Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Off-topic
  3. how a hacker got stopped quickly after attempting to hack me

how a hacker got stopped quickly after attempting to hack me

Scheduled Pinned Locked Moved Off-topic
6 Posts 1 Posters 831 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A Offline
    A Offline
    adisonverlice2
    wrote on last edited by
    #1

    so the story starts like this.
    I have an email alias with duckduckgo which has apparently been on a dating agency, darktoy@duck.com.
    now this email, you may not know this, has been targeted with hacking attempts.
    these hacks are typically attacks relating to dating sites, which are fake.
    btw, if you're on this forum for some fuckin reason, stop sending me hacker links, thank you.
    but anyways...
    the alias was originally meant to sign up for a forum of some sort (not the cloudron forum).
    now most of you guys may just ignore the email...but I like to click links.
    now I noticed something going on.
    first, they send me to a direction link, which is similar to bitly, except it's a different URL.
    then, they'll send me to the real deal, which is a dating site that is fake.
    now fortunately, security companies that I work with offen catch these before I can even report them.
    now 1 domain is off the list, because I have fucked that domain over.
    and by that, I mean I have managed to get the domain suspended or placed on a clientthold.
    so the domain they tryed to send me was
    hxxps://women-finder.top
    now unfortunately for the hacker here, their domain got reported by the badi adi.
    this is why you don't fuck with me like this, trying to hack my account, you'll get fucked over yourself.
    now I reported this to a few resepectible security companies.
    but out of all the companies that didn't even give me a reply, they are Microsoft smart screen, and Google safebrowsing!!!!!!
    now to give you the picture of what I think they are, I think they're like sleeping giants.
    they ask for your input, but don't pay attention.
    and it makes me super mad that they don't take action despite the data I give them!!!!!
    o, and namesilo, I hate the.
    absolutely,
    hate them!
    now I will give them credit this time, because they took me seriously this time and put the domain on at least a hold.
    now if you have a security appliance, or use something like Kaspersky or bitdefender, you may be protected because the domain was set on a blacklist for those antivirus companies.
    now the hacker, as i've noticed, is a stupid idiots, because guess what?
    I managed to find his IP address, which he was using to host the site.
    the IP is located in Switzerland.
    now if you see a domain hosted by this IP, you'll know if it's malicious.
    note this is not his exact home IP I don't think (who would be that stupid) but this is an IP that hosts this domain.
    185.155.184.184.
    when I tryed contacting the IP provider, as5398, letting them know this was happening, they have not responded at all!
    it would help if 1 of you could point me to maybe a good IP abuse database that I could use to get this reported.
    something that could actually do some good, because I want this guys hosting abilities (for now) taken down.
    now I want to give you some security tips.
    don't just click weird links and give your information.
    you should look up links on virustotal and or use hybrid analysis to check websites.
    or if you're like me, you'll detect sites yourself.
    now if you check the who's information for the site above, you'll see that the site has been placed on a clientthold, which basically gets rid of or deactivates the DNS records, essentially not allowing the site to run.
    now I wonna talk about Google safe browsing for a moment, because they're stupid!
    the funny thing is, they'll mark any new site that comes up, including , yes, my website. at the time, when I had my early days of my website blindsoft.net, Google flagged my website marking as "a fishing website" and telling anyone who were to visit I'm basically this bad guy who wants to steel your passwords.
    however, when ever it comes to an actual malicious site, they won't do shit.
    that's why I hate googles safe browsing.
    hate it!
    and i'm not joking when I say I hate it.
    they wonna take down any talented dev just trying to make a living and or a bit of fame for themselves, but when they come across a malicious site, up, that's not a problem, we cant do anything.
    disappointed in you Google.
    just:
    disappointed
    and I'm sorry if i'm using a lot of profanity, but it makes me mad when companies don't take the time to protect their users.
    just imagine, if that's the case, how bad Google advanced protection program users get it? my own account would have never been able to use my own website.
    thank you for reading my rant.

    remember, don't overlook security. be safe online

    1 Reply Last reply
    0
    • A Offline
      A Offline
      adisonverlice2
      wrote on last edited by adisonverlice2
      #2

      so I forgot to mention.
      fortinet did not initially get this (usually they dood) however, thankfully, their fortiguard web filtering service caught this as soon as I reported it. fortiguard is very respectable in my opinion, they catch pretty much anything I send them.
      I can respect fortiguard as it is a security service and as part of fortinet.
      now do I endorce them?
      no!
      but I do respect them and their fortiguard service for taking me seriously and pretty much responding to all of my reports.
      I can also respect adguard, which I have used time and time again, because they do also take things seriously.
      most of the security companies I try to work with (except for the 2 I mentioned) I can respect.
      I could actually tell part of what he (the hacker) was using, openssl, due to a known configuration error of the certificate when you go to the IP address that is very obvious when the, invalid cert, warning comes up.
      nevertheless, i'm glad I am catching this guy, and may be on the way to taking this guy down.

      remember, don't overlook security. be safe online

      1 Reply Last reply
      0
      • A Offline
        A Offline
        adisonverlice2
        wrote on last edited by
        #3

        so the IP I found out was hosting several dating sites/domains, which i'm sure are all fishing domains by every count. he's pulling them out like pulling out 100 cups of water, and he has hundreds of these sites lieiing around on the same IP

        remember, don't overlook security. be safe online

        1 Reply Last reply
        0
        • A Offline
          A Offline
          adisonverlice2
          wrote on last edited by
          #4

          now I noticed that fortinet, at very least, has went on to block this IP address and has categorized it as a malicious website, if you go here and check out that on the IP by searching 185.155.184.184 on the search URL bar

          remember, don't overlook security. be safe online

          1 Reply Last reply
          0
          • A Offline
            A Offline
            adisonverlice2
            wrote on last edited by
            #5

            I also scanned the IP for more stuff. I found he had ports opened on his server.
            22/SSH, 80/HTTP, 443/HTTP, 4041/HTTP, 8301/UNKNOWN, 9113/HTTP, 9180/HTTP, 9999/HTTP, 11752/HTTP

            remember, don't overlook security. be safe online

            1 Reply Last reply
            0
            • A Offline
              A Offline
              adisonverlice2
              wrote on last edited by
              #6

              this guy actually sounds stupid

              remember, don't overlook security. be safe online

              1 Reply Last reply
              0
              Reply
              • Reply as topic
              Log in to reply
              • Oldest to Newest
              • Newest to Oldest
              • Most Votes


              • Login

              • Don't have an account? Register

              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • Bookmarks
              • Search