What's the drama with DHL, I just saw their post about being truthful etc...
What's going on with DHL?
What's the drama with DHL, I just saw their post about being truthful etc...
[2 Points] kx_001:
[2 Points] Virtix21:
I'm here watching this all unfold, seeing the security of these markets, waiting for them to all be compromised that already happened, nevermind.
/u/t0mcheck supposedly found a, older "mirror" server connected to DHL. https://www.reddit.com/r/DarkNetMarkets/comments/6r2ppi/dhl_ipaddress_leak_is_fake/dl1yogq/
It is not up to date, but does contain member info, and it is a server connected with DHL,
I'll go tinfoil hat, and just say, perhaps that is the real DHL server, while the feds have been running the current one?
A quick portscan through nmap shows a few ports are open. (note some of the discriptions are not right, because of "mis-using" ports)
22/tcp open ssh
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
8001/tcp open vcom-tunnel
8002/tcp open teradataordbms
8010/tcp open xmpp
On port 8001, at the ip of 51.15.57.234,
the DHL login page can be seen. And accounts about a week old can log in with their credentials.
These servers share the same headers
It only takes a very short IPTables command to drop all traffic from the clearnet, and only allow localhost (pretty much the Tor daemon) to stop this, since this hasn't been done, in the hours of this being exposed for this long, seems very suspicious.
Edit: Here is a full portscan (done through tor, duh, (could be missing port blocked by the exit node))
22/tcp open ssh
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
593/tcp filtered http-rpc-epmap
4023/tcp open esnm-zoning
4024/tcp open tnp1-port
4027/tcp open bxp
4033/tcp open sanavigator
4034/tcp open ubxd
8001/tcp open vcom-tunnel
8002/tcp open teradataordbms
8010/tcp open xmpp
8013/tcp open unknown
Going to keep editing this as I go, port 8002 gives a bland looking login page with the header "STAFF".
Okay, port 8013 has an HTTP server on it, Notice: Undefined index: type in /var/www/btcwitness/from-btchost/index.php on line 13
[0 Points] None:
Some mods protecting it. Some members shillings HARD
Sourcery and DHL Market vulnerabilities exposed by /u/t0mcheck http://reddit.com/r/DarkNetMarkets/comments/6qzeww/sourcery_and_dhl_market_vulnerabilities_exposed/