Abuse reports and suspension of bore.pub service #150
Comments
Hey @ekzhang - I think someone was using bore.pub for a command and control sever. It's now being flagged by Amazon GuardDuty. |
ekzhang
changed the title
|
Hi folks, two updates:
As a result, I'm going to brown out bore.pub for the next week to raise awareness for this issue and hopefully dissuade whoever is using bore.pub for phishing. Please note that if I don't do this, cloud providers may take action on the service, this is my attempt to keep bore.pub running smoothly as a developer tool and prevent bad actors from using it. If you are impacted by this, you can self-host |
|
Tragic. I really hope this gets resolved, a public bore server has been a godsend |
|
sending thoughts and prayers |
|
Wow, that is super sad to see 😞 As a friend of free services I tried something and wanted to share with you here how to use
You can find the external IP of your instance in the VM overview: Then you can connect locally as always: 🎉 |
|
Sad to hear this. Bore.pub is such a great project, terrible that people use it for malicious purposes! Hope the issue gets resolved very soon! 🙏 For those who were using bore.pub for proxying to their Minecraft server: try Playit.gg as temporary alternative! (They also support TCP & UDP, but no HTTP) |
|
Just spent 15 minutes fiddling with ports on my local network. What a terrible situation and quite the interesting start to me trying out bore. Dang, this abuse sucks. I guess this explains a part of why the paid services are so expensive. |
|
This is unfortunate. Bore has been my favorite tunneling utility so far. I've tried quite a few and the ease of use is what got me. I'll may re-try some others but I'll most likely self-host with Bore. |
|
Bore provides me great tunnel experience. For who is looking for self host, you can use my GCP server IP 34.123.61.175 as temporary solution. |
Thanks! How long will you keep this up? |
|
At least one year, till end of 2025. |
|
I would highly recomment setting up an AWS free tier coupled with custom domain, voila. Hope the issue resolves soon. |
|
@StefMa @bobbercheng |
|
You can use nohup to run it in background.
Get Outlook for Android<https://aka.ms/AAb9ysg>
…________________________________
From: Ray Li ***@***.***>
Sent: Saturday, January 18, 2025 8:52:38 PM
To: ekzhang/bore ***@***.***>
Cc: bobbercheng ***@***.***>; Mention ***@***.***>
Subject: Re: [ekzhang/bore] Abuse reports and suspension of bore.pub service (Issue #150)
@StefMa<https://github.com/StefMa> @bobbercheng<https://github.com/bobbercheng>
Thank you so much for sharing the GCP self host option. I have it setup and it works great!
Do you know how to keep it running? Currently, it runs via the SSH console but once that closes or gets timed out, it stops.
—
Reply to this email directly, view it on GitHub<#150 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AHZGGQPEC4JHOMQTDASI53L2LMAONAVCNFSM6AAAAABULEU4VGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMMBQGQYDINRXGU>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
I received the following email from Porkbun today.
This is disappointing, bore has been running for almost three years now and the use of the public instance for phishing has only recently started. It's intended as a public service for developers, and I'm disheartened that it's started being abused like this, even after I instituted a 24 hour timeout to mitigate attacks like this in previous communications with DigitalOcean.
I'll be in contact with Porkbun on this but can't guarantee that we'll still support running bore.pub. If that's the case, you'll need to self-host bore server to continue using bore.
Porkbun
PO Box 364, Yardley, PA 19067
+1 (833) 365-1661 | cleandns.com | [email protected]
Hello there,
We're emailing you to let you know that the domains listed below were suspended due to a violation of Porkbun's Domain Name Registration Agreement.
OFFENDING DOMAINS
Below are the reported URLs, screenshots (if applicable), and a link to the abuse report.
REPORTED URLS
EXPLANATION OF ABUSE AND EVIDENCE
This domain has been recently reported for phishing.
The attached screenshot highlights the presence of sensitive information input and the appearance of (the) Capital One.
At the time of the report, the domain was 998 days old, and our analysis reveals the following characteristics about the domain:
the domain has been reported 13 time(s).
These factors strongly indicate phishing activity.
If you believe it was suspended in error, please reply to this email. Please note, emails sent to [email protected] will not receive a response.
NOTE: When replying, please DO NOT alter the subject line.
Thank you,
The Porkbun Abuse Department
CLEANDNS CASE LINK
The anonymous case view link provides users with a detailed view of the abuse engaging on the reported domains. Additional information includes WHOIS/DNS lookup, screenshots, full URL, and explanation of abuse.
http://url718.reports.cleandns.space/ls/click?upn=u001.Ff1j-2BYc-2FrmuXqSLWCQUAcoK2gMY23YbJblR7Y-2Bp7gjfG-2BOdrhQNT-2FcNZD3eOPztwER6fKbguKzsaakKSJcDyWDKvWbgDIFA7dAd0qv0tOgc-3DmU4m_Orh5DMiW70sQQNBZqFE8UbBO5C7SZ2BWmlo6FBE8hxzNCAbiBrh1nZPzSELHrJPxxzjGYd6-2FfNMc224VcT66uCtmUjWzjqlZ1uFjNFi4hvdqrsJ61-2FRpLHpIUJy5C8tuUSh9hy3PmI9jMIuvRAPOUOnbOA2iRcJTYpz3EG5Qi0ic9jjuBUxxTeEFzPNjp5j-2Fl4TcTZnXilpwJJLq20YaXw-3D-3D
[REF# 6770c706a03efad2d0844f7e]
Clicking on links contained in this email may lead to malicious code (including but not limited to viruses, trojans, key loggers, and worms) that could infect and/or damage your computer and/or network. Please exercise extreme caution when clicking on such links. If you have any doubts about any such links or attachments, please contact your system administrator or network supervisor before clicking on any of those links. Porkbun assumes no responsibility for any damage that occurs arising out of such actions.
The text was updated successfully, but these errors were encountered: