Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Explore Random Web Servers (lhackworth.com)
39 points by lukehack on Feb 23, 2019 | hide | past | favorite | 15 comments

Unsettling stuff for a Saturday morning; In two attempts I was connected to the login pages of two types of systems I use and administer regularly.

I'm aware that this is indicative of bad security practices and not some vulnerability in those systems, but that didn't make it any more comfortable to see their familiar UI elements exposed in all their nakedness.

> exposed in all their nakedness

In fairness, some of the better designed servers redirect to a domain. For example, one of the IPs I stumbled redirected to this weird portal (where the links point to the parent domain)


That's like StumbleUpon for 404, 403 and 500 pages :)

Looks like most of the internet is broken.

Neat idea, but I get mostly certificate errors, bare Apache errors, timeouts, basic auth prompts, etc. Some kind of filter might make it more interesting.

I agree completely that further filtering would improve the site a lot. That kind of filtering would require a lot more than a basic port scanner. I'll probably do it someday.

It's also really fun to find web servers on nonstandard ports, but I worry about the site then being abused to find compromised servers.

Found some home routers with default credentials. Will people never learn?

I've got Google.com twice. I wonder how many IPs would redirect me there.

I wish they would add a 400 checker.

I'll start working on one now. edit: Done. It'll take a while, but soon the database will be pruned. It will remove 404s and sites that don't respond in 0.25 seconds. edit2: It will remove status 500 as well. Let me know if there are any other broad groups that should be pruned. edit3: pruning 400 now too

Pruning the default cloudflare message about not using a direct IP might be helpful.

Like this one:

Thanks, it is now pruning error 1003 too. Let me know if there is anything else.

Any help needed?

Nah, the major parts are automated at this point. Thanks though! Just let me know how it can improve.

You sir are the man!

Applications are open for YC Summer 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact