Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Speculation
Re: The Great Silk Road Crash of 20** ...?
by
Desolator
on 20/09/2012, 19:14:08 UTC
Quote from: tpantlik on September 20, 2012, 06:48:41 PM
(how can http server reveals its public IP when it's not connected to Internet?).
Seriously?  I don't even know where to start with that one, lol.  Ummm...it is connected to the internet or nothing else could reach it.  Everything on the internet has an IP address or nothing else could reach it.  The IP address is accessible about a hundred different ways once you're talking about an application with a script inside it (flash or PDF) that's running on the server locally.  You could read it out the system summary info on most linux OSes, among tons of other way

And they haven't been caught because the FBI is stupid, isn't allowed to do stuff like that anyway, probably doesn't know how TOR works, failed to go to Google and search "tor weaknesses" Tongue , and they don't have sufficient coordination to do an enter-exit attack nor would they be allowed to DDOS other people's TOR nodes and mount their own rigged ones to get to a sufficient control level for other attack methods.  That's like 1/10th of the reasons lol.

Oh and a server that receives 99.99999% SSL traffic and no normal traffic, that could happen in certain somewhat common normal circumstances but it would be at least suspicious enough that that would be the server a hosting company would look at to see if it contains things like text saying "silkroad."

plus, what if 1 single offsite image is posted as a link like as a product or something.  I've never seen a silkroad page obviously but if it's like other CMS or forum software, images could be embedded and read by the server, not the browser, especially if it's a PHP page or uses certain types of frames.  It takes some tricking and SQL-injection style HTML coding but once the block of HTML or PHP is uploaded and the server is tricked into serving it up as is, tada.  Then the server holding the image would get a direct server to server link up, revealing its IP address.  If it was a standalone, trap image for tracking purposes (something I've used many, many, many times on other people's websites), I'd check the log on my server hosting the image for what what IP address attempted to read the file.

There's like 100 ways to catch these assholes, just most are seriously illegal so nobody's done it yet.