It found http://127.249.137.9 for me and it totally works! I can even ssh to it, let's try a fork bo^#@~

[connection reset by peer]

I also found that on my end, forgot I was running lighthttpd with some test website.

IANAL but I would caution accessing these, they may constitute hacking in your local region.

I would doubly caution owning this, particularly given the wording on the site encourages messing with people’s servers…

I'm waiting for someone to get our corporate VPN on a blacklist just by clicking the button and hitting a honeypot. Granted, it's what I get for hitting the button without reading the code, so, shame on me?

Like Chatrubate, but with servers? #sarcasm

I think you mean Chatroulette.

Nah, both exist.

That doesn’t mean both are apt comparisons

function randomIP() {

  return int2ip(Math.random()\*4294967296) ;  

}

says it all - better don't "mess" with what you encounter

It doesn't even exclude RFC1918 and multicast addressses. Not really efficient.

DO NOT DO THIS.

I have a few servers exposed on IP addresses, but they are not meant for public access. You have no authorization for 'messing' with this site: what you deem playing around, might be hacking.

You may also hit a government or military IP address, known or unknown. If you mess around with them, you may receive some unfriendly visits from men in black.

I specifically purchased my internet connection with the intention of browsing the available content of all other connected hosts.

You DO NOT have my authorization to block or restrict my ability to mess with other hosts. Doing so may be a violation of my terms of service, and interference in interstate commerce.

You have unprotected servers public facing on the internet? Cool. That's definitely not something you should be concerned about and addressing immediately.

> they are not meant for public access

Then, I think, you need to implement "reasonable measures" to secure them. Otherwise it's like putting your stuff out by the curb.

If its on the public internet with no security, how can someone tell if their access is unauthorised? Its not really that different from connecting to facebook.com or the various publically accessible ssh servers.

I mean, your IP is being crawled by random bots dozens of time per day, what's the difference between that website and the traffic your IP gets already?

Seriously, this is a laughable concern – if you have a "public facing server" you're already listed in Google, Shodan, being probed by dozens of IPs across the world...

I found this showing up in my logs recently.

     [21/Jun/2021:19:07:19 +0000] "GET / HTTP/1.1" 301 169 "-" "Expanse, a Palo Alto Networks company, searches across
 the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com"

I remember thinking that ads in server logs was a new one to me.

Let me explain, I am not running any services on standard ports. You'd have to do a port scan and find one of the ports running a web service. But they're HTTPs (with unsigned personal certificate keys, mind you) and are password protected.

I still get so. many. random people entering passwords and trying to break in. They don't look like a wordlist or automated bots, they're literally people guessing.

Just because you see a username and password screen after you nmap this public IP, doesn't give you the right to start trying to hack it.

You're making a normative argument; I'm making a positive one.

You ought not try random usernames/passwords on someone's public server, I agree. But if you expose a public server that lets someone type a username/password, you had best be ready for someone to guess values.

Scary - I get some strange URL that encouraged me to install some CSS plugin. How do you random those names? Are they only some random IPs? BTW. some history would be nice, as I couldn't find this server again :(

Um, not sure I want to open that link. What does it do?

Huh, press the "Find a Server" button, I can see in Developer Console it tries to connect to random IP addresses over http, returning "address invalid" or "address unreachable", I guess until it hits a valid IP with a live computer.

I wonder if some ISP's heuristics will flag someone's computer as part of a botnet...

Microsoft or AWS may also use telemetry to flag you also.

Never thought of this. I constantly scan the internet using nmap, or similar, for pentest/bug bounty and never had a problem

How are you pentesting without knowing the IPs of your in-scope targets?

If your scope is wide enough, everything is in-scope.

Some times you get a IP Range, or a domain-wide scope

Here's the source: https://github.com/caioluders/server.casino

It returns you a random server with port 80 or 443 open.

Just 80, it seems https://github.com/caioluders/server.casino/blob/354cec4c053...

That probably increases the odds that the servers it finds are "interesting"

Not really.... almost all web servers with 443 will have port 80 open to function. Current browsers all still hit 80 first.

Not before you push the button on the page though.

This is an extremely bad idea. Your chances of getting some malware are probably more likely than not, after playing around with something like this for 10+ minutes...

How? The odds of hitting a site with a browser 0-day has to be extremely low, certainly not "more likely than not". Sure you might hit sites that try to get you to download malware, but just don't download anything.

Half the struggle in exploiting someone behind NAT/FW is getting them to engage with your infrastructure. Your attack surface is massively increased once you visit a website with your browser for instance.

I see other comments mentioning logging into random IPs over ssh. Now i trust the ssh client implementation more than most software, but it's easy to slip up and enable ssh agent forwarding for instance.