As someone who has launched something free on HN before, the resulting signups were around 1/3rd valid users doing cool things and checking things out, and 2/3rds nefarious users.

a bit better benevolent:malicious ratio than the real world

2/3rds of people in the world are malicious?

2/3 of resources will typically be spent by malicious/nefarious/abusive users.

[edit] for clarity

My service (which doesn't have public access, only via SSH as a client) was used by a ransomware gang, which involved the service in investigation from Dutch CERT and Dubai police.

It's still live though.

I run playit.gg. Abuse is a big problem on our free tier. I’d get https://github.com/projectdiscovery/nuclei setup to scan your online endpoints and autoban detections of c2 servers.

Thanks for sharing this. I run packetriot.com, another tunneling service and I ended up writing my own scanner for endpoints using keyword lists I gathered from various infosec resources.

I had done some account filtering for origins coming out of Tor, VPN networks, data centers, etc. but I recently dropped those and added an portal page for free accounts, similar to what ngrok does.

It was very effective at preventing abuse. I also added mechanism for reporting abuse on the safety page that's presented.

Have you found a way to detect xworm c2c servers?

Our services were used for C2 as well. I investigated it a bit but eventually decided to just drop TCP forwarding from our free-tier and that reduced our abuse/malware reports for C2 over TCP to zero essentially.

One path I looked at was to use the VirusTotal API to help identify C2's that other security organizations were identifying and leverage that to automatically take down malicious TCP endpoints. I wrote some POCs but did not deploy them. It's something I plan on taking up again at some point next year.

Want to chat on discord? Maybe we could combine efforts to try and stop people abusing our services :). We have a few vendors sending us automated reports, maybe I could open it up for multiple projects.

feel free to give me a ping on https://discord.gg/AXAbujx @patrick.

Do you have funding to cover the paying the bandwidth costs which will ultimately result from this? Or if you're running this from a home network, does anyone know if OP should be concerned of running into issues with their ISP?

I can cover hundreds of PB of bandwidth per month if needed without paying a fortune.

Can you share more details? I know Hetzner offers unlimited bandwidth in some cases but I thought it limited only to servers with the 1Gbs uplink

Work closet /s

The tunnel host appears to be a Hetzner server, they are pretty generous with bandwidth but the interesting thing I learned about doing some scalability improvements at a similar company [0] is that for these proxy systems, each direction’s traffic is egress bandwidth. Good luck OP, the tool looks cool. Kinda like pinggy.

[0] https://localxpose.io

Dare I ask how much bandwidth it is consuming?

Its around 700MB today so far.