undefined | Better HN

0 pointszinekeller3y ago0 comments

As someone else (https://news.ycombinator.com/item?id=31096321) pointed out, everyone does that already, with Shodan (https://www.shodan.io/) being one of the most popular ones.

0 comments

5ESS3y ago

I don’t trust Shodan (a Corporation) not to hide / omit certain results or certain ranges. A self hosted scanner that could be deployed on a cheap VPS would be a better solution. having the ability to scan the entire internet is pretty fascinating honestly. Who knows what kind of sick and bizarre content dredging the entire internet with no filters might dig up.

zinekellerOP3y ago

I genuinely don't get your point to be honest.

First, you allege that Cloudflare took down a repository that you claim might harm their interests. It could be indeed Cloudflare or it could instead be just GitHub noticing this repository by the "crime" in the repository name.

Second, you have said that one legitimate reason is because "they categorically block" Tor (https://news.ycombinator.com/item?id=31095920). I asked you if you can give a website that is fronted by Cloudflare and has blocked Tor users and is otherwise not something that would usually block Tor users and VPNs in any situation like banks (https://news.ycombinator.com/item?id=31095982). I haven't received any reply from you or even someone else to substantiate this.

Then, you said that you will build a similar too to scan the IPv4 internet space. Guess what: automated nefarious scanners are pounding on every IPv4 address to find unprotected systems, either because it's Windows and it's SMB feature is so bug-ridden that exploits are patched nearly every Patch Tuesday. Or old Wordpress installations where fully-automatic worms will hijack the site for spam links. Or even directly hacking routers and servers for botnets. It already exists to be honest, so I don't get why are you pretending that this is a new vulnerability or something.

5ESS3y ago

It’s a story in itself that a simple script which locates a site’s real IP was taken down for TOS violations. Cloudflare doesn’t own the real IPs or something so it’s really unclear why they (or GitHub) were entitled to take down this repository. Just because it threatens their million dollar buisness model they think they can take it down? That’s wrong my friend. And people need to know. Cloudflare or GitHub overstepped it’s boundaries to help a corporation enforce security by obscurity. Since this method is proven to be preventable, why take it down? Instead of taking it down from public knowledge (which does nothing to stop cybercriminals with private forks) why don’t they help their customers mitigate the impact instead?

Also, they stopped blocking the Tor IPs now but this wasn’t always the case. Many people remember a few years ago the IPs were blocked.

2 more replies

j / k navigate · click thread line to collapse

0 comments

5ESS3y ago

zinekellerOP3y ago

I genuinely don't get your point to be honest.

5ESS3y ago

Also, they stopped blocking the Tor IPs now but this wasn’t always the case. Many people remember a few years ago the IPs were blocked.

2 more replies

j / k navigate · click thread line to collapse