DANGER DANGER !: This ramble.pw site main server is DOXXABLE IP location because of EXPLOITABLE FEATURE (auto fill of news links pasted during a submit)
Posted by smartypants in ramble (edited )
DANGER DANGER :
This ramble.pw site main server is DOXXABLE IP location because of EXPLOITABLE FEATURE (auto fill of news links pasted when creating a new post topic, a feature used to TAKE DOWN the million member TheDonald.win 184.108.40.206 site, as per the doxxers manifesto himself online). His boasting prior to antifa goons and fed raids on thedonald.win :
i put on catbox for anonymity, he doxxes and logs visitors to that original boast i paste here :
Gab icon fetch exploited by leftist doxxers :
he gloats a similar tactic by his leftist anti free speech pal "kubeworm" for Image Proxy (icons next to posted news links) was used to doxx the server IP f gab (220.127.116.11) when gab fetched an image to iconify.
note: he is not a good hacker, ARIN is not a guarantee of ip range assignment and only 92% accurate in all my past tests. Server was in canada though this time , via traceroute to it , not the anti-DDOS it used as a service to hide.
How canadian? Very. The Donald.win used canada to avoid US FBI raids. : from a traceroute to thedonald.win shows ARIN is accurate for him that time :
8 be103.bhs-g2-nc5.qc.ca (18.104.22.168) be103.bhs-g1-nc5.qc.ca (22.214.171.124) 9 be7.bhs-vac1-a75.qc.ca (126.96.36.199) be5.bhs-vac1-a75.qc.ca (188.8.131.52) 10 bhs-vac1-a75-1-firewall.qc.ca (184.108.40.206) 11 bhs-vac1-a75-2.qc.ca (220.127.116.11) 12 bhs-vac1-a75-3.qc.ca (18.104.22.168) 13 * * * ) 14 be5.bhs-z2g2-a75.qc.ca (22.214.171.124) be5.bhs-z2g1-a75.qc.ca (126.96.36.199) 15 po5.bhs-z2b4-a70.qc.ca (188.8.131.52) 16 184.108.40.206 (220.127.116.11)
I usually only ARIN the two IPs ABOVE the traceroute ARP-able landing point.
That Leftist kike posted a related doxxing post thread , i put on catbox here, going after violators of Furry con suit IP :
That link discusses outing machines hiding behind services such as cloudflare and other anti-ddos services like :
BitMitigate Digital ocean Imperva Incapsula Dynu Dynamic DNS ClouDNS.net Neustar SiteProtect JavaPipe ArvanCloud CloudLayar
as shown in that second link ...
EMAIL for lost password is second vector
EMAIL is that doxxing leftist's main tool for free speech sites, as per this other post of his :
Sites using EMAIL to reset passwords can be doxxed using effort, but https://thedonald.win/ DISABLED email traffic from that route for leftist hackers to learn the email server origin and owner of box. But the hacker used a POST SUBMISSION with adornment to determine the IP of the main TheDonald.win site when it fetched a post title suggestion! Then TheDonald.win was immediately taken down a day after doxxing, when democrats showed up at home of domain name holder , and attacked the canadian server colocation too as hinted at by doxxer.
I would doxx the doxxer but free speech sites should not host doxxing, because of JOE JOBS :
That joe job wiki page is too specific... a joe job is making people THINK one persona is another persona, and its not email, I invented it for usenet and used it to get into multiple national news magasines in the infacy of internet. i started it before usenet on America OnLine in fact, to hilarious result.
THAT possibility of a "joe job" is why doxxing should never be hosted on a free speech web site.
Though I now have some suspicions as to how Kosher this sites admins may be, its important when ramble.pw is moved from a 2 dollar a month VPS to a real free speech colocation spot will need to prevent doxxing then, and in mean time , ramble needs to ...
1 > STOP AUTOFILL of posted link title selections (simple one line mod fix) or else tunnel it through a SEPARATE non doxxable machine far far removed from ramble.pw as a trampoline fetch back and forth
Disable, or PUT ICON INITIAL FETCH on 4 hour random delay
2> Disable icon graphics fetch.... Or else tunnel it through a SEPARATE non doxxable machine far far removed from ramble.pw as a trampoline fetch. A URL to an icon image is legally allowed to have URL adornments like "?embed=yesq2323r45" on it and such so icon fetch is not safe even if hid in 4 hours of access chatter if the URL posted to ramble.pw was "salted".
3> Never use emails for anything ever
Even if the ramble.pw admin possibly feels safe from being accused of antisemitic feelings because of personal reasons, the HOSTED CONTENT of a free speech site merely mentioning honest facts on Jews by participants, is a target of leftists for total destruction and "unpersonning" 1984 style. Job, bank accounts, prior merit awards years ago taken, apartment rental cancelled at term end, etc etc.
STRENGTHEN THE RAMBLE CODE NOW !!!
I realize its not your fault if you are using a stable checkout of https://gitlab.com/postmill/Postmill/-/forks , but its important to avoid those three doxxing exploits
The clearnet IP of the server isn't hidden and the hosting provider is well aware of the site and supportive of free speech.
The anonymity features are to protect the users, not me.
And the email reset has never worked, I've never enabled it. I need to remove mentions of it from the code.
I'll review this in more detail when not on mobile.