fsebugoutzone.org:9999

       Post AwCflUUpYli2y1f7js by sysop408@sfba.social
 (DIR) More posts by sysop408@sfba.social
 (DIR) Post #AwCeuxnfsUWwVIQgQS by Viss@mastodon.social
       2025-07-16T17:35:36Z
       
       5 likes, 2 repeats
       
       if you put a webserver up on the internet. anywhere, hosting anything, you will see &quot;the background radiation of the internet&quot;, and it looks like this:
       
 (DIR) Post #AwCev2Kn1JOcZ9xBb6 by Viss@mastodon.social
       2025-07-16T17:37:42Z
       
       0 likes, 0 repeats
       
       and what you can take away from this log is that the reason they are blasting the entire internet, every webserver with these requests - most of which are &#39;im gonna hit myself in the face with a brick now&#39; level of bad from a config/dev/admin perspective - is squarely because it has worked for them enough times that they feel spraying the internet will nab them more. look.just look at the shit they&#39;re collecting and how easily theyre doing it. this is because dockerthis is because k8s
       
 (DIR) Post #AwCev6aXCiMpl9Loh6 by Viss@mastodon.social
       2025-07-16T17:38:55Z
       
       0 likes, 0 repeats
       
       this is because everywhere has gone &quot;DX&quot; - or &quot;optimizing for the developer experience above all else, at the cost of everyone else. &quot;make things as easy as possible for the devs/devops, we dont care how bad the security becomes, how many layers of abstraction get installed, how many dozen new js frameworks appear this afternoon, how public the data is, how bad the architecture is - burn the building downjust make sure the devs are comfy
       
 (DIR) Post #AwCevAyQtnrPMQYxV2 by Viss@mastodon.social
       2025-07-16T17:54:35Z
       
       1 likes, 0 repeats
       
       and if youre lucky, sometimetimes you catch one that may be actually interesting, possibly being used by an active malicious actor / campaign &quot;GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1&quot;never seen that one before, but I bet its working for SOMEONE out there
       
 (DIR) Post #AwCflU88v7Yrpf30NM by paul_ipv6@infosec.exchange
       2025-07-16T18:33:30Z
       
       0 likes, 0 repeats
       
       @Viss yeah. if you ever want to be convinced that the internet is doomed, just put up your own email or web server and actually read the logs... ;)
       
 (DIR) Post #AwCflUUpYli2y1f7js by sysop408@sfba.social
       2025-07-16T18:40:11Z
       
       0 likes, 0 repeats
       
       @paul_ipv6 that status message when you login to your root account letting you know there have been 2817 failed login attempts since the last time you signed in is absolutely lit! @Viss
       
 (DIR) Post #AwCflVMiKQoLf8s9j6 by Viss@mastodon.social
       2025-07-16T18:40:38Z
       
       0 likes, 0 repeats
       
       @sysop408 @paul_ipv6 fail2ban!
       
 (DIR) Post #AwCflVZTYz1GIiqLcO by paul_ipv6@infosec.exchange
       2025-07-16T19:05:46Z
       
       0 likes, 0 repeats
       
       @Viss @sysop408 indeed. went from 1500+ attempts from a unique IP to maybe 15 in a week?
       
 (DIR) Post #AwCflW5jd2p7ulw6ts by sysop408@sfba.social
       2025-07-16T19:11:18Z
       
       0 likes, 0 repeats
       
       @paul_ipv6 @Viss yes, thank goodness for fail2ban and CSF firewall.
       
 (DIR) Post #AwCflWEb65ueMG5BiK by Jain@blob.cat
       2025-07-16T21:29:02.329448Z
       
       0 likes, 0 repeats
       
       @sysop408 @paul_ipv6 @Viss :blobcatthinkOwO: maybe i should start serving gzip bomb responses as those files :blobcathyper2:
       
 (DIR) Post #AwCoi4Tck57CzJXfYO by wolf480pl@mstdn.io
       2025-07-16T23:09:21Z
       
       0 likes, 0 repeats
       
       @Viss are these even before you get an https certificate and your domain gets published in thr CT log?
       
 (DIR) Post #AwCow3i8O2sWfO002a by Viss@mastodon.social
       2025-07-16T23:11:52Z
       
       0 likes, 0 repeats
       
       @wolf480pl this is if you light up a vm in the cloud, on any ip, and open up port 80 for inbound traffic. no certs, no dns, no domain, nothing.
       
 (DIR) Post #AwCs3fvJ0nyt4OU18y by Viss@mastodon.social
       2025-07-16T23:36:43Z
       
       0 likes, 0 repeats
       
       @RedTechEngineer oh we can do way gnarlier than that
       
 (DIR) Post #AwDW3JRAbwIxUsllM8 by ObbieZ@urbanists.social
       2025-07-17T03:22:32Z
       
       0 likes, 0 repeats
       
       @Viss All of the requests illustrated in this log are from localhost (127.0.0.1).   Am I missing something here? Or are the IP addresses from the actual log &quot;redacted&quot;?
       
 (DIR) Post #AwDW3KJ3NbPGBzynLM by Viss@mastodon.social
       2025-07-17T03:24:45Z
       
       1 likes, 0 repeats
       
       @ObbieZ this is a flask app sittng behind an apache reverse proxy, and i hadnt yet configged up the x-forwarded-for header capture
       
 (DIR) Post #AwEb1cSHcqJwpWGIdc by crocodisle@woof.tech
       2025-07-16T22:51:24Z
       
       0 likes, 0 repeats
       
       @Viss &quot;this is because dockerthis is because k8s&quot;I&#39;m curious to hear more about this take. I&#39;m only a hobbyist at this point, but I run some docker services on my local network, nothing (to my knowledge) exposed to WAN or ports forwarded. Surely this can&#39;t be *mostly* docker and DX&#39;s fault that the internet is like this, can it? The reason I ask is because I care about my services and network being secure, and in the future I would like to host public web servers, though probably not from my home network. Inevitably there will be something I&#39;ll miss when embarking on a project like that, but I&#39;m wondering if there&#39;s a takeaway I&#39;m missing from these posts aside from avoiding abstraction as much as possible when designing web services.
       
 (DIR) Post #AwEb1dZPTpcEHubVNw by Viss@mastodon.social
       2025-07-16T23:14:29Z
       
       0 likes, 0 repeats
       
       @crocodisle i have seen the inside of probably 30 companies worth of k8s infrastructures. ive seen things.
       
 (DIR) Post #AwEb1ebZdGwNUuckOe by Viss@mastodon.social
       2025-07-16T23:15:54Z
       
       0 likes, 0 repeats
       
       @crocodisle if you want free advice:- if you want to host a thing and you want that thing to be public, do not host it inside of docker or k8s. - there are many many reasons why, and i dont want to turn this into a 300 post long thread- whoever decided that all the secrets need to be stored in env vars or in files called .env should not be allowed to touch computers anymore- do your coding/building behind a firewall- push static content to &#39;a host&#39;- do not run docker or k8s on that host.
       
 (DIR) Post #AwEb1fVEILSaHWfC9A by viq@social.hackerspace.pl
       2025-07-17T19:25:38Z
       
       0 likes, 0 repeats
       
       @Viss @crocodisle all those issues are older than containers. And the trying about configuring via environment variables, I think I&#39;ve seen mostly nodejs stuff insist on that.
       
 (DIR) Post #AwEb1gQIs9778XMm6i by Viss@mastodon.social
       2025-07-17T19:44:02Z
       
       0 likes, 0 repeats
       
       @viq @crocodisle yep. containers just make it way way way way way way easier to host content with the same problems that have plagued us for decades. these problems &quot;do not exist because of docker/k8s&quot;  but  &quot;these problems are made way way way way worse by docker/k8s&quot;
       
 (DIR) Post #AwEb1gxGtZU8mmn6Ui by viq@social.hackerspace.pl
       2025-07-17T19:45:06Z
       
       0 likes, 0 repeats
       
       @Viss @crocodisle &quot;lowering barrier to entry increases amount of sludge making it over the barrier&quot;