Silk Road forums
Discussion => Silk Road discussion => Topic started by: kdot1991 on March 26, 2013, 03:19 pm
-
http://www.reddit.com/r/SilkRoad/comments/1b1lvy/warning_the_silk_road_revealed_its_public_ip_last/
Don't bitch to me about reddit, I only go to the site to browse, never post. Just thought this should be brought to someones attention..
Edit: I suppose I could copy and paste what is on the site.
"I am a professional penetration tester by trade, and while I do not use SR, I do occasionally conduct informal tests of the security of various Tor Hidden Services.
I debated for hours whether to post this, but I need to alert the community in case no actions are taken:
Last night, while SR was down for maintenance, a brief few moments allowed a certain set of circumstances that caused me to be able to view the public IP of the httpd server of Silk Road. This isn't an obvious flaw, but it is extremely simple if you know where to look - the server basically will publish a page containing all of the configuration data of the httpd server including the public IP address.
For the sake of the site's security, that's all the information I'm going to reveal.
I have messaged Dread Pirate Roberts and am currently waiting a response. I do have a SHA512 hash of the public IP which I have retained as evidence if DPR needs proof.
I will keep this updated with any news received."
-
If he messaged DPR why is he making this public, especially on Reddit.
-
i'll bet he gets alot of offers to buy it from him LOL
???
-
I don't understand why someone would go on reddit and post that.
I mean, sure, its possible that he does have the public IP, but posting that you have that knowledge isn't a good idea.
-
I don't understand why someone would go on reddit and post that.
I mean, sure, its possible that he does have the public IP, but posting that you have that knowledge isn't a good idea.
It is only if you are trying to profit
-
Wow, that's interesting, I'm really curious how it'll develop.
-
I don't think this guy knows what he just opened himself up to...People are gonna hound him to try and get that ip.
-
If he messaged DPR why is he making this public, especially on Reddit.
He was waiting for an offer from DPR but since he did not reply anything he posted it hoping that someone else would offer him money for the info and maybe this way he could sell it to multiple sources....
-
Fail
-
I believe this is false.
Im no expert in the field of computers but how could a public IP have been revealed if all is done over the tor network? DPR specifically said himself that the update was taking longer than expected because he was uploading to the tor network.
Ah whatever. I'm not worried. I trust that DPR has taken the correct precautions.
Also I don't believe this guy because what is he trying to prove? Simply that he has this data? Why the hell you (this reddit user) gonna post it on reddit then?
He appears as if he wants to help the community, yet is willing to post information about such a vulnerability on a very public site! In my opinion it's a troll. If he really wanted to help out he would of contacted DPR and NOT have posted anything.
Just doesn't add up...but you never know!
-
What a prick how on earth are you gonna get the proper IP off of a server that changes IP addresses at a rate of 100, 000 times per second what an idiot man plus he said oh it all happened when SR went off air for maintenance now this is totally and utterly BS of the highest order what an idiot man honestly I mean come on man due to the IP's being changed so much this is why it's IMPOSSIBLE to get a real IP from any server ok OP your a royal fluke and on top of that a complete idiot good luck with your lies
-
I believe this is false.
Im no expert in the field of computers but how could a public IP have been revealed if all is done over the tor network? DPR specifically said himself that the update was taking longer than expected because he was uploading to the tor network.
It's not impossible AFAIK. SR is running on technologies that regular (clearnet) websites are also running. Particularly, it needs web server (apache, nginx or something less known) so it can host/provide data to people. And in configuration of these servers you can find detailed information about the website. Yep, it's behind the TOR, but you it's not "another internet", so most of the rules apply.
I just hope it was planned action and/or it was a honeypot (if so, it'd be really smart move). Now we can only wait and watch the show.
-
What a prick how on earth are you gonna get the proper IP off of a server that changes IP addresses at a rate of 100, 000 times per second what an idiot man plus he said oh it all happened when SR went off air for maintenance now this is totally and utterly BS of the highest order what an idiot man honestly I mean come on man due to the IP's being changed so much this is why it's IMPOSSIBLE to get a real IP from any server ok OP your a royal fluke and on top of that a complete idiot good luck with your lies
Good critical thinking, phoboss. Thanks for the heads up really thank you. Your insight is invaluable.
P.S. Thanks for the heads up
-
LOL
-
LOL
Indeed.
-
This guy will be lucky if people don't dig for his own personal info and harass him.
-
How much you wanna bet it's 127.0.0.1?
-
LOL
:)
-
How much you wanna bet it's 127.0.0.1?
bahahahaha! :D
-
How much you wanna bet it's 127.0.0.1?
hahaha +1
-
Bullshit. Total bullshit. Let's see... DPR's Smarts vs this sad little fuck on Reddit's Smarts? Enough said.
-
If anyone of you are wondering why SR is so slow, chances are its because DPR has setup a physical gateway. This is what the internet crime syndicates do: They setup a server that acts as a proxy, and if that server gets raided then any tampering of it causes it to self erase and shut down and the real server hiding behind it is protected. It only makes sense, no one in their right mind would rely solely on hidden services to protect them, it is only the first line of defense.
-
Just read the guys post and subsequent posts on reddit. Yeah, this is BS. He's trying to get attention and/or some low level attempt @ blackmail. Some technical savvy guy stated how unless he found some new bug in Tor, that'd be impossible and posed him a question, which he ignored.
What an annoying stunt though.
-
This guy will be lucky if people don't dig for his own personal info and harass him.
harass him?
if his personal info get out hes a dead man..... This is hardcore shit right here, Not some game.... if i was DPR i would fuckin set the dogs on him for trying.... An example should be made!
-
DPR might just use the services of the "SR Cartel" that was formed last week to whack the guy. Or pop on over to BMR and purchase one of the well-reviewed, friendly neighborhood hitman. Hehe..
-
professional penetration tester is a brilliant job title. hookers/pimps should be called professional penetration assistants, people might take them more seriously then.
-
SRSuperfly is right. I work in IT and proxy servers and proxy appliances (configured routers) are used all the time to protect the true IP or network behind it. It would be foolish to rely on on hidden services alone and I doubt he would have anything less than a few proxies bouncing around on hosting providers paid with fake names and such. It's cheap and easy to do. Less than $10,000. So I imagine he's got it covered . Yu can even steal IPs and network bandwidth from companies.
I doubt he's got any IP registered to a real name or address. Lol.
-
exactly sounds like total b.s and if so im sure it was a b.s proxy ip! i wonder if dpr gets crazy messages all day from people like this!
@ron thats hysterical!! some b.s title like mystery shopper or
or product trial tester!!professional penetration tester is a brilliant job title. hookers/pimps should be called professional penetration assistants, people might take them more seriously then.
-
It wouldn't suprise me if the real servers were safely on a pirate ship anchored out at sea of the coast of UK in international waters.
They use a satellite Internet feed and that is what causes the slow latency on the website from the satellite feed. It's a pirated Internet feed of course. What else?
Hehe the dish is strapped to the Ship mast and they travel around the world bringing drugs to good girls and boys everywhere! Fuck Santa, I want DPR!
DPR counts his booty of bitcoins as he sails the freedom of the high seas. Arrrr she be a good coin today matey !
-
It wouldn't suprise me if the real servers were safely on a pirate ship anchored out at sea of the coast of UK in international waters.
They use a satellite Internet feed and that is what causes the slow latency on the website from the satellite feed. It's a pirated Internet feed of course. What else?
Hehe the dish is strapped to the Ship mast and they travel around the world bringing drugs to good girls and boys everywhere! Fuck Santa, I want DPR!
DPR counts his booty of bitcoins as he sails the freedom of the high seas. Arrrr she be a good coin today matey !
^^^^
EPIC!!!!
:)
-
"I am a professional penetration tester" - Pornstar.
-
alrighty then :)
-
It wouldn't suprise me if the real servers were safely on a pirate ship anchored out at sea of the coast of UK in international waters.
So you're saying it's hosted on Sealand
https://en.wikipedia.org/wiki/Principality_of_Sealand
which actually did offer "offshore" internet hosting in international waters, but at the time the bandwidth was too low and unreliable.
-
OMG!!
LOL
okie dokie LOL
wow i really do need to make a better effort to gain more recent knowledge :)
:) :) :) :) :)
-
It wouldn't suprise me if the real servers were safely on a pirate ship anchored out at sea of the coast of UK in international waters.
They use a satellite Internet feed and that is what causes the slow latency on the website from the satellite feed. It's a pirated Internet feed of course. What else?
Hehe the dish is strapped to the Ship mast and they travel around the world bringing drugs to good girls and boys everywhere! Fuck Santa, I want DPR!
DPR counts his booty of bitcoins as he sails the freedom of the high seas. Arrrr she be a good coin today matey !
I really want this to be true, would be apt. 8) 8) 8)
-
It wouldn't suprise me if the real servers were safely on a pirate ship anchored out at sea of the coast of UK in international waters.
They use a satellite Internet feed and that is what causes the slow latency on the website from the satellite feed. It's a pirated Internet feed of course. What else?
Hehe the dish is strapped to the Ship mast and they travel around the world bringing drugs to good girls and boys everywhere! Fuck Santa, I want DPR!
DPR counts his booty of bitcoins as he sails the freedom of the high seas. Arrrr she be a good coin today matey !
I really want this to be true, would be apt. 8) 8) 8)
thats an awesome thought!!! would explain the whole pirate thing too!
-
I believe this is false.
Im no expert in the field of computers but how could a public IP have been revealed if all is done over the tor network? DPR specifically said himself that the update was taking longer than expected because he was uploading to the tor network.
Ah whatever. I'm not worried. I trust that DPR has taken the correct precautions.
Also I don't believe this guy because what is he trying to prove? Simply that he has this data? Why the hell you (this reddit user) gonna post it on reddit then?
He appears as if he wants to help the community, yet is willing to post information about such a vulnerability on a very public site! In my opinion it's a troll. If he really wanted to help out he would of contacted DPR and NOT have posted anything.
Just doesn't add up...but you never know!
It is totally possible to get a hidden services IP address by hacking into it, or by it leaking its real IP address if it is misconfigured. One Tor hidden service had a forum with registration that sent confirmation E-mails directly without using Tor, as an example of a misconfiguration leading to deanonymization. Several CP hidden services were hacked into by the Dutch police, leading to several people being arrested actually (apparently they were hosting the servers out of their houses !!). The servers they hacked into but couldn't deanonymize were using virtual machine based isolation, and they resorted to just zeroing them out and posting warnings, as they couldn't break the isolation.
I would really hope that a site like SR is running its web server in a virtual machine that isn't aware of its external IP address, anything less than that would be somewhat foolish really given the high priority of SR. Even in such circumstances it is possible to deanonymize the hidden service by hacking out of the virtual machine, but it becomes substantially more difficult. Using a virtual machine to isolate the web server not only virtually ensures against misconfigured servers leaking the IP address, but also makes it substantially more difficult for hackers to find its real IP address, and for this reason it is very strongly suggested to run hidden services in this way. The server may also leak its real IP address via a php info page, that is the first thought that comes to mind after reading this guys post, but a quick check doesn't reveal such a page at its default location anyway. If it is true, my first guess would be that SR temporarily had a phpinfo page up and it displayed its real IP address.
Also to the people saying SR server changes its IP address at the rate of a bazillion or whatever the fuck times per second, you clearly don't understand how Tor works. Yes, hidden services will appear to have a different IP address to (mostly) each person that accesses them, sort of, if you count their final node as their IP address. But they still have a real IP address as well, and it is actually possible to trace hidden services through Tor with a bit of work (having law enforcement credentials makes the last step much more feasible though).
edit: Actually, given that he said he got its IP address when it went down for maintenance, there are two other scenarios I can imagine. If SR runs as a Tor relay it would be vulnerable to downtime-uptime correlation of the Tor relay and the hidden service, which could deanonymize it (or at least give someone a good guess of its real IP address, which could then be further confirmed with various known remote attacks on Tor). Also it is possible that they hosted with a company that had known down time correlating with the down time of this specific website, in which case the attacker could at least significantly narrow in on where it is being hosted, although they would need to take additional measures in order to get a specific IP address.
Anonymity and security are hard, complex, complicated and highly specialized fields , and to think that just running as a hidden service magically makes you completely invulnerable is extraordinarily naive.
-
Honestly regardless of the truthfulness of this particular story, I am a bit disgusted that peoples first reactions are "LIES" instead of "Possible compromise". Especially given that so far everybody commenting on why it is impossible obviously doesn't know what the fuck they are talking about. Professional Penetration Tester is a real job title for white hat hackers, people who would be the ones trying to deanonymize SR by hacking into it (aka: penetrating it) rather than via tracing through Tor (those people would be called Professional Traffic Analysts). Making fun of what he called himself just shows your own stupidity and lack of understanding of the technical community.
I sure hope nobody has compromised SR, but that attitude that it is impenetrable is completely wrong (VERY LITTLE software has been mathematically proven as secure from hackers, and even the software that has been proven to be is only proven to be when a large set of unproven assumptions have been met. Even life critical software is usually not mathematically proven as secure, although it is often crafted with stringent coding standards and intense auditing). Additionally there wouldn't need to be a new exploit for Tor found, strictly speaking an attacker could hack the instance of Tor on SR to obtain its real IP address, or they could hack any of the other available routes to its real IP address, Apache comes to mind. Or it could be from a misconfiguration of something and not require any hacking at all. And there wouldn't even really need to be a new attack on Tor found, there are somewhat practical traffic analysis attacks against Tor that stand various chances of deanonymizing hidden services by themselves.
Anyway that is all I have to say on the matter, I just hate to see people having a default sense of invincibility, it is something that often precedes one being shown that they are incorrect.
-
Shit. I hope this guy doesn't look into the IP. If he does President Obama is going to be in a shit storm for exposing the largest honey pot scam ever to happen.
-
Why the fuck would this asshole post this in public if he was a legitimate penitration tester who "cared about the community", and not message the administration here himself. Either fake or actually a dumbass
-
Actually kmfkewm is completely right. Even with the best team of Security experts, no setup is perfect. Furthermore, the scenario described by this guy seems possible.
Maintenance is a critical time for SR. I'm not an IT expert either but this text is definitely written by someone who has quite good knowledge of security procedures. The simple fact that he hashed right away (and with a solid algorithm) the alleged public IP address seems to me like the signature of someone who knows what he is saying. And also the signature of someone acting cautious.
I would take that message seriously if I were SR. The only thing that makes me think it's bullshit is the fact it's posted on reddit. This on the other hand, makes no sense at all.
So please remember, as excellent as DPR can be, securing and keeping anonymous an HTTP server is VERY VERY VERY hard. Even more when you know tons of people are trying to put you down.
IT is not magic, it's hundreds of lines of code. A single crappy line of code in a project used by SR can end up with very compromising information out in public.
I'm not saying we should panick or anything. Just know the threat may be real and at least is theoretically possible.
-
Well Said.
:)
-
OP was trolling that subreddit before. Looks like the people calling him out for it were right.
http://www.reddit.com/r/SilkRoad/comments/1b416m/update_on_the_public_ip_leak_an_object_lesson/
Congratulations for being gullible. My post managed to stay at the top of this subreddit for 24 hours, and it was complete horseshit.
I hope you've learned your lesson to not believe everything you read on the Internet.
I nearly didn't come back to post this, but I actually like the Bitcoin / Silk Road community and don't want to create any significant lack of trust where it's not warranted.
Flame away, I'll never use this account again.
===========
Keep in mind folks, that you should evacuate a building for every bomb threat, even though 90% of them are fake.
You can afford to waste time worrying about many false positives, but in this game (hidden services, network security, illegal shit), you can't afford one false negative.
-
OP was trolling that subreddit before. Looks like the people calling him out for it were right.
http://www.reddit.com/r/SilkRoad/comments/1b416m/update_on_the_public_ip_leak_an_object_lesson/
Congratulations for being gullible. My post managed to stay at the top of this subreddit for 24 hours, and it was complete horseshit.
I hope you've learned your lesson to not believe everything you read on the Internet.
I nearly didn't come back to post this, but I actually like the Bitcoin / Silk Road community and don't want to create any significant lack of trust where it's not warranted.
Flame away, I'll never use this account again.
===========
Keep in mind folks, that you should evacuate a building for every bomb threat, even though 90% of them are fake.
You can afford to waste time worrying about many false positives, but in this game (hidden services, network security, illegal shit), you can't afford one false negative.
Looks like you were the real penetration tester, piercing through all the tinfoil
-
In support of kmf's position regarding peoples dismissive attitudes........They called the Titanic "unsinkable"
and let's not forget the design flaw in the Death Star that allowed it to be destroyed with a single shot fired in an air vent.
-
I dont think anyone knows the public IP of SR servers and even if I was in charge of running such a site, I would make sure that even if the IP were to be revealed it would not be a HUGE issue. I mean obviously it would reveal where the Server is, but the site should be running on a VPS and if the IP was to be revealed, you could quickly destroy the VM and deploy it on a different host in a different country with a different IP.
Shit like this is said all the time on these forums, its all scare mongering and conspiracy theories.
Im sick of seeing threads like this.
-Life
-
As others have said, anyone who thinks that by just using Tor and encrypting their address with GPG when sending it to a vendor will ensure their own safety is kidding themselves. Despite what you may think of LE and what they stand for in society, to under estimate their capabilities and desire to take down sites like SR is sheer madness and very narrow minded. Fear of the unknown is something to be taken seriously in a situation such as this. Combine that with the unpredictability of LE and the secrecy surrounding what they are planning or have planned leaves us little choice but to always expect the unexpected and prepare for the worst. That doesn't mean being overly paranoid about things, but ensuring you have all your bases covered and have done all in your power to protect your anonymity from being compromised. There are many things beyond our control but there are things which we can do to minimize any risk of being caught should SR be taken down. You just never know what may be around the corner and as such, always err on the side of caution in your SR activities and have some respect for LE and the potential it has to cause havoc when an objective is set.
PS - wretched, love the analogy to the one shot that destroyed the Imperial Death Star. You're spot on. ;) +1
-
Telnet to another machine.... while war driving....set up tor on said machine...telnet to another machine where you use BNC ....
use tor and all good LOL
oh fer poots sake!! LOL
Just kiddin :)
-
It is true though that a compromise of the server should not be too devastating. The worst that should come from the server being compromised:
A. Customers who don't encrypt their addresses with GPG are fucked (they should have learned to use GPG themselves)
B. Customers and vendors who use fed controlled entry guards are fucked (Tor is not magic, but apparently the feds cannot trace through it with traffic analysis to locate hidden services, so I guess I wouldn't worry a whole lot about this)
C. The escrow may be stolen and or seized
D. The site may be temporarily taken down, the .onion addresses may be compromised (but DPR has a private GPG key and can authenticate any new addresses as being legitimate)
so it wouldn't be a good thing for sure, but it would not be game over man by any means, unless DPR is hosting the site out of his bedroom and all of the vendors happen to be using fed controlled entry guards and none of the customers are using GPG and there is no isolation of the web server at all.
-
The site may be temporarily taken down, the .onion addresses may be compromised (but DPR has a private GPG key and can authenticate any new addresses as being legitimate)
In case some people may not be aware, DPR posted a signed message ages ago detailing some alternative .onion addresses to be used should the current Silk Road onion URL be compromised and he was unable to communicate with us through the Forum.
Below is what he actually posted -
If for some reason the official Silk Road onion URL were to be compromised and I was unable to communicate with you through the forum, one of the following 3 URLs will be used to relaunch the site and/or communicate through:
silkroadiplkjo7t.onion
bpbpoqbqdodbqbqb.onion
pddqoboqqqqqbqdq.onion
-
I dont like to speculate, maybe only to fantasize.
Apparntley the worlds biggest "Cyber War" between Spamhaus and Cyberbunker got me thinking. Cyberbunker will host anything apart from child porn, they are located in a cold war bunker located in forests in netherlands, sure would make sense. :D
-
I stand by what I said before; I highly doubt anyone but DPR (maybe not even DPR directly) knows the public IP of the SR Server(s) and also I would be very surprised if the system is not running on virtual hardware or is at least easily moveable just incase the location ever did get out, this would enable the admins to move all the content to the other side of the world in minutes.
Another thing people forget is that if the site is really as secure as possible, then chances are all IP traffic goes through a VPN somewhere anyway, thus the "public IP of SR" would infact be the IP of the VPN provider.
But I am no expert so I could be wrong.. just highly unlikely in my book.
-
If for some reason the official Silk Road onion URL were to be compromised and I was unable to communicate with you through the forum, one of the following 3 URLs will be used to relaunch the site and/or communicate through:
silkroadiplkjo7t.onion
bpbpoqbqdodbqbqb.onion
pddqoboqqqqqbqdq.onion
Thank you for this, I had these at one point but seem to have misplaced them.