Funny how the author immediately decided to shut everything down when he realized the number of peer/torrents still sending requests to the domain.
Orphaned domains like this are interesting, there was a defcon talk, I think, where the presenter bought a bunch of blacklisted orphaned domains just to see if anything would try and connect to them. They got hit with so many botnet clients trying to phone home.
Orphaned IPs as well. If you have an IPv4 from your cloud provider and you want to retire it, you should thoroughly scrub your DNS and all other configs before doing so. Otherwise it's trivial for someone else to spin up a machine on that IP address and abuse your domain.
Basically, when you stop paying for hosting, also remove records from your domain, or itll link to the new person with your old hosting ips website and show that on your domain. I always forget when I swap hosting on my personal sites and haven't updated the records, see some random dropshipping or local (not to me) business website on my domain lol
Yeah those orphaned domains are a goldmine for security researchers, there was a similar talk at blackhat where they showed how expired domains from major companies still recieved auth tokens and sensitive data for months after expiry.
Please post a link if you're able, that sounds like a very interesting watch.
That's terrifying.
Why?
Because necromancy is a forbidden art
From a security standpoint, it means tons of people are requesting unencrypted info from random domains that are possibly no longer controlled by the original owners.
This is just random speculation on possibilities, but somebody could maybe figure out the IP of a suspected pirate for example, setup a dummy tracker, wait for that IP to show up, and then compare any requested hashes against a database of known torrents. How legal and useful in court this could be would depend on the country, but it is a weak point.
At the other end of the spectrum, somebody might find some kind of security vulnerability in a popular client's tracker interface, and exploit that for malware purposes by setting up a fake tracker, but that's a bit more of a stretch.
I mean they could also just download a million torrents and record the ips of anyone who connects to them to leech, which is what they already do. This is why you use a VPN while torrenting, because you never know who you're connecting to.
I'd recommend always assuming the worst when connecting to torrent trackers. I'm not sure that most of us feel that the trackers we are connecting to are highly trusted providers.
I'm a developer but have utterly no experience with torrent architecture, or for that matter anything outside of standard web services and the kinds of things companies do. But I've been wondering if BitTorrent technology would be usable for federating content for things such as Lemmy. After reading that somebody was begging for money to offset the $5k/month they were spending to run an instance (I mean, that shows true dedicaton but holy crap dude), it seems like a distributed architecture would make a lot more sense than somebody having to foot the bill for a big-ass server. I just personally wouldn't know where to begin on a project like that, but maybe if somebody with the right combo of skills and experience gave it some thought...
2 years ago I talked about the core problem with federated services was the abismal scale ability.
I essentially got ridiculed.
And here we are, with incredibly predictable scaling problems.
If we refuse to acknowledge problems till they become critical, we will never grow past a blip on the corner of the internet. Protocol development is HARD and expensive.
Yeah, volunteer moderation is also an issue, any decent ppl doing it get burnt out if they get an influx of ppl and quit also like lemm.ee
well pls resurrect the struck by lightning torrent because its taking forever to download :(
If you have access to real debrid, sometimes they have insanely old torrents in cache. I've resurrected quite a few decades old bangers from the pirate bay that way.
And if there is. Please seed that.
I usually do, but in general they're dead for lack of demand
That's the kind of thing that would be cool to do actually, but I'm not server savy enough to make a server that won't die easily under attacks
This is a most excellent place for technology news and articles.
