I have cross posted this from the VRS forum site where I posted the following:
Quote:
All
Please be aware there is a Polish website that is pulling data without the owners permission.
It is http://89.68.60.64:8080/virtualradar/desktop.html#
He has physically port scanned the PC and then connected to the server ports.
It would appear that he has done this to a large number of VRS users across the world.
I am sure I am like everyone else here, I do not mind sharing my data with anyone, but please ask first!
Please check your set up and take appropriate action.
Cheers
Jon
Please note that he has NOT compromised my systems.
Thanks Jon.
Do you have a recommended action for VRS users to protect themselves?
I think a simple firewall filter blocking that address should be enough.
That assumes he is using the same IP address.
How doers he know the IP addresses of VRS users?
Quote from: Anmer on May 03, 2014, 10:10:20 AM
How doers he know the IP addresses of VRS users?
There are some places were we all publish our addresses, this forum is one of them.
And also just a simple google search will bring up many installations...
This will be a challenge however as he has a dynamic IP. I guess a whois will show the range for the ISP and we can block the complete range.
I have secured the rebroadcast servers on vrs-europe down to IP address. I have one server per user. They have a known IP address. If you ain't that IP address you don't get the data! I did this within the firewall on the server. Anyone with Win7 and above should be able to do this, go to advanced, and inbound rules. Create a specific rule for the port and then once accepted edit it and put the IP address in the scope field.
HTH
Jon
Edit:
Whois:
inetnum: 89.67.0.0 - 89.74.255.255
netname: UPC-PL
descr: UPC Polska Sp. z o.o.
descr: CPE Customers PL
country: PL
admin-c: UP94-RIPE
tech-c: LGI-RIPE
status: ASSIGNED PA
remarks: Contact abuse@upc.com.pl concerning criminal
remarks: activities like spam, hacks, portscans
mnt-by: MNT-LGI
source: RIPE # Filtered
Quote from: Breitling on May 03, 2014, 10:45:51 AM
There are some places were we all publish our addresses, this forum is one of them.
Where are you "publishing" your IP address here?
Jon
Would it be possible to let those feeders you know to be affected by this hacker know that their data is being used illegally?
Perhaps through a PM, as not everyone checks the posts on this forum regularly?
Stephen
Quote from: Anmer on May 03, 2014, 11:07:21 AM
Quote from: Breitling on May 03, 2014, 10:45:51 AM
There are some places were we all publish our addresses, this forum is one of them.
Where are you "publishing" your IP address here?
http://radarspotting.com/forum/index.php/topic,232.0.html
Stephen
Therein lies the problem. At present there is no system to even guess who's data he is pulling.
This was noticed by my Irish feeder this morning; he noticed his bandwidth usage had gone through the roof. The data on the Polish website was labelled as "Lviv". His data system is off line until we can resolve his unique problem. He has reported the user to his ISP as the user has port scanned him and essentially hacked him, the Polish ISP has a hard policy on this behaviour.
When you look at the "Kiev feed", there must be at least 15 different feeds associated with that merged feed. The coverage is massive. This guy must be running scripts to check for open feeds and then adding them. Scroll out to look at the world!
I have checked my personal data (WSLWx Feed) along with everything else on vrs-europe and have ensured that no one can get to the rebroadcast server unless I explicitly allow it.
The Developer is in the process of writing a push system which will kill this stone dead, but that is not due anytime soon. Even if it were, it would need everyone to be on the latest version...Just look at openskymap to see how many feeders there are on v1.*.
To be clear, this is a VRS re-broadcast server issue. It can be resolved by defining the IP address of the person who is meant to have the data in the OS firewall. In Linux this is very easy, In Windows 7 and I guess Vista, this can be done quite simply by rule creation and the use of the scope field. I am sure Windows 8 is similar but I do not run it so cannot comment further. Apple Mac must have similar. I am not sure about domain name handling such as "vrs-noip.biz" or similar. Someone with more knowledge of Windows may be able to help there.
Unfortunately not everyone is monitoring their system closely. If they were they may find that they have a nasty surprise in store. The data volumes can be massive. If you are on a limited broadband connection, that could end up costing you. I was getting through very nearly 200GB per month when I hosted vrs-europe from home! Thank goodness for fully unlimited broadband!
I will repeat, I am happy to share my WSLWx data with anyone. I am more than happy to put anyone's data on VRS-Europe. As with everyone here, Asking first is really the nice thing to do!
Best wishes
Jon
Thanks fo the warning.
Would I see his IP in the VRS menu were all the connected PC show up ?
I see the 'Liev' server has a lot of my area but not the local traffic from EDLW which my system shows. so maybe I'm no part of his net.
Also checking all connections with 'Show traffic'.
Mezoo
Look under "Rebroadcast Server Status" at the bottom of the page. If you have servers set up check the IP addresses. If there is an IP you do not know, block it at the firewall.
Jon
Thanks Jon - nothing showing up here.
Maybe worth setting up firewall rules just in case...
Jon
Hi Jon
Before you insult someone of being a hacker, please make sure what you are writing. I am not hacker and I don't understand hacking.
If I were a hacker, how would you see my ip address?
VRS software is free as well as sharing data. Can you tell me, please, where the hacking is? (Please check all log. Router and Computer)
I just suppose that your web site is new and you want to eliminate competition. (http://www.wslvr.org.uk/ - http://www.vrs-europe.eu)
I have seen your web site and it is all about advertising them I think. But why do you start with insulting?
if upc contacts me, I will explain everything and you will have to say I am sorry.
I could write even more but I think that you understand VRS very well so there is no need for more explanation.
Just think of planeplotter software. Are the designers of it hackers too? ( Maybe you dont remember, sharing name MLAT)
I am looking forward to hearing from you.
Welcome taytay12.
To avoid this turning into a battleground, if you confirm that all the shared data on your VRS page is made available to you with the express permission of those whose receivers are providing the source data, the matter can be closed.
Hi
Hi
Very simple. Nothing to do with VRS europe.
Clearly you understand your actions regarding getting data. I do not know how to get other peoples data unless I am invited to have it. Same as most here. If not a hacker then what are you?
I do not have to justify to you my multiple sites, however wslvr.co.uk and wslvr.org.uk was for just my own server prior to vrs europe. To get people to move to the new server I changed the direction the wslvr domains point to. When they come up for renewal, they will cease.
You port scanned a person who feeds data to me. You then started pulling his data from ALL this server ports, massively increasing his data throughput. At no time did you ask if you could have the data. He is very happy to share is data, but would like people to ask, same as me.
He has now reported your actions to your ISP. They have a policy on this.
I do not have advertising on my site, not even google analytics.
And no. after your actions, I would not wish your feed on my site.
Good luck.
Jon
Hi Administrator
What do you understand by express permission?
Quote from: taytay12 on May 04, 2014, 11:51:15 AM
Hi Administrator
What do you understand by express permission?
The person whose data it is (originating from his or her Mode-S receiver) has either made the data available to you or has a published policy that allows anyone to use the data without needing prior permission.
What arrangements exist to check that the originator's data is available to you without objection?
As I understand from the posts in this thread and in private messages, you have connected to the originator's PC and "helped yourself" to their data without their knowledge or permission.
That may not be true, in which case you can respond and clear up any misunderstanding.
Hi Taytay,
You connected to my VRS ( Ireland ) without my permission.
You port scanned my IP and then connected to ALL the VRS rebroadcast servers that were configured even old ones that were not in use !
This put my bandwidth usage through the roof as I have multiple people sharing to me and also caused me to spend hours yesterday configuring a firewall to safeguard other software on the computer.
I have emailed your ISP with the details of what was done in the hope that you are taken offline.
As of today you were trying to connect to my computer.
I have a log of all connection attempts.
I have shared my data with anyone who was willing to return the favour and who ASKED !
You never ASKED !
Gareth
So I understand that even if port is open (because there are many websites to check this) I still must ask for permission.
So far I have thought that I have to ask for permission when the port is closed.
I have an oral permission from my friend from other country and I read another permission on Russia forum.
I understand that to avoid this kind of insulting in the future I have to ask everyone for permission even (I have to emphasize it) if their ports are open.
For me it has been obvious so far that I can freely take data from those who open their ports. If they don't want me to connect, they just simply close the port.
Today I have learned about the permission so I will follow this advice.
And once again I have to repeat: I AM NOT A HACKER.
Maybe it was my mistake to interpret wrongly all the procedure of sharing data but hacking WAS NOT AND WILL NEVER BE MY TARGET.
The capital letters indicate my surprise, not anger, of all this situation.
I suggest to open this kind of topic on forum so it will help other people to avoid this kind of misunderstanding in the future.
Thanks for the clarification.
I think some might think that connecting to a PC/server and helping oneself to data on an open port is not disimilar to entering a house through an open window and "stealing" the owner's possessions.
That's my personal view.
Taytay
Thank you for your explanation and apology.
Just because a port is open, it does not mean that anyone is entitled to use that data. I am sure that you have heard of people being taken to court across the world for doing just what you have been doing. OK, VRS is not a sensitive system, but it only takes one scan of something that is sensitive to land in big trouble, very quickly.
What you are trying to do is exactly the same as me, cover Europe. I have had to set up a centralised server because of the bandwidth, my ISP was watching my usage closely! I was not even aware of your site until I was pointed in your direction.
VRS is a small but growing community. We all need to respect each other and especially the data. The Dev will be introducing a push system in the near future, this will stop the need for open ports. I am happy to share my data (WSLWx only) with anyone, just ask, after what I have now read including you.
Please contact me offline as there are things we need to discuss, but not in public.
Best wishes
Jon
Hi Gareth
It was your right to send the email to ISP and of course if there will be a need I will explain the problem to them.
All my data is closed now, even that from my friends. Maybe I will open just my data as it is my hobby and I don't want this kind of unpleasant situations to happen in my life anymore just because of my hobby.
I can see that a lot of people port scan my IP but I don't react in this way.
Thanks for all the information and advice.
Jon
I will contact you offline.
Thanks.
Best regards
I've also stopped sharing with live-military-mode-s because a few days ago my internet slowed to a crawl. I think it's a real problem, as I believe now no one from Spain is sharing data. I've informed Albert of this issue. Someone was stealing 2GB of data a day courtesy of my internet >:(
Likewise I've stopped using VRS because I noticed a tenfold increase in internet data usage in that as well.
My tuppence's worth. If you take data from someone without their permission, and/or this costs them money and hassle because they then go over their monthly internet allowance, then you are quite simply a thief. Ignorance is no excuse.
Stephen
Hi Stephen
Internet usage is one of the big issues. With my VRS, I was on about 180GB / month on my home internet, hence the reason for sticking it up on a server with 5TB / month available. Not my first choice but had to be done, the wife could not get her email quickly!
I obviously have been very lucky, no one has made unauthorised usage of my personal data. This maybe because I lock the firewall down to the IP address of the people who have permission, even if they have dynamic IP.
I have just checked some stats for everyone to mull over...
VRS-Europe server:
Beast feed inbound 46h 40m 1.176GB (Astronet)
Compressed VRS inbound 48h 06m 451MB (Manaesh)
Compressed VRS Outbound 48h 10m 1.194GB (VRS HQ)
My own server:
Compressed VRS 51h 54m 827MB (Feed to VRS-E)
I hope this does not put you off for the long run, I still have my personal VRS server at home and that is password protected so only those I want to use my personal site can gain access. The Rebroadcast server is locked down to IP level. My data can be seen, just in the places I choose.
Further more, I will repeat again, should anyone want to have a copy of the WSLWx data, just let me know and I can set it up...I am more than happy to share my data.
Best wishes
Jon
Is millisecond updates important for tracks more than 100 nm away? You could probably save a lot of bandwidth by quantizing each track over 10 seconds.
Hi Jon
My own server:
Compressed VRS 51h 54m 827MB (Feed to VRS-E) High
Important data transfer time.
Two question?
1:Your system Windows or Linux?
2: What is the CPU usage? (Your computer and Router)
Sample: 5 people connect your web server. 1000 aircraft data transfer. (Very important)
I say Router very important.
TayTay
Windows Server 2008 R2 1 x 2Ghx Xeon, 2GB Ram.
8x Receivers, 5x Rebroadcast
CPU on Server 15-25% for VRS, say another 30% for AD Pro. Router is unimportant, 100Mb backbone direct to net.
That is with 3 people connected.
Bandwidth used since switch on (13/04) 88.04GB Maximum 2.5Mbps.
At some stage I will need an extra CPU, that costs money and will only get added when totally needed. Already had to add 1GB RAM. Remember I am paying for this, not a company!
HTH
Jon
Some years ago I implemented a data sharing network using a hacked version of the abandoned Kinetic MapModeS option. Within a few hours my PC was crashing.
I then tried hosting the BaseStation Data Sharing (http://radarspotting.com/forum/index.php/topic,41.0.html) option on a local PC. It wasn't long before it needed hosting elsewhere and that's when FR24 offered to help.
Do not underestimate what you could be getting into here.
FR24, Planefinder and even dear old AirNav have been there and got the T-shirts. AirNav's is a bit ripped and in need of a wash. :)
And as Edgy has mentioned, some data pruning may be helpful.
Mike
Wise words indeed.
I really do not want to be FR24 or similar, just something run by European amateurs for amateurs. If we miss something, no loss!
I missed Edgy's point for some reason, I need to look at that and see if it can be changed....good point well made.
I am not sure I will get many more people offering to feed VRS-E. No loss, I am really happy with what we have. We should have increased coverage over Cork soon. A new RPi unit going in down there.
The VRS-E server also gives the VRS Dev the picture on how scalable his app really is. If I can help him by doing this, all the better. I think it is a fantastic piece of free software. My time to give something back, not just money.
Best wishes
Jon
Jon
I am Happy. Because your system windows. I help you.
What is your wan connection speed? Sample download 100 mbps and upload 100 mbps.
Please your check Windows features inside remote differential compression; open or close?
Router very important. Later I tell.(Private message) My router model Cisco 1921-K9.
Best wishes
Like Anmer, I played around with port 30003 sharing, and came-up with a couple ideas, one was to quantize the data and send it via UDP feeders, and the other was to exchange SQL over UDP, and thus sharing database tables. The databases being queried at some seconds interval.
All, in an attempt at keeping from having TCP connects, by using just UDP broadcasts. Alas, UDP was blocked by many ISP's and that was that :-)
VRS has a lot going for it, and I think the sharing part being quantized by some configured number of seconds, along with the current compression would be a great addition.
Quote from: taytay12 on May 05, 2014, 06:40:58 PM
Jon
I am Happy. Because your system windows. I help you.
What is your wan connection speed? Sample download 100 mbps and upload 100 mbps.
Please your check Windows features inside remote differential compression; open or close?
Router very important. Later I tell.(Private message) My router model Cisco 1921-K9.
Best wishes
Not quite sure where we are going here...VRS-E is at an IBM datacentre with a very large backbone onto the net. I am connected to that backbone by a 100Mb link. The server itself is a virtual machine. I do not have any bandwidth issues....Certainly no router I can access. I suspect there is a Cisco in the mix somewhere. It is not visible to me nor am I am to control it.
As for CPU I have just checked the stats, overall 34.3%.
Jon
Quote from: edgy on May 05, 2014, 06:50:21 PM
Like Anmer, I played around with port 30003 sharing, and came-up with a couple ideas, one was to quantize the data and send it via UDP feeders, and the other was to exchange SQL over UDP, and thus sharing database tables. The databases being queried at some seconds interval.
All, in an attempt at keeping from having TCP connects, by using just UDP broadcasts. Alas, UDP was blocked by many ISP's and that was that :-)
VRS has a lot going for it, and I think the sharing part being quantized by some configured number of seconds, along with the current compression would be a great addition.
The one thing that Andrew the VRS Dev has introduced is the compressed VRS feed. It does save bandwidth for those feeding, by a massive amount over the standard BS 30003. This is something that I have worked with the feeders to do, All but one feeder is connecting via C-VRS. Compressed VRS is a compressed version of the BS format, as I understand it...
As an aside, I feed my WSLWx data to both FR24 and Plane Finder. They both take more bandwidth than my VRS feed. Both a parceling data for onward transmission...Go figure!
I think any further technical questions or thoughts need to be pointed to the Dev, he is much more in a position to answer...I am not a software engineer, just a lowly systems engineer!
I hope most people will know where to find him! If not please PM me and I will tell you.
Jon
Jon, He may be doing more than I assume, I haven't really looked at the source, just read the docs.
One of the things about 30003 data was it had a bunch of redundancy. For example I get a lot of planes that send their altitude 4 times in a row, and of course 30003 dutifully reports all 4 (even if they are the same) :'(
So, compression would be bien, but deleting 3 of them très bien :-*
Edgy
http://www.virtualradarserver.co.uk/Documentation/Formats/CompressedVrs.aspx
HTH
Jon
Hi
This is a simple server presentiation but if is not easy.
(//)
[Attachment deleted by Admin to save file space]
OK
Looks familiar to what I have for my servers at work.
My system is just the server and eth1 and 1x HDD. I have no access to anything else.
If vrs-e grows big then we will need a dedicated server and will need the setup you describe. Until then...!
Jon
Hey
Does anyone share with me?
A friendy German put my feed online: http://planes.webernetz.net/virtualradar/desktop.html# --> Wien ;D
(If some Problem get fixed) i share more Ground Vehicles.