How do bad actors' sites/servers stay afloat when someone has to handle the hosting? - eviltoast

Besides proxying to try to mask their activities, wouldn’t those playing host to bad actors have to have some insight or notice some abnormal activity that might give away that someone may be abusing their services?

Or is it that there’s a mix of a financial & legal advantage to remaining as ignorant to that activity as possible for as long as possible up till push comes to shove & they’re being served a warrant?

  • Fosheze@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    ·
    1 year ago

    That depends on what you mean by “bad actors”. If you’re just talking about illegal content then it’s just that the law isn’t universal. They just find a host somewhere where whatever they want to host is legal.

    • ALostInquirer@lemm.eeOP
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      Well, not just content, but also activity like making fake sites to steal credentials, send out phishing emails/texts, and that kind of thing. I guess that may fall under the same point though, of the law not being universal regarding these activities, e.g. talk of some governments ignoring bad actors so long as their activities only target other nations’ citizens.

      • Kerfuffle@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        also activity like making fake sites to steal credentials, send out phishing emails/texts

        It’s pretty common for that sort of activity to use stuff like botnets or compromised servers. In other words, the actual owner isn’t aware of what their resources are being used for: they got hijacked. There’s lots of stuff on the internet with very lax security so unfortunately it’s not really hard to do.

  • ObM@lemmy.world
    link
    fedilink
    arrow-up
    8
    ·
    edit-2
    1 year ago

    Yeah, it depends on what you mean.

    In many cases malware and phishing is hosted off other compromised sites. So, they build a list of Wordpress sites with vulnerabilities, and use the vulnerabilities to host their files on them. For example, imagine “legitimate-medical-site.net.com” is a real site. The attacker will use the exploit to upload malicious files in there somewhere like “legitimate-medical-site. net. com/qwertasdf/invoice.pdf”.

    If the site gets blocked or shutdown it’s no loss to them.

    Another technique, especially phishing wise, they will have a semi-plausible domain name (e.g. youbank-security-server .con). But they will register heaps of these. There are tonnes of top level domains that do next to no checking. These things cost a few bucks, so having it taken down is not a problem.

    The combination of burner sites and domains mean they have a window of opportunity to run their attacks and scams before other protections kick in.

  • IsoKiero@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    It’s the latter. As long as the bad actor gives money to the hosting company they don’t really care (and for legal reasons they either can’t or won’t monitor things too tightly) what you do with the capacity you paid for. And when it becomes annoying enough they’ll suspend the account. Rinse and repeat.