rejetto forum

Let things calm down

0 Members and 1 Guest are viewing this topic.

Offline NaitLee

  • Tireless poster
  • ****
    • Posts: 204
  • Computer-brain boy
    • View Profile
This topic is relative to https://rejetto.com/forum/index.php?topic=13535.msg1067427#msg1067427

Let things calm down. I can't persuade further since it will make things go worse.



They are still false positives.

Gibberish code, just crackers trying another non-sense protocol (possibly HTTPS).

Bell ring, a common concept of Windows CMD/PowerShell, when there's a BELL (0x07) character, Windows will just ring, to alarm something. It's along with above circumstance.

Connect? Just another non-sense that try to horrify you.
Just compare the CONNECT with GET or POST. The difference is servers just don't understand it and won't do anything.
No request methods except GET, HEAD and POST will work, in that script.

Code: [Select]
# Example. Try in unix-like environment and modify as need
echo -e -n "CONNECT google.com:443 HTTP/1.1\r\n" | socat tcp-connect:127.0.0.1:8081 -
# it won't do anything wrong in either side

For other things else, I think I could stop, "guessing" as said. I don't want to be superhero, anyway. Do what you like & think best.



Losing trust is terrible. Even more terrible if it's all caused by outsider stalkers. Terrible for both person. Yet more if plus region things.

Now that even if I do more, useless.

Hope everything will go well, without me.

Goodbye.
"Computation is not forbidden magic."
Takeback Template | PHFS


Offline Mars

  • Operator
  • Tireless poster
  • *****
    • Posts: 2055
    • View Profile
The problem is that when the address of a target is known to a hacker, there is little chance that it will not be tested. From Rom_1983's point of view, nothing accuses you, but given the suspicion that you are under surveillance, it suggests that these attacks are indirectly linked to your Python scripts.The problem is that when the address of a target is known to a hacker, there is little chance that it will not be tested. From Rom_1983's point of view, nothing accuses you, but given the suspicion that you are under surveillance, it suggests that these attacks can be indirectly linked to your Python scripts.

It should also be remembered that all messages with their content containing links to personal sites are visible to any visitor who is not logged in, so do not be surprised to be potentially the victim of unwanted visits.

If we hear most often about big brother and its eavesdropping through the NSA, we should not forget that other major countries are not behind in this area either and are increasingly trying to manipulate the opinion, it is therefore logical to remain suspicious of them as long as it is not possible to verify the information by means of sources not subject to the directives of these governments







« Last Edit: April 29, 2022, 11:59:33 PM by Mars »


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13438
    • View Profile
@naitlee, you are right and i feel bad for you because i know you were trying to help


Offline Rom_1983

  • Occasional poster
  • *
    • Posts: 28
    • View Profile
Quote
@naitlee, you are right and i feel bad for you because i know you were trying to help
And you don't feel bad that a python script is shared on your forum with just no interest in helping to counter those attacks ?
Let's be clear : if those attacks are so benign, the BELL is just "stupid code" to play with my ears, etc, blabla, why was my antivirus triggered and the name of a botnet mentioned ?
At what moment should I react and say to myself "wooooh, this is going wild now" ? When losing data ? When losing login access ?

Quote
The problem is that when the address of a target is known to a hacker, there is little chance that it will not be tested
I don't understand the logic here, but about me spreading my DUCKDNS address, I only did it AFTER the attacks appeared : https://rejetto.com/forum/index.php?topic=13535.msg1067415#msg1067415

Quote
From Rom_1983's point of view, nothing accuses you, but given the suspicion that you are under surveillance, it suggests that these attacks are indirectly linked to your Python scripts.
My point of view is : it is very unlikely that I can be subject to such an amount of hacking attempts just after a Python script was given to me, just by pure coincidence, and that one of the origin of those attacks is the same than the author of the script. If those attacks on port:80 had been going on since years, I would have had a clue of it (an error message, a sound, antivirus reacting, etc). Sorry but I don't buy the " if you open a web server on the internet, and using ports on common numbers makes it just much worse/frequent." : I've already used local HTTP serving with PHP before, I've never, NEVER, experience such an amount of attacks in any CLI opened.

So, the CLI with Python listening to :80 port is just a door opened to what was running behind the scene since years ? Explain me why the guy who gives me the script is coincidently from the same country than the botnet detected and at the same time says that "CONNECT google.com:443" is nothing to his eyes even after antivirus reacting to the botnet. So, Python can't interpret the CONNECT method, just because his script (the "server") could "never be breached" ?

How... many... elements... do... we... need... here ? How ?

A real good and professional person would say "oops, sorry, I'm a little bit reckless here, let me add a strong protection to my script" instead of taking is speaker for a total noob.
All he did was adding a banning system based on HTTP header ! Ok... and the URL typed ? Can't we say that the script doesn't accept URLs like "/actuator/health" instead of watching it with semi-closed eyes and patronizing the guy whom we gave the script ?

Quote
They are still false positives.
You have nerves to dare saying that after I send you a PM with the antivirus screenshot that you never answered. You preferred to come here right after it and talk to admins/moderators, instead of conversing with me. I've always been polite with you, don't try to dodge like that.

If I was a forum admin, I would listen to my instinct and warn you to not share scripts, programs, or plugins anymore. But hey ! That's racism !

Quote
Connect? Just another non-sense that try to horrify you.
BOO ! — Nod32
« Last Edit: April 30, 2022, 01:17:42 PM by Rom_1983 »


Offline Rom_1983

  • Occasional poster
  • *
    • Posts: 28
    • View Profile
Just a sidenote :

Quote
Losing trust is terrible. Even more terrible if it's all caused by outsider stalkers. Terrible for both person. Yet more if plus region things.
Yeah. You're so victim of "outsiders" from foreign countries, stalking* you (??) and using racism on you to a point that you feel horribly bad where you are.
I personally am french, frenchies are hated around the world, I don't play the crying puppy when giving a script opening the door to attacks in a short period of time and triggering an antivirus.
Good try, but not on me 👍

If you don't accept that people can lose trust on you, you should considere questioning yourself about your knowledge in programming. You may not be that godlike programmer you think you are... And don't make me pass for a blind offender : I've been patient during those stressing days of "trust", while watching quietly that escalation of error messages and sounds and antivirus alert.

As I use HFS v3 and the vHost plugin, I don't care anymore about resolving that drama with what I considere being a hacker in distress being spotted by a +130 IQ "noob" with good common sense.

Feel free to type a new improved version of your script in the same short period of time (24h) with your magic fingers, to prove that your are caring about hacking attemps. Or dodge it like a pro 😎 (like you dodged my proposition to mix it with my own ms-dos script and upload them on Github ; I guess you're not interested in REAL deep relationship around your "work" for a good reason...).

(*) That's a reversion, even a lapsus, and that's often used by attackers.
« Last Edit: April 30, 2022, 01:41:15 PM by Rom_1983 »


Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13438
    • View Profile
I'm not fluent with python, but i had quick look at it and didn't find anything harmful.
We are not talking about a black box, instructions are there, readable for anyone.
Would anybody find malicious instructions please let me know, and I'll take actions accordingly.


Offline Rom_1983

  • Occasional poster
  • *
    • Posts: 28
    • View Profile
Quote
I'm not fluent with python, but i had quick look at it and didn't find anything harmful.
I think the simple routing aspect with no protection against injections, combined with the amount of attacks in a period of time, is enough to say that there's something malicious here, but indeed, the script in itself is as harmless as a door built in a wall with no lock.
I would have been the author of that Python script, as soon as I would have seen the attacks (given that "this is worldwide botnets touching everybody") I would have implemented a URL filter system. ¯\_(ツ)_/¯