This post was flagged by the community and is temporarily hidden.
1 Like
Um. Literally any server does that. /var/log/apache2/access.log
6 Likes
But most servers don’t seek to use that info in a malicious manner.
Nor do most Minecraft servers.
But some do, that’s the point. Most websites won’t steal your info and sell it to the dark web. But some do.
This class taught me some things in college. I doubt the lectures are publicly available but you can follow along with the slides/notes/readings.
1 Like
Not to detract from your point about digital hygiene-- being aware of safe practices with passwords and everything else online is an important life skill-- but it’s important not to promote misinformation. IP addresses are essentially public information. Most services log them, but they’re not really usable for exploits unless the service being exploited depends only on your IP, which makes it unsecured.
There’s a reason minecraft servers default to online-mode=true in their config files-- the default is to verify the identity of a user before allowing them in. Some servers don’t do this, at the cost of security.
7 Likes
Keep in mind, there’s also the possibility that these people may be making these “tutorials” with a secondary purpose of helping you set yourself up to be a target. Don’t automatically trust the first results of a Google (or other search engine) search just because it’s one of the first results you see. Especially for something in regards to data protection. There may be people who lay traps that way, tricking unsuspecting users people to follow a tutorial that is an attack in itself. Look into the creator/publisher before following their guide.
Some key things to watch out for/“red flags”:
- Offers of “free” protection software
- This could be ransomeware or malware, or a virus
- Possible phishing scams
- Odd spelling or grammar
- Asking for your information
- Name
- Address
- Age/gender/race
- ANY account information (usernames, passwords, pins, etc for any service you may have an account for like banks, games, stores, or other things)
Most people today should already know these things, but there are those who might not. Internet security is a big issue, even if most people don’t realize it. VPNs are a good way to protect your online identity. They’re not completely secure though. A VPN can be broken, but it will take time, and will slow down the attacker.
2 Likes
Do you know that some minecraft servers record the ip addresses of players so they can be used to spoof as those players and other malicious reasons?
Please explain how someone knowing your IP address can be used to spoof your identity. Very few systems use an IP address as a first definer of identity, especially not Minecraft.
10 Likes
Most of those website are already a part of the dark web. Many browsers nowadays have warnings, marking a site as malicious or not. They’re easy enough to avoid, as long as you pay attention to what you are doing or where you are going on the Internet. Also as I noted in my initial post on the thread, a VPN is a useful tool to help protect you on the web, so it won’t be as easy for a malicious site, if you so happen to fall into one, to steal any information.
If we’re going to speak about VPN’s, Tom Scott’s video is a good watch on if you really need a VPN.
4 Likes
Ooh. Do you know what the VPN provider that he censored was?
Am I a hacker if I login to old accounts on the first try?
5 Likes
Most browsers can’t access the dark web at all.
It came out around the time of all the nordvpn promotions, so I’d guess that one. Could be anyone, though, and his message applies to all VPN providers.
My roommate managed to give his credit card number to two different scam sites in the span of 3 months. Don’t do that.
Huh. I suppose I missed something, since this is showing up as being changed 2 hours ago, but the last post was 9 days ago. Anyway,
Ford has an excellent solution to a lot of this. They try to hack and phish their own users. We get occasional messages that ‘appear’ to be genuine asking for information, or phone numbers, or names, or requesting password resets. A more in-depth glance will reveal phony header email names (like outside-ford.com etc), banner ads that request you click on them, and other methods phishers use.
If you are unfortunate enough to fall for it and click on something or reply, you are redirected to a mandatory training website and have to complete a class on the particular brand of phish you just fell for.
Due to the natural tendency of humans to avoid work where-ever possible, this is an effective deterrent to doing anything silly on the Ford network. It’s not perfect, but it’s the most effective method I’ve seen to educate folks.
5 Likes
Someone posted spam advertising a VPN so the new post got removed