#saltr (irc2p) | I2P+ 2.7.0-11+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | natter.i2p | notbob.i2p | ramble.i2p | shreddit.i2p | cake.i2p | /msg an op for voice

orignal hk what language do you use? go?

hk orignal: hello orignal, yes yes primarily go now

hk but I started with C++ long ago, about 3 years ago it was just C/C++, all private and nothing public

hk then I dabbled in rust; but I like C++ better to be honest

hk a lot of memory issues can be solved with std::unique_ptr

hk only recently have I started to code in public projects, and that has been entirely in go as it is my new fascination and im growing to like the language

bak83 I forgot that I could use netcat to send tcp packets, so thank you orignal. That makes life so much easier. I'm still looking for it, but sending a malformed or unsupported SAM message falls through to an infinte loop somewhere. I suspect that is what possibly prevents new SAM messages from being handled

RN bleep bloop

hk RN: huh

hk you're a bot now?

hk I meant no offense <:) just jesting

dr|z3d latest + dev build, light/dark themes now have collapsible /help/advancedsettings entries. other themes to follow.

dr|z3d also, page has been refactored into sections, so should be easier to browse.

RN if you think I'm a bot, you can bite my shiny metal arse

RN ;)

RN (quoting Bender Rodriguez there)

RN *** giggles and runs away to where the robots hide ***

T3s|4 dr|z3d: nice work on /help/advancedsettings :)

dr|z3d thanks T3s|4!

orignal bak83_ I will check and make sure to disconnect if message is incomplete

hk RN: I got that reference :D

dr|z3d so, without XG routers in the mix, transit request count looks normal. definitely something dubious with those XG routers.

zzz individual routers don't seem to last long but I am starting to see new ones at the same IPs; no use in hash bans

dr|z3d all XG?

zzz StormyCloud, see my retweet re: tor attack, might happen to you

dr|z3d StormyCloud's no longer hosting Tor exits.

zzz i know, still might happen to him

dr|z3d ok

dr|z3d ssh scanners is nothing new, I've seen that before.

dr|z3d you attempt to connect to a ssh server over ssh, and guess what, ssh reports that the key/host has changed.

dr|z3d or the server id, whatever it is.

dr|z3d *over Tor

dr|z3d not frequently, but I've seen that a handful of times.

hk or scanning for password protecting ssh vs public key

hk protected*

dr|z3d sure, never a good idea to keep p/w access enabled on an ssh server.

hk you'd be surprised how widespread it is lmfao

hk I dont understand it either, i can understand the motivations if its a shared server and they prefer ease of use but man... I hope that they have fail2ban

hk even that be surprassed with residential proxies

dr|z3d doesn't matter, shared server or not. upload key(s), disable p/w access, disable root login, done.

hk amen

hk public key is the only way to go

eyedeekay Too bad about the upload keys step, it would be nice if there were an easy way to set that up that allows the keys to be copied without shipping a default config that tolerates password authentication

hk yeah there is a short period of paranoia where you rush to setup ssh_config

hk sshd_config*

eyedeekay Well also not everybody's going to remember to change it, or know to change it, or they might just make a mistake

eyedeekay Better defaults would prevent that if it was clear how to make them work

hk it's like

hk forgetting to lock your doors at home lol

hk yeah

hk well except, it's just one and done

hk I imagine if there's a sysadmin managing multiple servers, it could be easy to forget but it's so critical

eyedeekay Yeah and also there are plenty of non-sysadmins, or at least people who don't consider themselves that, with "servers" out there they don't even know about

eyedeekay I know a guy who's off-the-shelf home mesh equipment has an SSH server exposed on port 22 which has the same password as the WebUI for his router

hk jesus man lol

hk the fact that he even told you, bad opsec on his part XD

eyedeekay Oh yeah he's a whole idiot

hk no offense meant, but I wouldn't even tell my parents if they could understand what my ssh config is

hk again it's like... the keys to your house

eyedeekay Well the dumbest part is that he didn't actually configure it that way, the ssh server and the webUI share a password by default

hk "hey man I leave my keys under my doormat"

hk brutal

eyedeekay And like it's a whole SSH server, I can like compile stuff on my laptop and upload it

hk ahahahh

eyedeekay And the SSH server is running by default

hk looool man I can never understand

hk there has to be a word for the opposite of paranoia

hk like complete openness and lack of anxiety

eyedeekay pronoia

hk there you go

eyedeekay Honestly if he or I had the time it would be cool hardware to target with an OpenWRT port if somebody else hasn't already, just because it comes so completely blown open by default

eyedeekay But larger point, people like that need way better defaults than he got from whatever fly-by-night company he bought his hardware from

hk for sure, they just assume taht the end-user will secure it themselves but it seems like they need to package for pronoia people and have a disclaimer on the ramifications of defaults lol

eyedeekay Yeah and the truth we've all come to understand here is that basically no one changes the defaults

eyedeekay If the default is bad, consumers rarely change it

RN they should put pictures of lung cancer on the box of consumer routers with text saying "this could happen to you if you don't change the default password"

RN "the tyrany of the defaults"

eyedeekay European cigarette packaging is fucking brutal

RN yeah it is

RN LOL

RN doesn't stop smokers though, we are a stubborn bunch

eyedeekay crying babys covering up their mom's tracheotomy scars and stuff

eyedeekay I only ever smoke tobacco in Europe because I'm only in Europe for a couple weeks a year

zzz you missed the point folks. the ssh scans to random places have spoofed source IPs of tor exits, so the abuse reports are wrong

RN ouch

zzz this IS something new

RN *** goes off to double check passwords are disableded ***

T3s|4 RN, as you know its PasswordAuthentication no and PubkeyAuthentication yes :)

RN yeah

RN just wanted to make sure I didn't miss it somewhere

T3s|4 always worth a recent check :D

RN gotta have pubkey established before disabling password

RN ;)

T3s|4 ^yep; and I've never figured out a way around that

RN just like you can't avoid first connection to a vps before you set up I2P/Tor tunnels for ssh

RN but you can do that first connect from an IP other than "home"

eyedeekay Oh I didn't see the tweet until now

eyedeekay This rings a bell somewhere for me

eyedeekay Pretty good article from one of the people running the affected relays posted here: delroth.net/posts/spoofed-mass-scan-abuse

orignal I'm not a sysadmin, for example

orignal RN you don't need to disable password

orignal just set one generated by pwgen

orignal There were 18987 failed login attempts since the last successful login.

orignal just logon to one of my VPS

eyedeekay Apparently they're doing it to relays too

orignal relay what?

eyedeekay Tor relays, there's an attack going on against Tor where the attacker triggering abuse complaints against the relays by making it appear that scans of port 22 are originating from the relays

RN orignal, but why even give them the opportunity to try? Simpler solution for me to just turn off pw access.

dr|z3d that doesn't seem like a difficult attack to pull off, just torsocks nmap or whatever.

dr|z3d and I'd question whether the attack is intended to trigger complaints, sounds more like a side effect from running a scan over Tor.

eyedeekay The attackers have a website, they are quite overt about the intent

dr|z3d oh, then color me wrong.

dr|z3d :)

eyedeekay You're right though it seems very simple to pull off, but the difference here is that it doesn't actually turn out to be exit traffic at all, it's spoofed and sent from other addresses

eyedeekay the attackers don't care about getting the results of the scan at all, they just care about making it seem like Tor nodes are the bad guys

eyedeekay That's why they can do it to relays as well as exits

dr|z3d same treatment for /help/faq as per /help/advancedsettings in latest + dev build (dark theme only, others to follow)

T3s|4 dr|z3d: new FAQs look great, thanks :)

T3s|4 dr|z3d: I see truncated under Where are my i2p config files stored? > Configuration files for the router, installed plugins, and router logs are stored in the following location:'

T3s|4 ^when you have time, not sure why it got truncated

dr|z3d thanks, T3s|4, will fix.

orignal wtf going on?

orignal postman keeps kicking me out

cumlord postman is very tired

orignal I mean this irc server

orignal * [orignal] idle 05:59:10, signon: Mon Nov 4 18:53:41

orignal see my uptime at Ilita

orignal on Monday I just rebuilt

cumlord don't think i've been having disconnects with either

cumlord ilita runs on i2pd right?

T3s|4 np dr|z3d - minor stuff :)

dr|z3d fix coming up, ETA 10m.

orignal WebClient56: 13:57:16@15/error - Reseed: Mammoth's shit

orignal some reseed is outdated

dr|z3d check this, orignal: checki2p.com/reseed/index.php

orignal and?

dr|z3d and now you know.

dr|z3d reseed-pl.i2pd.xyz <- stale RIs.

orignal so which one?

dr|z3d any in yellow.

orignal thanks

dr|z3d mouseover the dot and it'll tell you the status.

orignal this reseed is not longer in the list

orignal thar guy says he used outdated version of i2pd

dr|z3d which? pl?