
dr|z3d
StormyCloud's no longer hosting Tor exits.
zzz
i know, still might happen to him
dr|z3d
ok
dr|z3d
ssh scanners is nothing new, I've seen that before.
dr|z3d
you attempt to connect to a ssh server over ssh, and guess what, ssh reports that the key/host has changed.
dr|z3d
or the server id, whatever it is.
dr|z3d
*over Tor
dr|z3d
not frequently, but I've seen that a handful of times.
hk
or scanning for password protecting ssh vs public key
hk
protected*
dr|z3d
sure, never a good idea to keep p/w access enabled on an ssh server.
hk
you'd be surprised how widespread it is lmfao
hk
I dont understand it either, i can understand the motivations if its a shared server and they prefer ease of use but man... I hope that they have fail2ban
hk
even that be surprassed with residential proxies
dr|z3d
doesn't matter, shared server or not. upload key(s), disable p/w access, disable root login, done.
hk
amen
hk
public key is the only way to go
eyedeekay
Too bad about the upload keys step, it would be nice if there were an easy way to set that up that allows the keys to be copied without shipping a default config that tolerates password authentication
hk
yeah there is a short period of paranoia where you rush to setup ssh_config
hk
sshd_config*
eyedeekay
Well also not everybody's going to remember to change it, or know to change it, or they might just make a mistake
eyedeekay
Better defaults would prevent that if it was clear how to make them work
hk
it's like
hk
forgetting to lock your doors at home lol
hk
yeah
hk
well except, it's just one and done
hk
I imagine if there's a sysadmin managing multiple servers, it could be easy to forget but it's so critical
eyedeekay
Yeah and also there are plenty of non-sysadmins, or at least people who don't consider themselves that, with "servers" out there they don't even know about
eyedeekay
I know a guy who's off-the-shelf home mesh equipment has an SSH server exposed on port 22 which has the same password as the WebUI for his router
hk
jesus man lol
hk
the fact that he even told you, bad opsec on his part XD
eyedeekay
Oh yeah he's a whole idiot
hk
no offense meant, but I wouldn't even tell my parents if they could understand what my ssh config is
hk
again it's like... the keys to your house
eyedeekay
Well the dumbest part is that he didn't actually configure it that way, the ssh server and the webUI share a password by default
hk
"hey man I leave my keys under my doormat"
hk
brutal
eyedeekay
And like it's a whole SSH server, I can like compile stuff on my laptop and upload it
hk
ahahahh
eyedeekay
And the SSH server is running by default
hk
looool man I can never understand
hk
there has to be a word for the opposite of paranoia
hk
like complete openness and lack of anxiety
eyedeekay
pronoia
hk
there you go
eyedeekay
Honestly if he or I had the time it would be cool hardware to target with an OpenWRT port if somebody else hasn't already, just because it comes so completely blown open by default
eyedeekay
But larger point, people like that need way better defaults than he got from whatever fly-by-night company he bought his hardware from
hk
for sure, they just assume taht the end-user will secure it themselves but it seems like they need to package for pronoia people and have a disclaimer on the ramifications of defaults lol
eyedeekay
Yeah and the truth we've all come to understand here is that basically no one changes the defaults
eyedeekay
If the default is bad, consumers rarely change it
RN
they should put pictures of lung cancer on the box of consumer routers with text saying "this could happen to you if you don't change the default password"
RN
"the tyrany of the defaults"
eyedeekay
European cigarette packaging is fucking brutal
RN
yeah it is
RN
LOL
RN
doesn't stop smokers though, we are a stubborn bunch
eyedeekay
crying babys covering up their mom's tracheotomy scars and stuff
eyedeekay
I only ever smoke tobacco in Europe because I'm only in Europe for a couple weeks a year
zzz
you missed the point folks. the ssh scans to random places have spoofed source IPs of tor exits, so the abuse reports are wrong
RN
ouch
zzz
this IS something new
RN
*** goes off to double check passwords are disableded ***
T3s|4
RN, as you know its PasswordAuthentication no and PubkeyAuthentication yes :)
RN
yeah
RN
just wanted to make sure I didn't miss it somewhere
T3s|4
always worth a recent check :D
RN
gotta have pubkey established before disabling password
RN
;)
T3s|4
^yep; and I've never figured out a way around that
RN
just like you can't avoid first connection to a vps before you set up I2P/Tor tunnels for ssh
RN
but you can do that first connect from an IP other than "home"
eyedeekay
Oh I didn't see the tweet until now
eyedeekay
This rings a bell somewhere for me
eyedeekay
Pretty good article from one of the people running the affected relays posted here: delroth.net/posts/spoofed-mass-scan-abuse
orignal
I'm not a sysadmin, for example
orignal
RN you don't need to disable password
orignal
just set one generated by pwgen
orignal
There were 18987 failed login attempts since the last successful login.
orignal
just logon to one of my VPS
eyedeekay
Apparently they're doing it to relays too
orignal
relay what?
eyedeekay
Tor relays, there's an attack going on against Tor where the attacker triggering abuse complaints against the relays by making it appear that scans of port 22 are originating from the relays
RN
orignal, but why even give them the opportunity to try? Simpler solution for me to just turn off pw access.
dr|z3d
that doesn't seem like a difficult attack to pull off, just torsocks nmap or whatever.
dr|z3d
and I'd question whether the attack is intended to trigger complaints, sounds more like a side effect from running a scan over Tor.
eyedeekay
The attackers have a website, they are quite overt about the intent
dr|z3d
oh, then color me wrong.
dr|z3d
:)
eyedeekay
You're right though it seems very simple to pull off, but the difference here is that it doesn't actually turn out to be exit traffic at all, it's spoofed and sent from other addresses
eyedeekay
the attackers don't care about getting the results of the scan at all, they just care about making it seem like Tor nodes are the bad guys
eyedeekay
That's why they can do it to relays as well as exits
dr|z3d
same treatment for /help/faq as per /help/advancedsettings in latest + dev build (dark theme only, others to follow)
T3s|4
dr|z3d: new FAQs look great, thanks :)
T3s|4
dr|z3d: I see truncated under Where are my i2p config files stored? > Configuration files for the router, installed plugins, and router logs are stored in the following location:'
T3s|4
^when you have time, not sure why it got truncated
dr|z3d
thanks, T3s|4, will fix.
orignal
wtf going on?
orignal
postman keeps kicking me out
cumlord
postman is very tired
orignal
I mean this irc server
orignal
* [orignal] idle 05:59:10, signon: Mon Nov 4 18:53:41
orignal
see my uptime at Ilita
orignal
on Monday I just rebuilt
cumlord
don't think i've been having disconnects with either
cumlord
ilita runs on i2pd right?
T3s|4
np dr|z3d - minor stuff :)
dr|z3d
fix coming up, ETA 10m.
orignal
WebClient56: 13:57:16@15/error - Reseed: Mammoth's shit
orignal
some reseed is outdated
dr|z3d
check this, orignal: checki2p.com/reseed/index.php
orignal
and?
dr|z3d
and now you know.
dr|z3d
reseed-pl.i2pd.xyz <- stale RIs.
orignal
so which one?
dr|z3d
any in yellow.
orignal
thanks
dr|z3d
mouseover the dot and it'll tell you the status.
orignal
this reseed is not longer in the list
orignal
thar guy says he used outdated version of i2pd
dr|z3d
which? pl?