Server.casino – Random Servers Across the Internet(server.casino) |
Server.casino – Random Servers Across the Internet(server.casino) |
[connection reset by peer]
I would doubly caution owning this, particularly given the wording on the site encourages messing with people’s servers…
return int2ip(Math.random()\*4294967296) ;
}says it all - better don't "mess" with what you encounter
I have a few servers exposed on IP addresses, but they are not meant for public access. You have no authorization for 'messing' with this site: what you deem playing around, might be hacking.
You may also hit a government or military IP address, known or unknown. If you mess around with them, you may receive some unfriendly visits from men in black.
You DO NOT have my authorization to block or restrict my ability to mess with other hosts. Doing so may be a violation of my terms of service, and interference in interstate commerce.
Then, I think, you need to implement "reasonable measures" to secure them. Otherwise it's like putting your stuff out by the curb.
I wonder if some ISP's heuristics will flag someone's computer as part of a botnet...
That probably increases the odds that the servers it finds are "interesting"
I see other comments mentioning logging into random IPs over ssh. Now i trust the ssh client implementation more than most software, but it's easy to slip up and enable ssh agent forwarding for instance.
[21/Jun/2021:19:07:19 +0000] "GET / HTTP/1.1" 301 169 "-" "Expanse, a Palo Alto Networks company, searches across
the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"
I remember thinking that ads in server logs was a new one to me.I still get so. many. random people entering passwords and trying to break in. They don't look like a wordlist or automated bots, they're literally people guessing.
Just because you see a username and password screen after you nmap this public IP, doesn't give you the right to start trying to hack it.
You ought not try random usernames/passwords on someone's public server, I agree. But if you expose a public server that lets someone type a username/password, you had best be ready for someone to guess values.