VRS Shared Feeds

[jonfear]

I have cross posted this from the VRS forum site where I posted the following:

Quote:

All

Please be aware there is a Polish website that is pulling data without the owners permission.

It is http://89.68.60.64:8080/virtualradar/desktop.html#

He has physically port scanned the PC and then connected to the server ports.

It would appear that he has done this to a large number of VRS users across the world.

I am sure I am like everyone else here, I do not mind sharing my data with anyone, but please ask first!

Please check your set up and take appropriate action.

Cheers

Jon

Please note that he has NOT compromised my systems.

[Anmer]

Thanks Jon.

Do you have a recommended action for VRS users to protect themselves?

[Breitling]

I think a simple firewall filter blocking that address should be enough.

[Anmer]

That assumes he is using the same IP address.

How doers he know the IP addresses of VRS users?

[Breitling]

How doers he know the IP addresses of VRS users?

There are some places were we all publish our addresses, this forum is one of them.

[jonfear]

And also just a simple google search will bring up many installations...

This will be a challenge however as he has a dynamic IP. I guess a whois will show the range for the ISP and we can block the complete range.

I have secured the rebroadcast servers on vrs-europe down to IP address. I have one server per user. They have a known IP address. If you ain't that IP address you don't get the data! I did this within the firewall on the server. Anyone with Win7 and above should be able to do this, go to advanced, and inbound rules. Create a specific rule for the port and then once accepted edit it and put the IP address in the scope field.

HTH

Jon


Edit:

Whois:

inetnum:        89.67.0.0 - 89.74.255.255
netname:        UPC-PL
descr:          UPC Polska Sp. z o.o.
descr:          CPE Customers PL
country:        PL
admin-c:        UP94-RIPE
tech-c:         LGI-RIPE
status:         ASSIGNED PA
remarks:        Contact abuse@upc.com.pl concerning criminal
remarks:        activities like spam, hacks, portscans
mnt-by:         MNT-LGI
source:         RIPE # Filtered

[Anmer]

There are some places were we all publish our addresses, this forum is one of them.

Where are you "publishing" your IP address here?

[Bethsalem]

Jon

Would it be possible to let those feeders you know to be affected by this hacker know that their data is being used illegally?

Perhaps through a PM, as not everyone checks the posts on this forum regularly?

Stephen

[Breitling]

There are some places were we all publish our addresses, this forum is one of them.

Where are you "publishing" your IP address here?

http://radarspotting.com/forum/index.php/topic,232.0.html

[jonfear]

Stephen

Therein lies the problem. At present there is no system to even guess who's data he is pulling.

This was noticed by my Irish feeder this morning; he noticed his bandwidth usage had gone through the roof. The data on the Polish website was labelled as "Lviv". His data system is off line until we can resolve his unique problem. He has reported the user to his ISP as the user has port scanned him and essentially hacked him, the Polish ISP has a hard policy on this behaviour.

When you look at the "Kiev feed", there must be at least 15 different feeds associated with that merged feed. The coverage is massive. This guy must be running scripts to check for open feeds and then adding them. Scroll out to look at the world!

I have checked my personal data (WSLWx Feed) along with everything else on vrs-europe and have ensured that no one can get to the rebroadcast server unless I explicitly allow it.

The Developer is in the process of writing a push system which will kill this stone dead, but that is not due anytime soon. Even if it were, it would need everyone to be on the latest version...Just look at openskymap to see how many feeders there are on v1.*.

To be clear, this is a VRS re-broadcast server issue. It can be resolved by defining the IP address of the person who is meant to have the data in the OS firewall. In Linux this is very easy, In Windows 7 and I guess Vista, this can be done quite simply by rule creation and the use of the scope field. I am sure Windows 8 is similar but I do not run it so cannot comment further. Apple Mac must have similar. I am not sure about domain name handling  such as "vrs-noip.biz" or similar. Someone with more knowledge of Windows may be able to help there.

Unfortunately not everyone is monitoring their system closely. If they were they may find that they have a nasty surprise in store. The data volumes can be massive. If you are on a limited broadband connection, that could end up costing you. I was getting through very nearly 200GB per month when I hosted vrs-europe from home! Thank goodness for fully unlimited broadband!

I will repeat, I am happy to share my WSLWx data with anyone. I am more than happy to put anyone's data on VRS-Europe. As with everyone here, Asking first is really the nice thing to do!

Best wishes

Jon

[mezoo]

Thanks fo the warning.
Would I see his IP in the VRS menu were all the connected PC show up ?

I see the 'Liev' server has a lot of my area but not the local traffic from EDLW which my system shows. so maybe I'm no part of his net.

Also checking all connections with 'Show traffic'.

[jonfear]

Mezoo

Look under "Rebroadcast Server Status" at the bottom of the page. If you have servers set up check the IP addresses. If there is an IP you do not know, block it at the firewall.

Jon

[mezoo]

Thanks Jon - nothing showing up here.

[jonfear]

Maybe worth setting up firewall rules just in case...

Jon

[taytay12]

Hi Jon

Before you insult someone of being a hacker, please make sure what you are writing. I am not hacker and I don't understand hacking.
If I were a hacker, how would you see my ip address?
VRS software is free as well as sharing data. Can you tell me, please, where the hacking is? (Please check all log. Router and Computer)
I just suppose that your web site is new and you want to eliminate competition. (http://www.wslvr.org.uk/  - http://www.vrs-europe.eu)
I have seen your web site and it is all about advertising them I think. But why do you start with insulting?
if upc contacts me, I will explain everything and you will have to say  I am sorry.
I could write even more but I think that you understand VRS very well so there is no need for more explanation.
Just think of planeplotter software. Are the designers of it hackers too? ( Maybe you dont remember, sharing name MLAT)

I am looking forward to hearing from you.