π Must be the whole world eh? Figured. Shhhh. Your stupid is showing ;)
Show me proof sweetheart.
You think you "won" but you're in for a treat π
Sucks to be dumb doesn't it. You'll learn soon.
Lol what tweet?
π
CONGRATULATIONS! YOU ARE THE 10,000TH VISITOR!
This is a good meme. If only it was drawn like a cartoon instead of the janky paste lol
Click on the link and look up one post. Start using your head. https://t.me/s/linwoodspeakstruth
HOLY SHIT BETTER GO TO DeFCoN OnE!!!!
Lol... all I can say is no shit? I addressed that in the OP. Read slower and sound it out if you have to. Not going to argue this further. We're on the same page, you're just an idiot if you claim it's not happening.
"Other than the random psycho making really stupid comments, the 'serious' posts calling for violence or what not are so obviously written from someone who's just trying to start shit."
Re your last statement - I have though. There have been people here who've posted stupid ass shit, especially late at night. I spend a lot of time reading peoples comments to understand what people are thinking.
I'll raise you - here's an example; this post doesn't directly insinuate violence, but it plays to the narrative of what we're being 'told is going to happen': https://thedonald.win/p/11S0lA9k4F/-banned-mod-here-tdwin-is-compro/
Exactly. I get what the people who are like fuck that are thinking, and I agree, enough IS enough. But at the end of the day it's not about us. The methods and protections this country has had in place for the length it's existence have failed to handle this cluster fuck we're in. If everything is going to shit, why not sit back and let the dumb asses jump on the bandwagon until the 'stupid people hive mind' realize what's going on. It's not about us, it has to get to the point where the majority (not just the us majority or the silent majority) of people have that lightbulb moment.
We've been a free country for nearly 250 years. Trust me when I say this - there will be a threshold of our rights being taken away where everyone and their dog will be like wait... fuck this. Until then, people like us on this site will just be labeled by the bandwagoners as alt right extremists or whatever they're spouting off about.
Such low IQ, couldn't even automate this scam.
Here are your choices. He, She, Small Human, and It.
Jesus fucking christ.
I hate this god damn state! The metro controls the entire state even though more people outside the metro exist and fucking hate their socialist agenda.
Look for videos of Walz traveling to places outside the metro - he treats them like they're second class citizens, thinks they all mine ore. Look fucksticks, nobody says "you betcha" or mines fucking ore anymore.
I am CONVINCED that MN has been red since osama's first term.
Full disclosure, yes ore is mined, the iron range isn't the beating heart of mn though.
Let's not and let the media say we did....
Ayyyye? Zing!
ΠΡΠΈΠ²Π΅Ρ ΡΠΎΠ²Π°ΡΠΈΡ π€
Yeah, I remember. Fuck! π‘π€¬ Nobody got in trouble either. It was like the damn walking dead for months after...
Warning: If an election lasts more than 4 hours, immediately go to a doctor.
FTFY ππ€
I should also mention this -
You could do things until you're blue in the face to prevent the host from being disclosed... but they're potentially dealing with two types trying to discover information. At the end of the day, if it's government the data could be subpoenaed from the registrar, ISPs, services they'd subscribed to like cloudflare, mail, Etc.
I'm not saying it's impossible, but back to my point about being 'good enough' there's a reason for it... There's a reason why people who actually have illegal services aren't just hanging out on the public internet (I mean some are lol, but you get my drift I think...) TD is not illegal... The point being is that you can only do so much, and it's likely not enough unless you start doing stuff that's going to make it less accessible. Plus, who want's to be associated with places that are actually up to shady shit...
They'll be fine. Worst case scenario they'll move the infra to a country that gives zero fucks. It will make people question why it's located there, and bring on it's own issues, but it's honestly the easy button here. Lots of people probably have heard of the Pirate Bay. Similar concept.
As far as the Shodan issue - it's too late without setting everything up again. What you'd want to do is only allow the webserver to accept traffic from cloudflare. The other thing would be to create a cert and apply it to the default server in nginx or apache and change the public IP address of the server.
Since it's already been discovered by shodan and likely other services they'd have to basically reset everything. Since the colo/provider is already known it'd be a bit moot at this point. I haven't looked recently, but they'd need to deal with any extra dns records also leaking data. If I recall correctly the mail server's their web application and/or mail router is/was using isn't originating from their host, but It's been awhile since I looked (since before the change this year.)
The URL prefetching thing is a bit of a I miss on the devs part I guess. Since the server makes a request to the URL, one can simply host an image on a webserver and then monitor logs and wait for the GET req to come from the host they're trying to find. There's many ways they could deal with this - from using an API to prefetch the urls, using a completely different 'unrelated' host somewhere else, Etc.
The thing with hosting services and applications is that normally there's a certain level of anonymity that is good enough. Generally, you're not trying to hide where you're hosted at all costs, simply because the nature of a hosted webapp is accessibility. The more layers of abstraction, the more difficult it becomes for the end user to utilize the service. You can throw a load balancer in the mix, but it adds another hop if that makes sense as an example. Now, in this case they're a target, so it's a bit different. You have to think about the things needed to be in place before you start deploying them because if you make one mistake it's relatively easy to uncover it.
To be fair, there's not really a huge 'market' so to speak for trying to hide where something is hosted. Sure, the concept exists, but in general it's pretty niche. You'd be in the realm of criminal type platforms at that point (or just people who understand the security as it relates to this specifically. Since I doubt this person and team are criminals or cybersec pros they likely aren't on the 'up and up' with the current ways to stay hidden. They've done a fairly good enough job though.
Physical security and configuration is not the only thing either that needs to be locked down - a simple search engine query will bring up a couple of somewhat recent posts on reddit which one could likely infer are related to TD. (Think stonetear & and the reddit inquiry) I'm sure that account was a throwaway lol, but people are creatures of habit so you never know... The takeaway here is that people have to be careful about what they say.
One thing to consider is the volume a platform like this has. This isn't a small site (traffic wise). It's not as simple as a smaller vps of which it's content can be moved around quickly and easily. They've built quite a bit of infrastructure here to handle the sheer number of people utilizing the service. Something like that would be easier to hide.
If it were me, I'd spread it around. Just like everything else you don't want to put all your eggs in one basket. One trade off I guess would be exposure. If you were really a target and more services were handling your data I suppose it's more of a risk that someone will give you up under pressure. Another trade off would be the complexity - again the scale at which the service is being provided means spreading it out across different providers / locations / ISP's / etc. would mean more complexity and can turn into integration hell rather quickly trying to make everything 'talk' to each other. The goal with an implementation like this would be to handle different parts and pieces of the infrastructure getting down'd without taking down everything.
Anyway, just some random thoughts I guess. My original post was really just a dig at the person who made the write up because came off like their shit doesn't stink because they did x to find y and look how smart I am. To put it into perspective they did the basic legwork anyone with these somewhat basic skills would do, it's like coming in 1st at an 'everybody wins contest'... π
These fucking morons pretending they're super SMRT π€
Let's just say "I'm familiar with the industry." Now what did I take away from this "write up"? They missed like 3 easy buttons before gloating about how awesome they were to think of instantiating a host via the url prefetching.
Utilizing Shodan and DNS history would've been the easiest and quickest solution. Nothing screams r/iamsmart like someone who gloats about their round about wank of solution for something so easy.
In my professional experience,I usually run circles around fools like this.
Cheers π₯
This has been a roller coaster for me. Consider this though - when do you ever share your 'plan' to anyone you're up against? Never. If there is/was/going-to be a plan very few people on this earth would ever know.
As much as it sucks ass if our country needs to we can deal with it after the fact. We've been a free country for almost 250 years... That's just one of those things you'd be in a world of hurt if you tried to take it away from people.
Let me guess... Hypocritical canadian? Worthless.