Technology
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
Funny how the author immediately decided to shut everything down when he realized the number of peer/torrents still sending requests to the domain.
Orphaned domains like this are interesting, there was a defcon talk, I think, where the presenter bought a bunch of blacklisted orphaned domains just to see if anything would try and connect to them. They got hit with so many botnet clients trying to phone home.
Please post a link if you're able, that sounds like a very interesting watch.
Yeah those orphaned domains are a goldmine for security researchers, there was a similar talk at blackhat where they showed how expired domains from major companies still recieved auth tokens and sensitive data for months after expiry.
Orphaned IPs as well. If you have an IPv4 from your cloud provider and you want to retire it, you should thoroughly scrub your DNS and all other configs before doing so. Otherwise it's trivial for someone else to spin up a machine on that IP address and abuse your domain.
That's terrifying.
Why?
From a security standpoint, it means tons of people are requesting unencrypted info from random domains that are possibly no longer controlled by the original owners.
This is just random speculation on possibilities, but somebody could maybe figure out the IP of a suspected pirate for example, setup a dummy tracker, wait for that IP to show up, and then compare any requested hashes against a database of known torrents. How legal and useful in court this could be would depend on the country, but it is a weak point.
At the other end of the spectrum, somebody might find some kind of security vulnerability in a popular client's tracker interface, and exploit that for malware purposes by setting up a fake tracker, but that's a bit more of a stretch.
I'd recommend always assuming the worst when connecting to torrent trackers. I'm not sure that most of us feel that the trackers we are connecting to are highly trusted providers.
Because necromancy is a forbidden art
well pls resurrect the struck by lightning torrent because its taking forever to download :(
If you have access to real debrid, sometimes they have insanely old torrents in cache. I've resurrected quite a few decades old bangers from the pirate bay that way.
And if there is. Please seed that.
I usually do, but in general they're dead for lack of demand
That's the kind of thing that would be cool to do actually, but I'm not server savy enough to make a server that won't die easily under attacks