Silk Road forums

hm heihachi resells for 2X4, they have ties to russian organized crime (probably RBN) and have hosted mucho very illegal shit without taking it down, including everything from botnet CNCs to carder forums to drug forums to child porn to probably everything in between. RBN is tight with the russian intelligence agencies so they can get away with anything. Of course just being on heihachi network essentially means you are doing something illegal so that is something to take into consideration.

Of course since you heard about them on an illegal forum you should assume that they are a federal honeypot and totally avoid them. Oh well at least I don't tell you to use my VPN lol.  Actually the only reason I share them is because they are already widely known / infamous bullet proof hosts. Look up heihachi they have hilarious abuse complaint logs. And also because they are selective scammers and you really shouldn't risk your money with them.

stephen:
i would like to speak to one of you
Welcome stephen! Your request has been directed to the Technical Support department. Please wait for our operator to answer your call.
Call accepted by operator Live Support | Thomas. Currently in room: Live Support | Thomas, stephen. Guten Tag, wie kann ich Ihnen helfen?
stephen:
hi there
Live Support | Thomas:
hi
stephen:
do you speak english
Live Support | Thomas:
yes
Live Support | Thomas:
and german.
stephen:
ok thanks
stephen:
english would do me, i am calling from london
stephen:
could you please tell me if this ip if yours x.x.x.x
Live Support | Thomas:
yes, its our ip.
stephen:
ok.
stephen:
is this one of you customers?
Live Support | Thomas:
whats the problem with this ip?
stephen:
ok, your customer is a hacker
stephen:
he is running an illegal botnet on your ip
stephen:
x.x.x.x (....)
stephen:
i have sent email abuse at gigalink
stephen:
but they haven't replied, i found out that this ip belongs to you.
stephen:
your customer is hositng on your ip. about 1000 hacked computers, and he is running a sophisticated ircd server on your ip which is listening on port ....
stephen:
logs:
Live Support | Thomas:
moment.
stephen:
[20:51] <[nLh-VNC]cmmakd> [RAGE SCAN:] range: 188.x.x.x/64 threads.
[20:52] <[nLh-VNC]dyywqe> RAGE SCAN: scanning in progress.
[20:52] <[nLh-VNC]opokcb> [RAGE SCAN:] range: 185.x.x.x/64 threads.
[20:52] <[nLh-VNC]rdjlgp> [RAGE SCAN:] range: 185.x.x.x/64 threads.
[20:52] * HTTP1.4 sets mode: +m
[20:52] <mIRC>
[20:55] * HTTP1.4 sets mode: -m
[20:56] <[nLh-VNC]wndgtx> RAGE SCAN: scanning in progress.
[20:56] * HTTP1.4 sets mode: +m
Live Support | Thomas:
moment.
stephen:
[20:11] * Connect retry #39 x.x.x.x (....)
-
[20:11] -HTTP1.4- *** eh...
-
[nLh-VNC]zpwcnd Nickname is already in use.
Live Support | Thomas:
he attacks you? with this botnet?
stephen:
he has
stephen:
but you shouldn't ask me this question
stephen:
if he din't attack me? do you allow botnets on your servers?
stephen:
BOTNET ARE ILLEGAL AND YOUR COMPANY MUST NOT HOST SUCH CLIENTS
stephen:
your company is involved on illegal activities
Live Support | Thomas:
and now?
stephen:
what do u mean now?
Live Support | Thomas:
we allow botnets.
stephen:
excusme ?
stephen:
you must be joking
Live Support | Thomas:
Yes, sure, we allow. Give us money and we host you and we will **** the german police
stephen:
ah
stephen:
stephen:
is ok
stephen:
have you got a name?
Live Support | Thomas:
oik
Live Support | Thomas:
name?
stephen:
your name and surname
Live Support | Thomas:
for what?
Live Support | Thomas:
stephen:
so i can sent to the police
stephen:
so you can **** them
stephen:
or i will email
Live Support | Thomas:
yes
stephen:
russian police

Live Support:
Hello
stephen:
yes
stephen:
who is that?
Live Support:
Aha
stephen:
who am i speaking 2?
Live Support:
Your mother
Live Support:
**** off
Live Support | Thomas:

stephen:
where would you like me to post this conversation?
Live Support:
Please make, this is very good ads for us
stephen:
i mos certanly will
stephen:
most*
Live Support:
THX
Live Support:
We will this customers which host botnets at us
Live Support:
YOU ARE WELCOME!
Live Support:
We never kick you ))))))
Live Support | Thomas:
:hD
Live Support:
byeeeee
Live Support | Thomas:
have a nice day

Actually be safe with these fucks they are known to selectively scam their customers. I would go directly through 2X4 but they only speak Russian afaik. Actually I would go with a random provider (and pwn their anti fraud / anti crime identity verification systems) and use a Tor hidden service, it's almost pointless to use a hidden service with these guys just cuz everyone knows 99% of what they host is illegal lol.

Get it at a data center. Even if they require payment in non anonymous ways you can use exchangers to anonymously fund them after washing the money securely. Just fill out bullshit information on their registration forms but try to make it seem legit / be legit info largely to get by any automated fraud detection. You might even need to get burner phone or pay somebody to do it, if you need a dedicated server. Dedicated servers are the hardest to get anonymously, they might even want scans of identification docs. Lots of anti fraud systems and such are in place when it comes to dedicated, but I have yet to find a hosting provider who had unpwnable anti fraud / anti crime systems in place it just is a huge pain in the ass.

VPS are generally much easier to get.

This way even if the hidden service is traced they hit a dead end. Of course always use Tor. If the hosting provider wont let you purchase with a Tor exit you might need to find an open proxy that isn't on their block list for registration. You probably will need to use an exit node that is in the country you pretend to be in, and you might even need to be able to get a text message or verification phone call to a cell phone registered in that country / produce scans of ID for that country (this is all for dedicated).

There are also some bulletproof / anonymous specialty hosts that don't make you jump through a billion hoops, and most of them are in favorable geographic areas. But expect to pay out the ass for a bullet proof anonymous hosting plan.

Quote from: SierraRS on March 05, 2012, 11:48 pm

Speed of Silk Road + reasonably good password + need to bypass captcha = time needed to brute force password is greater then time needed to make all drugs legally available to adults.

^ This

Point: Captcha is pretty durn effective when combined with a good password. If you want to be the white hat hacker who proves otherwise I think that would be awesome to see. . .

Captcha is actually pretty easy to largely by pass. People will just hire indians or chinese people to do them all day. Or they will make pop up spam that requests people fill in the captcha to see pr0n. Or they will make their botnet with a million windows users on it replace the screen lock with a screen that makes them type in five different captchas before they can get back to their desktop. Captcha are good for stopping the average spammer / whatever, but if you ask a security pro about using captcha for any critical security system they will lol at it. They would probably lol at using passwords too though, and suggest that zero knowledge authentication be used instead.

http://www.sitepoint.com/avoid-captchas/

You are going to need to ask more specific questions to get a good reply

The address isn't stored on SR encrypted its stored in plaintext on a mounted encrypted drive, which has a remote chance of being helpful, if LE decide to power down the machine after seizing it without first dumping the RAM into a forensics laptop.

is a good technique

are those mutually exclusive?