Comment by gnyman
3 months ago
This is nice and for those who's asking, it's different from ngrok and the others in that you don't need a separate client, (almost) everyone has ssh installed.
To the author, I wish you best of luck with this but be aware (if you aren't) this will attract all kind of bad and malicious users who want nothing more than a "clean" IP to funnel their badness through.
serveo.net [2] tried it 8 years ago, but when I wanted to use it I at some point I found it was no longer working, as I remember the author said there was too much abuse for him to maintain it as a free service
I ended up self-hosting sish https://news.ycombinator.com/item?id=14842951
A few other options as well: https://github.com/anderspitman/awesome-tunneling
Just want to say that I appreciate you maintaining this list. It's one of those things I need to do every now and then, so having a place that gives me a current summary of the options is very handy.
Thanks for the kind words. I hope I won't have to close this service in a few days due to abuse but its a weird world we live in.
As someone who has launched something free on HN before, the resulting signups were around 1/3rd valid users doing cool things and checking things out, and 2/3rds nefarious users.
a bit better benevolent:malicious ratio than the real world
2 replies →
My service (which doesn't have public access, only via SSH as a client) was used by a ransomware gang, which involved the service in investigation from Dutch CERT and Dubai police.
It's still live though.
I run playit.gg. Abuse is a big problem on our free tier. I’d get https://github.com/projectdiscovery/nuclei setup to scan your online endpoints and autoban detections of c2 servers.
Thanks for sharing this. I run packetriot.com, another tunneling service and I ended up writing my own scanner for endpoints using keyword lists I gathered from various infosec resources.
I had done some account filtering for origins coming out of Tor, VPN networks, data centers, etc. but I recently dropped those and added an portal page for free accounts, similar to what ngrok does.
It was very effective at preventing abuse. I also added mechanism for reporting abuse on the safety page that's presented.
3 replies →
Do you have funding to cover the paying the bandwidth costs which will ultimately result from this? Or if you're running this from a home network, does anyone know if OP should be concerned of running into issues with their ISP?
I can cover hundreds of PB of bandwidth per month if needed without paying a fortune.
2 replies →
The tunnel host appears to be a Hetzner server, they are pretty generous with bandwidth but the interesting thing I learned about doing some scalability improvements at a similar company [0] is that for these proxy systems, each direction’s traffic is egress bandwidth. Good luck OP, the tool looks cool. Kinda like pinggy.
[0] https://localxpose.io
Dare I ask how much bandwidth it is consuming?
Its around 700MB today so far.
Random thoughts: one can get user's ssh public keys from GitHub on the fly (from `https://github.com/<username>.keys`), so that it requires a valid GitHub account to use this service, without (extra) auth process.
It would be nice to have an open-source version that you can self-host. That would solve the abuse problem. Maybe with a service to create API keys.
Yeah, this is the next step. I first wanted to understand if this gets any traction. I think I will provide a dockerized version for the server part that you can just run with a simple command and maybe some interface to create api keys and distribute them to your users.
Fair enough from a business standpoint, but seeing as there are massive privacy/security risks involved in exposing your data to an opaque service, the open source component is probably a non-optional aspect of the value prop.
3 replies →
We're using pgrok for that in our organization. A small EC2 instance serves as the public endpoint.
OpenSSH is preinstalled on Windows as well, so I think it's not a stretch to say everyone has ssh now.