I dug deeper than @slimszi
Allow me to hypothesize here:
Information:
- At least 2 of Kerberos mirrors are exposed (Privex Datacenter in Stockholm, using port 81 lol) (not the ones @slimzi posted)
- AB "welcome" page is hosted in the same data center (probably law enforcement), IPs are NOT far from those of Kerberos (185.130.46.136). "hell", they might be in the same rack even, as that switch is misconfigured.
Hypothesis 1:
- AlphaBay is seized by LE, their server is just a honeypot to catch yall
... if this is true, how the hell Kerberos is running in the same Datacenter "Privex" FOR A YEAR, while being exposed! LE? dumb luck?
- AB and Kerberos are connected somehow and exit scams are more profitable.
Hypothesis 2:
- Both are in the same datacenter, pure luck. (still Kerberos is exposed, SINCE A YEAR)
Fact:
Kerberos mirrors are exposed. hell, I will sell you the IP if you pay enough and guarantee the safety of it's users and their funds.
In any case, safety of users should be every DNM operator #1 priority, and even funny people like @simzi should be taken seriously. double check your logs maybe? laughing off everyones safety is not a joke. (neither exit scams lol)
For users:
- If you are a vendor, make sure your JS is turned off, use only Tails OS when connecting to Kerberos (or generally), ask your customers to encrypt addresses (don't trust market encryption) if you're using windows, get a life!.
- Don't use a wallet, don't deposit much, don't leave a lot in your wallet... you've been warned (This applies to all markets)
For lucifer:
@Lucifer double check your servers, no need to make fun of anyone who is trying to protect themselves and the rest of your users.
suggestion (encoded): block all ICMP & UDP incoming traffic (I know TOR doesn't have UDP, your server still has it), and ask your datacenter to block ICMP on the switch connecting your 2 servers in the rack.
