Terminating free ejemplo.me server

Question

Terminating free ejemplo.me server

jerson opened this issue 2 years ago · comments

Gerson Alexander Pardo Gamez commented 2 years ago

sadly someone is using the service to expose malware, the only possible solution for me is to terminate ejemplo.me, you can still expose your own server using readme tutorial.

[PL-2738190] Phishing attack(s) hosted on: trending.ejemplo.me During an investigation of fraud, we discovered a compromised website (trending.ejemplo.me) that is being used to attack our client and their customers. In addition to the website owner, we have addressed this report to the responsible authoritative providers who have the ability to disable the malicious content in question. Based on your relationship to the content in question, please see our specific request below. This threat has been active for at least 0.4 hours. http://trending.ejemplo.me/login.html http://trending.ejemplo.me/ First detection of malicious activity: 12-06-2021 20:17:12 UTC Most recent observation of malicious activity: 12-06-2021 20:40:54 UTC Associated IP Addresses: 51.15.103.235 === HOSTING PROVIDER === If you agree that this is malicious, we kindly request that you take steps to have the content removed as soon as possible. It is highly likely that the intruder who set up this phishing content has also left additional fraudulent material on this server such as illegitimate access points. === WEBSITE OWNER === We recommend taking the following actions to secure the web site and prevent the attackers from returning: - Update your web applications including CMS, blog, ecommerce, and other applications (and all add-on modules/components/plugins). - Search all of your web directories for suspicious files as attackers commonly leave backdoors. - Scan the computer from which you login to your web hosting control panel or ftp server with anti-virus software. - Change your web hosting provider if this is an ongoing issue. If your provider has disabled your account because of this incident, you must coordinate a resolution with them directly as PhishLabs has no control over this aspect. If we have contacted you in error, or if there is a better way for us to report this incident, please let us know so that we may continue our investigation. We are grateful for your assistance. Kind regards, SOC Team PhishLabs Security Operations 12023866001 Available 24/7 [PL-2738190]

dwarfpuzzles · Answer 1 · Tue Dec 07 2021 23:00:04 GMT+0800 (China Standard Time)

Rest in peace.
Forever miss.

MislavJancic · Answer 2 · Thu Dec 09 2021 04:52:12 GMT+0800 (China Standard Time)

Some people -_-

Luke Tran · Answer 3 · Fri Dec 10 2021 00:28:50 GMT+0800 (China Standard Time)

Could you please share the detailed docs for self hosting pgrok?
I tried the one in "docs/SELFHOSTING.md" but it did not work.
Thank you.

alisonreis1991 · Answer 4 · Fri Dec 10 2021 21:28:23 GMT+0800 (China Standard Time)

usava bastante o pgrok aqui em casa, tem como você ativalo novamente?

Gerson Alexander Pardo Gamez · Answer 5 · Fri Dec 10 2021 23:47:43 GMT+0800 (China Standard Time)

Hi @lucdkny yes this weekend im gonna update docs file to explains how to do it

Alex · Answer 6 · Sat Dec 11 2021 11:17:45 GMT+0800 (China Standard Time)

@jerson Quick question, can I run pgrok server without a domain if im just going to be using TCP tunnels?

Gerson Alexander Pardo Gamez · Answer 7 · Sun Dec 12 2021 01:57:43 GMT+0800 (China Standard Time)

I just updated docs with more details about self hosting
https://github.com/jerson/pgrok/blob/master/docs/SELFHOSTING.md

and about @Alex-idk question, I havent tested using only tcp so, im not sure about that but probably you can use https://github.com/fatedier/frp which has a better implementation for expose ports

dwarfpuzzles · Answer 8 · Sun Dec 12 2021 01:58:29 GMT+0800 (China Standard Time)

Does ejemplo.me support TCP still?

Gerson Alexander Pardo Gamez · Answer 9 · Sun Dec 12 2021 02:00:07 GMT+0800 (China Standard Time)

@dwarfpuzzles no, for now the service is down since i can not avoid that someone can expose malware using ports too,

dwarfpuzzles · Answer 10 · Sun Dec 12 2021 02:00:43 GMT+0800 (China Standard Time)

ngrok has this problem as well

Gerson Alexander Pardo Gamez · Answer 11 · Sun Dec 12 2021 02:20:44 GMT+0800 (China Standard Time)

Actually you can protect you pgrok instance using client certificates and CA, doc was included in Protect you client(pgrok) to server(pgrokd) connection with a CA

Section

Usami Sumireko · Answer 12 · Tue Dec 14 2021 03:58:43 GMT+0800 (China Standard Time)

Huh, a bruh moment indeed. It's sad to see this service being shut down, it truly was a very convenient way to share localhosted websites to the internet without configuration :(
I think that now, without a public pgrokd instance, people who don't have their own server with static IPs will not be able to use pgrok as before? If that's the case, would you consider changing the default server to another one, hosted by someone, who has the will (and time and resources) to take care of malware issues (and others)? :D
I personally think that using pgrok without selfhosting is a very popular usage case and that's why I believe this issue is important. My hosting provider also happens to forward all copyright/fishing claims to it's clients before taking any action too, so... I suppose I can host a public pgrok instance, yay.

Alex · Answer 13 · Wed Dec 15 2021 07:45:14 GMT+0800 (China Standard Time)

I mean pgrok isn't the only thing to forward localhost things with there is ngrok, localhost.run, pagekite.net, or a plain old ssh port forwarding to a vps

alisonreis1991 · Answer 14 · Fri Dec 17 2021 06:28:01 GMT+0800 (China Standard Time)

Jerson, how can i make pgrok work on my pc, could you make a video showing how i can make it work on my computer?