Running DeepSeek R1 locally

[Shub-Nigurrath]

By the way note the name: abliterated … which is a clash of two words obliterated and ablated. This because they depotentiated some neurons responsible for censorship. It’s a full AI hack at its best. This is the future.

Somehow you can imagine it as a sort of neural surgery

[Shub-Nigurrath]

Also.

1. Find open Ollama servers, using for example shodan command line or the following script Ollama Hunter (which by the way you should update to the new shodan APIs — don’t be dumb, just ask an LLM to do it for you)
2. Alternatively use shodan — shodan count port:11434 product:"Ollama" country:XX where XX is your country code
3. In this case the shodan command line is — https://help.shodan.io/command-line-interface/0-installation
4. Whatever way you follow you need a shodan key, or the polito cookie. You can find one with a bit of Google dork — es. look here https://www.exploit-db.com/google-hacking-database
5. Connects to the Ollama that are open via chatbot AI or similar apps and of course using a VPN and you’re done
6. Use bigger models, if you want/dare


Ollama Hunter is a Python tool that searches Shodan for publicly exposed Ollama LLM instances running on port 11434, and retrieves the list of available models from each host.
This tool is designed for researchers, security analysts, and red teamers who want to map the exposure of open LLM endpoints on the internet.

https://github.com/saadi1995/ollama-hunter

[Samoray]

Quote:

Originally Posted by Shub-Nigurrath

Also.

1. Find open Ollama servers, using for example shodan command line or the following script Ollama Hunter (which by the way you should update to the new shodan APIs — don’t be dumb, just ask an LLM to do it for you)
2. Alternatively use shodan — shodan count port:11434 product:"Ollama" country:XX where XX is your country code
3. In this case the shodan command line is — https://help.shodan.io/command-line-interface/0-installation
4. Whatever way you follow you need a shodan key, or the polito cookie. You can find one with a bit of Google dork — es. look here https://www.exploit-db.com/google-hacking-database
5. Connects to the Ollama that are open via chatbot AI or similar apps and of course using a VPN and you’re done
6. Use bigger models


Ollama Hunter is a Python tool that searches Shodan for publicly exposed Ollama LLM instances running on port 11434, and retrieves the list of available models from each host.
This tool is designed for researchers, security analysts, and red teamers who want to map the exposure of open LLM endpoints on the internet.

https://github.com/saadi1995/ollama-hunter

Isn't this basically stealing from innocent users who do not have enough knowledge to secure their Ollama instances?
Inferences which use GPU are not cheap and can run the bill up to thousands of dollars in some cases. That too, you are suggesting the use of bigger models (more expensive for the user)!

Downloading and using pirated software does not directly harm the end user but stealing paid compute of innocent people in this way is plain unethical and nothing but stealing...

[Shub-Nigurrath]

First, I said how it can be done, not that you must do it. That's up to you

"downloading and using pirated sw does not harm the end user" It's arguable, because it harms the developer.

In general, this is the wrong place for out-of-scope considerations, you're on exetools, not on reddit' innocent-souls channel.

at that point also the existence of that Ollama Hunter would be considered that way ... so leave these considerations for X.

[Samoray]

Quote:

Originally Posted by Shub-Nigurrath

First, I said how it can be done, not that you must do it. That's up to you

"downloading and using pirated sw does not harm the end user" It's arguable, because it harms the developer.

In general, this is the wrong place for out-of-scope considerations, you're on exetools, not on reddit' innocent-souls channel.

at that point also the existence of that Ollama Hunter would be considered that way ... so leave these considerations for X.

That's quite rude of you.
Someone did it to me and it resulted in a bill of several hundred dollars. It's extremely painful when this happens.

I wasn't even leaving the server unattended; I was actively configuring it when someone decided to scan and leech it.
Detailing such methods only serves to make it easier for inexperienced users like me to become targets for attacks!

Exetools was never a place where methods to take advantage of innocent online users were posted! There are also no posts to teach server hacking on Exetools.

[sendersu]

the conclusion is - do not leave plain endpoints to the public...
think about auth

[Shub-Nigurrath]

The lesson would be do not be dumb

[Samoray]

Quote:

Originally Posted by Shub-Nigurrath

The lesson would be do not be dumb

It is not good to call anyone dumb. You may be intelligent no doubt, but it's very bad to call anyone as dumb.

You've effectively posted instructions to drain funds from someone's credit card without consent by hacking their servers.
Not much different from using stolen credit cards.

I hope the quality of the posts in the Exetools forum do not degrade to those in the (now) taken-down CRACKED.TO forum.
There is a very good reason why the CRACKED.TO forum was taken down by the LEA: Because they dealt with stolen user accounts in one form or the other.

I see that you've set up a new merchant site. It's nice, by the way

[Fyyre]

Quote:

Originally Posted by Shub-Nigurrath

The lesson would be do not be dumb

+1 .. open ports on the Internet = bad .. nothing new

[Samoray]

Shub Nigurath should indeed make it very clear that the consequences of draining money from another person's credit card in this way is equal to using a stolen credit card, leading to serious jail time. Most users here would not be okay with using stolen credit cards in any way.

Most of the consumer-grade VPNs do not offer enough anonymity against financial crimes (which is good).
The warning should be very clear that if someone starts to drain in an unauthorized way credit cards linked to unsecured servers by using their expensive GPU compute resources for inference, they could go to jail.

While some users might accept illegal activities, the majority on the Exetools forum would strongly oppose financial crimes of this scale that could lead to imprisonment. Therefore, the warning needs to be very clear.

Also...
-1: It is never okay to call anyone dumb.

This is all I want to say, in this post and the one above.

[chants]

So as far as I know, if someone puts an instance publicly on the web it is free to use. This is not hacking at all as there is no unauthorized intrusion is no authorization is needed. If using default credentials, this is at least arguably not an authorization mechanism though it touches a gray area. This is not causing damage or harm to the server either but using it as intended. I do think responsibility for guarding resources lies on the hoster of such services.

Also I dont think he called anyone dumb, he described the action of making a costly service unsecured as dumb. Ive never liked labels or names applied to people. But actions I feel are totally fair to criticize. We all tend to make stupid mistakes in life, but that doesnt say anything about us after we learn from them. Dumb when describing a person means inability to speak, which is very different than when describing an action.

So im unclear on the legality and ethically here. Likely if passwordless then it is legal. If its default password, less likely legal but possibly. If the password had to be obtained through unauthorized efforts whether brute force, or online leaks, etc it is not legal. Ethically if you know you are running large bills then its not ethical. Unless the poster gave explicit consent like a public notice it is free to use or they privately agreed, etc. Then again, everyone probably knows all of this already.