undefined | Better HN

0 points35fbe7d3d5b94y ago0 comments

Seriously, this is a laughable concern – if you have a "public facing server" you're already listed in Google, Shodan, being probed by dozens of IPs across the world...

0 comments

nonbirithm4y ago

I found this showing up in my logs recently.

     [21/Jun/2021:19:07:19 +0000] "GET / HTTP/1.1" 301 169 "-" "Expanse, a Palo Alto Networks company, searches across
 the global IPv4 space multiple times per day to identify customers&#39; presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"

I remember thinking that ads in server logs was a new one to me.

dannyw4y ago

Let me explain, I am not running any services on standard ports. You'd have to do a port scan and find one of the ports running a web service. But they're HTTPs (with unsigned personal certificate keys, mind you) and are password protected.

I still get so. many. random people entering passwords and trying to break in. They don't look like a wordlist or automated bots, they're literally people guessing.

Just because you see a username and password screen after you nmap this public IP, doesn't give you the right to start trying to hack it.

35fbe7d3d5b9OP4y ago

You're making a normative argument; I'm making a positive one.

You ought not try random usernames/passwords on someone's public server, I agree. But if you expose a public server that lets someone type a username/password, you had best be ready for someone to guess values.

1 more reply

j / k navigate · click thread line to collapse