Running DeepSeek R1 locally

[Shub-Nigurrath]

By the way note the name: abliterated … which is a clash of two words obliterated and ablated. This because they depotentiated some neurons responsible for censorship. It’s a full AI hack at its best. This is the future.

Somehow you can imagine it as a sort of neural surgery

[Shub-Nigurrath]

Also.

1. Find open Ollama servers, using for example shodan command line or the following script Ollama Hunter (which by the way you should update to the new shodan APIs — don’t be dumb, just ask an LLM to do it for you)
2. Alternatively use shodan — shodan count port:11434 product:"Ollama" country:XX where XX is your country code
3. In this case the shodan command line is — https://help.shodan.io/command-line-interface/0-installation
4. Whatever way you follow you need a shodan key, or the polito cookie. You can find one with a bit of Google dork — es. look here https://www.exploit-db.com/google-hacking-database
5. Connects to the Ollama that are open via chatbot AI or similar apps and of course using a VPN and you’re done
6. Use bigger models, if you want/dare


Ollama Hunter is a Python tool that searches Shodan for publicly exposed Ollama LLM instances running on port 11434, and retrieves the list of available models from each host.
This tool is designed for researchers, security analysts, and red teamers who want to map the exposure of open LLM endpoints on the internet.

https://github.com/saadi1995/ollama-hunter

[Samoray]

Quote:

Originally Posted by Shub-Nigurrath

Also.

1. Find open Ollama servers, using for example shodan command line or the following script Ollama Hunter (which by the way you should update to the new shodan APIs — don’t be dumb, just ask an LLM to do it for you)
2. Alternatively use shodan — shodan count port:11434 product:"Ollama" country:XX where XX is your country code
3. In this case the shodan command line is — https://help.shodan.io/command-line-interface/0-installation
4. Whatever way you follow you need a shodan key, or the polito cookie. You can find one with a bit of Google dork — es. look here https://www.exploit-db.com/google-hacking-database
5. Connects to the Ollama that are open via chatbot AI or similar apps and of course using a VPN and you’re done
6. Use bigger models


Ollama Hunter is a Python tool that searches Shodan for publicly exposed Ollama LLM instances running on port 11434, and retrieves the list of available models from each host.
This tool is designed for researchers, security analysts, and red teamers who want to map the exposure of open LLM endpoints on the internet.

https://github.com/saadi1995/ollama-hunter

Isn't this basically stealing from innocent users who do not have enough knowledge to secure their Ollama instances?
Inferences which use GPU are not cheap and can run the bill up to thousands of dollars in some cases. That too, you are suggesting the use of bigger models (more expensive for the user)!

Downloading and using pirated software does not directly harm the end user but stealing paid compute of innocent people in this way is plain unethical and nothing but stealing...

[Shub-Nigurrath]

First, I said how it can be done, not that you must do it. That's up to you

"downloading and using pirated sw does not harm the end user" It's arguable, because it harms the developer.

In general, this is the wrong place for out-of-scope considerations, you're on exetools, not on reddit' innocent-souls channel.

at that point also the existence of that Ollama Hunter would be considered that way ... so leave these considerations for X.

[Samoray]

Quote:

Originally Posted by Shub-Nigurrath

First, I said how it can be done, not that you must do it. That's up to you

"downloading and using pirated sw does not harm the end user" It's arguable, because it harms the developer.

In general, this is the wrong place for out-of-scope considerations, you're on exetools, not on reddit' innocent-souls channel.

at that point also the existence of that Ollama Hunter would be considered that way ... so leave these considerations for X.

That's quite rude of you.
Someone did it to me and it resulted in a bill of several hundred dollars. It's extremely painful when this happens.

I wasn't even leaving the server unattended; I was actively configuring it when someone decided to scan and leech it.
Detailing such methods only serves to make it easier for inexperienced users like me to become targets for attacks!

Exetools was never a place where methods to take advantage of innocent online users were posted! There are also no posts to teach server hacking on Exetools.

[sendersu]

the conclusion is - do not leave plain endpoints to the public...
think about auth

[Shub-Nigurrath]

The lesson would be do not be dumb

[Samoray]

Quote:

Originally Posted by Shub-Nigurrath

The lesson would be do not be dumb

It is not good to call anyone dumb. You may be intelligent no doubt, but it's very bad to call anyone as dumb.

You've effectively posted instructions to drain funds from someone's credit card without consent by hacking their servers.
Not much different from using stolen credit cards.

I hope the quality of the posts in the Exetools forum do not degrade to those in the (now) taken-down CRACKED.TO forum.
There is a very good reason why the CRACKED.TO forum was taken down by the LEA: Because they dealt with stolen user accounts in one form or the other.

I see that you've set up a new merchant site. It's nice, by the way

[Fyyre]

Quote:

Originally Posted by Shub-Nigurrath

The lesson would be do not be dumb

+1 .. open ports on the Internet = bad .. nothing new

[Samoray]

Shub Nigurath should indeed make it very clear that the consequences of draining money from another person's credit card in this way is equal to using a stolen credit card, leading to serious jail time. Most users here would not be okay with using stolen credit cards in any way.

Most of the consumer-grade VPNs do not offer enough anonymity against financial crimes (which is good).
The warning should be very clear that if someone starts to drain in an unauthorized way credit cards linked to unsecured servers by using their expensive GPU compute resources for inference, they could go to jail.

While some users might accept illegal activities, the majority on the Exetools forum would strongly oppose financial crimes of this scale that could lead to imprisonment. Therefore, the warning needs to be very clear.

Also...
-1: It is never okay to call anyone dumb.

This is all I want to say, in this post and the one above.