Hacker News new | ask | show | jobs
by jcynix 715 days ago
> The only list where you might find it is in the newly registered domains.

No registration anywhere needed, they'll find you, because you have an IP address. I've set up enough machines without any registration and some hours after they got connected, the usual suspects showed up.

And regarding bots: even if machines don't have e.g. PHP installed, they'll see oodles of attempts to access links ending in *.php. That's the place where I liked to offer randomly encrypted linux kernels for them to digest ;-)
1 comments
tamimio 715 days ago
That’s actually a smart thing to do! I did notice the extension too, I even did notice the typical wordpress paths. I do understand for a known site, but one that was registered hours ago? Unbelievable.
link
jcynix 715 days ago
Back of the envelope calculation: there are 2^32 possible IPv4 addresses, you can easily ping about 1K addresses in parallel[1] on a standard linux machine and there are 86,400 seconds in a day. So after about 50 days you tried all possible IPv4 addresses. Now set up a farm with more than 50 machines ... e.g. as a state owned actor (or a "private" bot farm) and you'll learn about newly connected machines within hours.

[1] Did actually use 1K threads to do parallel TCP connections more than 20 years ago already, so 1K is an easily reachable lower limit nowadays. You'll need an ISP which allows that to be done ... or a distributed bot farm.

Edit: spelling

link