Server.casino – Random Servers Across the Internet (opens in new tab)

(server.casino)

62 pointsg3ol4d04y ago36 comments

36 comments

pdenton4y ago

It found http://127.249.137.9 for me and it totally works! I can even ssh to it, let's try a fork bo^#@~

[connection reset by peer]

YellowSuB4y ago

I also found that on my end, forgot I was running lighthttpd with some test website.

hsbauauvhabzb4y ago

IANAL but I would caution accessing these, they may constitute hacking in your local region.

I would doubly caution owning this, particularly given the wording on the site encourages messing with people’s servers…

don-code4y ago

I'm waiting for someone to get our corporate VPN on a blacklist just by clicking the button and hitting a honeypot. Granted, it's what I get for hitting the button without reading the code, so, shame on me?

mobilio4y ago

Like Chatrubate, but with servers? #sarcasm

jenoer4y ago

I think you mean Chatroulette.

emilfihlman4y ago

Nah, both exist.

1 more reply

yayr4y ago

function randomIP() {

  return int2ip(Math.random()\*4294967296) ;

}

says it all - better don't "mess" with what you encounter

allarm4y ago

It doesn't even exclude RFC1918 and multicast addressses. Not really efficient.

dannyw4y ago

DO NOT DO THIS.

I have a few servers exposed on IP addresses, but they are not meant for public access. You have no authorization for 'messing' with this site: what you deem playing around, might be hacking.

You may also hit a government or military IP address, known or unknown. If you mess around with them, you may receive some unfriendly visits from men in black.

mike_d4y ago

I specifically purchased my internet connection with the intention of browsing the available content of all other connected hosts.

You DO NOT have my authorization to block or restrict my ability to mess with other hosts. Doing so may be a violation of my terms of service, and interference in interstate commerce.

1 more reply

fortyseven4y ago

You have unprotected servers public facing on the internet? Cool. That's definitely not something you should be concerned about and addressing immediately.

generalizations4y ago

> they are not meant for public access

Then, I think, you need to implement "reasonable measures" to secure them. Otherwise it's like putting your stuff out by the curb.

nullify884y ago

If its on the public internet with no security, how can someone tell if their access is unauthorised? Its not really that different from connecting to facebook.com or the various publically accessible ssh servers.

celesian4y ago

I mean, your IP is being crawled by random bots dozens of time per day, what's the difference between that website and the traffic your IP gets already?

35fbe7d3d5b94y ago

Seriously, this is a laughable concern – if you have a "public facing server" you're already listed in Google, Shodan, being probed by dozens of IPs across the world...

2 more replies

bnajdecki4y ago

Scary - I get some strange URL that encouraged me to install some CSS plugin. How do you random those names? Are they only some random IPs? BTW. some history would be nice, as I couldn't find this server again :(

asplake4y ago

Um, not sure I want to open that link. What does it do?

bellyfullofbac4y ago

Huh, press the "Find a Server" button, I can see in Developer Console it tries to connect to random IP addresses over http, returning "address invalid" or "address unreachable", I guess until it hits a valid IP with a live computer.

I wonder if some ISP's heuristics will flag someone's computer as part of a botnet...

hsbauauvhabzb4y ago

Microsoft or AWS may also use telemetry to flag you also.

1 more reply

sodimel4y ago

Here's the source: https://github.com/caioluders/server.casino

aphroz4y ago

It returns you a random server with port 80 or 443 open.

wfriesen4y ago

Just 80, it seems https://github.com/caioluders/server.casino/blob/354cec4c053...

That probably increases the odds that the servers it finds are "interesting"

1 more reply

savolai4y ago

Not before you push the button on the page though.

indigodaddy4y ago

This is an extremely bad idea. Your chances of getting some malware are probably more likely than not, after playing around with something like this for 10+ minutes...

Miner49er4y ago

How? The odds of hitting a site with a browser 0-day has to be extremely low, certainly not "more likely than not". Sure you might hit sites that try to get you to download malware, but just don't download anything.

syoc4y ago

Half the struggle in exploiting someone behind NAT/FW is getting them to engage with your infrastructure. Your attack surface is massively increased once you visit a website with your browser for instance.

I see other comments mentioning logging into random IPs over ssh. Now i trust the ssh client implementation more than most software, but it's easy to slip up and enable ssh agent forwarding for instance.

1 more reply

j / k navigate · click thread line to collapse

36 comments

pdenton4y ago

It found http://127.249.137.9 for me and it totally works! I can even ssh to it, let's try a fork bo^#@~

[connection reset by peer]

YellowSuB4y ago

I also found that on my end, forgot I was running lighthttpd with some test website.

hsbauauvhabzb4y ago

IANAL but I would caution accessing these, they may constitute hacking in your local region.

I would doubly caution owning this, particularly given the wording on the site encourages messing with people’s servers…

don-code4y ago

mobilio4y ago

Like Chatrubate, but with servers? #sarcasm

jenoer4y ago

I think you mean Chatroulette.

emilfihlman4y ago

Nah, both exist.

1 more reply

yayr4y ago

function randomIP() {

  return int2ip(Math.random()\*4294967296) ;

}

says it all - better don't "mess" with what you encounter

allarm4y ago

It doesn't even exclude RFC1918 and multicast addressses. Not really efficient.

dannyw4y ago

DO NOT DO THIS.

I have a few servers exposed on IP addresses, but they are not meant for public access. You have no authorization for 'messing' with this site: what you deem playing around, might be hacking.

You may also hit a government or military IP address, known or unknown. If you mess around with them, you may receive some unfriendly visits from men in black.

mike_d4y ago

I specifically purchased my internet connection with the intention of browsing the available content of all other connected hosts.

You DO NOT have my authorization to block or restrict my ability to mess with other hosts. Doing so may be a violation of my terms of service, and interference in interstate commerce.

1 more reply

fortyseven4y ago

You have unprotected servers public facing on the internet? Cool. That's definitely not something you should be concerned about and addressing immediately.

generalizations4y ago

> they are not meant for public access

Then, I think, you need to implement "reasonable measures" to secure them. Otherwise it's like putting your stuff out by the curb.

nullify884y ago

celesian4y ago

I mean, your IP is being crawled by random bots dozens of time per day, what's the difference between that website and the traffic your IP gets already?

35fbe7d3d5b94y ago

Seriously, this is a laughable concern – if you have a "public facing server" you're already listed in Google, Shodan, being probed by dozens of IPs across the world...

2 more replies

bnajdecki4y ago

asplake4y ago

Um, not sure I want to open that link. What does it do?

bellyfullofbac4y ago

I wonder if some ISP's heuristics will flag someone's computer as part of a botnet...

hsbauauvhabzb4y ago

Microsoft or AWS may also use telemetry to flag you also.

1 more reply

sodimel4y ago

Here's the source: https://github.com/caioluders/server.casino

aphroz4y ago

It returns you a random server with port 80 or 443 open.

wfriesen4y ago

Just 80, it seems https://github.com/caioluders/server.casino/blob/354cec4c053...

That probably increases the odds that the servers it finds are "interesting"

1 more reply

savolai4y ago

Not before you push the button on the page though.

indigodaddy4y ago

This is an extremely bad idea. Your chances of getting some malware are probably more likely than not, after playing around with something like this for 10+ minutes...

Miner49er4y ago

syoc4y ago

1 more reply

j / k navigate · click thread line to collapse