Jack
junkman
- Joined
- Jul 7, 2011
- Location
- The Ass Cheek Of History
god damn Russian bots are at it again
-
Hello Guest, welcome to the initial stages of our new platform!
You can find some additional information about where we are in the process of migrating the board and setting up our new software hereThank you for being a part of our community!
Forum is NOT secure
- Thread starter epborden
- Start date
FreeEMSFred
New member
- Joined
- Nov 2, 2009
- Location
- Kiwiland
^ three quarters of this thread is a shameful waste of space, thanks for adding to that, and motivating me to add to it with this. Good work, Jack! 
NotSoFresh
Sick ****** T-Brick Prick
- Joined
- Aug 22, 2008
- Location
- gangcouver
I don't know whats your deal....^ three quarters of this thread is a shameful waste of space, thanks for adding to that, and motivating me to add to it with this. Good work, Jack!
This board was built by a person/s with shoestrings and duct tape, and then passed on when life got in the way more than once. Much the same as the cars we drive. One of the things that has held it together is the lighthearted humour from people who actually know what they are talking about most of the time. We like it this way.
If you did a little reading around you would know that in these board handoffs years ago, some details got missed, like domain ownership. There may/maynot be bad blood in the way, who knows? These things happen and you deal with it.
As to security, Posting details of the security/configuration problems(in your mind) of the site is a highly irresponsible thing to do as a member from a security perspective. If you care about the site, you wouldnt piss on it. The fact that you are posting this stuff the way you do raises hairs on the neck. Why would the board accept help from someone who pisses on it publically? It reads like a run on the board, a takeover of sorts. That was what the russian comment was about.
If someone you barely knew put up a sign in your yard that said "Bathroom window lock broken, House unsecure" would that bother you? That is what you have done.
ALL OF THESE SECURITY COMMENTS SHOULD BE PM.
FreeEMSFred
New member
- Joined
- Nov 2, 2009
- Location
- Kiwiland
Excuse me, what? You *seem* to have no idea what type of security we're talking about here.
None of my (low traffic) sites are HTTPS but my sites are not insecure, nor is my server, no one can come and attack it for sport (well, they can try), it's just the connections between server and user that are weak (privacy of passwords or PMs, for eg, one might argue weakly "what's the difference" re "security" PM vs "security" post, in this case). PS, the word security is not in my thread, because that's not what it's about.
In bullets:
It's laughable that you say posting that the site doesn't have HTTPS/SSL/TLS is somehow informing anyone that's looking at it that there's a vulnerability. Laughable on many levels. Not least of which is that if they're looking at it, they *already know* what protocol it uses. But also that it's *not* a vulnerability. HTTPS/SSL/TLS is a service to users, primarily. A privacy one. It has other benefits, too, but...
=======================================================
And because I refuse to post again without it being useful, a few questions/bits of advice that don't require me to hold any privileged information whatsoever:
1) Which server software? Apache2? Nginx? IIS? Other?
2) The redirects are configured for only the base URL so http://forums.turbobricks.com >> https://forums.tbforums.com, but http://forums.turbobricks.com/something.php just loads without redirecting.
3) Similarly, the base URL paths such as this catch-all http://turbobricks.com/lskj don't redirect, but simple http://turbobricks.com/ redirects to https://tbforums.com/ just fine. If I had to guess, it's the same rule in play here.
4) Not my desire, but if you really want to move forward with basically killing off the old domain with all the strengths it has, then all you really need to do is fix the redirects so they work for paths too, and keep the paths
5) Here's mine for Apache2, I believe Nginx is similar, no idea on IIS:
^ the trailing slash is important IIRC. Similarly for forcing www to not exist I have:
Again, trailing slashes important, and this configuration has to come AFTER other configurations - it's a catch all that says "www.freeems.org >> freeems.org" explicitly (and redundantly) and "*.freeems.org (that we didn't already match in other config) >> freeems.org, hence www being redundant as * would match that like it would match omgwtfbbq.freeems.org
Basically you're currently serving all pages to at least 4 different distinct domains, and that's bad practice for a bunch of reasons. With the redirects sorted it can all be on one or two (I'd keep turbobricks.com separate by using the forums. subdomain, but that's your call).
Hope that helps.
None of my (low traffic) sites are HTTPS but my sites are not insecure, nor is my server, no one can come and attack it for sport (well, they can try), it's just the connections between server and user that are weak (privacy of passwords or PMs, for eg, one might argue weakly "what's the difference" re "security" PM vs "security" post, in this case). PS, the word security is not in my thread, because that's not what it's about.
In bullets:
- Thanks for translating Jack's post for me, but he's very very wrong about me
- Russian bots don't have 9 years forum membership - 1 less than you, 2 more than Jack - but who cares...
- Russian bots don't have 10 years open source community oriented site hosting experience/trackrecord
- I have NO desire to have any database access - sharing this with anyone at all would be a massive breach of trust.
- I have NO desire to hold anything that might give me power over this domain - I don't have time to run it, anyway, and I'm not the right person - but I do have time to help, if needed, eg the tail end of this post
- I like the mostly hands-off way this site is run, far better than most other forums with entrenched nazi moderators. 10/10.
- I posted because I noticed the multiple domain issue pointing in various directions with various redirects and wanted to voice my opinion that, in the hope that it would be heard and help.
- I then (after posting my thread, because of the 1 day filter) read in this thread the reason it was done and am still curious if that's necessary or not, but it explains it, which helps settle my soul.
It's laughable that you say posting that the site doesn't have HTTPS/SSL/TLS is somehow informing anyone that's looking at it that there's a vulnerability. Laughable on many levels. Not least of which is that if they're looking at it, they *already know* what protocol it uses. But also that it's *not* a vulnerability. HTTPS/SSL/TLS is a service to users, primarily. A privacy one. It has other benefits, too, but...
=======================================================
And because I refuse to post again without it being useful, a few questions/bits of advice that don't require me to hold any privileged information whatsoever:
1) Which server software? Apache2? Nginx? IIS? Other?
2) The redirects are configured for only the base URL so http://forums.turbobricks.com >> https://forums.tbforums.com, but http://forums.turbobricks.com/something.php just loads without redirecting.
3) Similarly, the base URL paths such as this catch-all http://turbobricks.com/lskj don't redirect, but simple http://turbobricks.com/ redirects to https://tbforums.com/ just fine. If I had to guess, it's the same rule in play here.
4) Not my desire, but if you really want to move forward with basically killing off the old domain with all the strengths it has, then all you really need to do is fix the redirects so they work for paths too, and keep the paths
5) Here's mine for Apache2, I believe Nginx is similar, no idea on IIS:
Code:
RedirectPermanent /forums/ http://forum.diyefi.org/^ the trailing slash is important IIRC. Similarly for forcing www to not exist I have:
Code:
<VirtualHost *:80>
ServerName www.freeems.org
ServerAlias *.freeems.org
RedirectPermanent / http://freeems.org/
</VirtualHost>Again, trailing slashes important, and this configuration has to come AFTER other configurations - it's a catch all that says "www.freeems.org >> freeems.org" explicitly (and redundantly) and "*.freeems.org (that we didn't already match in other config) >> freeems.org, hence www being redundant as * would match that like it would match omgwtfbbq.freeems.org
Basically you're currently serving all pages to at least 4 different distinct domains, and that's bad practice for a bunch of reasons. With the redirects sorted it can all be on one or two (I'd keep turbobricks.com separate by using the forums. subdomain, but that's your call).
Hope that helps.
swedefiend
...
- Joined
- Jul 30, 2004
You seem to know just enough to be dangerous...
I agree. Things like this are best PM'D.
NotSoFresh
Sick ****** T-Brick Prick
- Joined
- Aug 22, 2008
- Location
- gangcouver
Awesome. Since you seem to want a pissing contest:
FYI I got my first email addy in '89. I started my first dialup bbs in '90. First computer job was in research and development of touchscreen based data acquisition systems for oil rigs in '97. Mcse and Cne certification in 98. In '02 spent 5 years as lead tech at large adult content web host. I had 25 t3 lines into my rack...Then it was tech for a large (100+ students) auto desk school for a few years. In addition, I started and ran several successful gaming cafes in the late 90's and early aughts.
After over 20 year in the industry I left because I was tired of knowitall geeks.
By my math, I have over double the experience you do, but who is counting.
Back to volvos
Last edited:
NotSoFresh
Sick ****** T-Brick Prick
- Joined
- Aug 22, 2008
- Location
- gangcouver
AHEM:
Title of thread: "Forum is NOT secure"..........
First post:
I'm confused. How is that second to last one is not instructions of a possible way to hack the site, posted in a thread about how it is not secure???????
You talk about not instulting people yet you call them irresponsible
This implies that if the mods don't do it the way you say, they are immature and irresponsible. It is their house. If you came into my house and told me i was immature and irresponsible in front of my guests, it would not turn out good for you.
swedefiend
...
- Joined
- Jul 30, 2004
I digress. Fred seems to have relevant experience.
But, in the interest of the mods having first chance opportunity to examine forum flaws... I again say - PM is best.
Jack
junkman
- Joined
- Jul 7, 2011
- Location
- The Ass Cheek Of History
relax a little bit Francis.
I still think it was the Obama's elfs along with Russian spy bots.
for proof PM me
ps. HOW DO YOU KNOW SO MUCH ABOUT RUSSIAN BOTS ?
I still think it was the Obama's elfs along with Russian spy bots.
for proof PM me
ps. HOW DO YOU KNOW SO MUCH ABOUT RUSSIAN BOTS ?
FreeEMSFred
New member
- Joined
- Nov 2, 2009
- Location
- Kiwiland
In bullets:
So:
I've read this one, and the 2018 maintenance one, my own one (to check to ensure you were wrong), and sent my donation in, and I see reasons (valid or otherwise) for everything I've observed. I just hope in the end it is resolved in the optimum way (as per my view of the world, with a sensible tb.xyz domain).
I was only trying to help, which someone else posted earlier, was likely my first mistake
Anyway, the 20 bucks should help, even if the posts don't... SUCCESS!
swedefiend, re the answer to my "which server" question, yes, private, however the question is harmless, unless the asked are naive. I'll give them the benefit of the doubt and avoid directly publicly asking such details in future. All good.
Back to Volvos. I just got home in my Polaris clad 940 wagon, wife driving, and she's improving
- NotSoFresh, the word "irresponsible" is not in my posts. Only yours.
- NotSoFresh, great pissing, 'cept it's into the wind. I could not care less. Your credentials don't excuse your confusion about threads and who's posting in them with what. Looks like we started on computers about the same year You may have beaten me by a few months, que triste.
- NotSoFresh, MY thread (which is not this one, but is linked in my first post in this one IIRC, or a later one, if I don't) not this thread, does not have the word security in it.
So:
- I've made NO comment as to the posts of the OP of this thread, whatsoever (well, except that the SSL thing is a good idea, and starting such a thread to push it forward is equally).
- I have made comments about the SNR of this thread due to people being funny. It makes it difficult to follow the relevant content about getting the issues resolved.
- I also generally like the humour stuff, but I feel like a technical thread is the wrong place for it. My 2c.
I've read this one, and the 2018 maintenance one, my own one (to check to ensure you were wrong), and sent my donation in, and I see reasons (valid or otherwise) for everything I've observed. I just hope in the end it is resolved in the optimum way (as per my view of the world, with a sensible tb.xyz domain).
I was only trying to help, which someone else posted earlier, was likely my first mistake
Anyway, the 20 bucks should help, even if the posts don't... SUCCESS! swedefiend, re the answer to my "which server" question, yes, private, however the question is harmless, unless the asked are naive. I'll give them the benefit of the doubt and avoid directly publicly asking such details in future. All good.
Back to Volvos. I just got home in my Polaris clad 940 wagon, wife driving, and she's improving
Jack
junkman
- Joined
- Jul 7, 2011
- Location
- The Ass Cheek Of History
I didnt want to respond to this earlier because on mobile editing sucks...
I said this
and somehow you got it into your head I was talking about you WTF?
edit .. only a Russian bot would go out the way to spread fake news like this to try and cover-up their security breach
FreeEMSFred
New member
- Joined
- Nov 2, 2009
- Location
- Kiwiland
Reasonable assumption - 1.5 weeks no posts, I post, you reply. 'nough said.
SlowRide
Cold War Crumple Zones
- Joined
- Aug 21, 2008
- Location
- FLORI-DERP
This some Mall Ninja ish right hurr.
Jack
junkman
- Joined
- Jul 7, 2011
- Location
- The Ass Cheek Of History
because the thread got bumped you dummy
2
240240
Guest
wat dis? Did I get hacked for posting here?
Jack
junkman
- Joined
- Jul 7, 2011
- Location
- The Ass Cheek Of History
2
240240
Guest
Jack
junkman
- Joined
- Jul 7, 2011
- Location
- The Ass Cheek Of History
2
240240
Guest
I'll raise you some Logan's run.
boostdemon
creative mastermind
- Joined
- May 31, 2002
- Location
- Cary, NC
Dunno why more drama.
I own tbforums.com ... i have an ssl cert there. I have 301 perm redirected turbobricks.* to https://forums.tbforums.com for now. Its all a temporary measure until more things get sorted. I will be dropping the a-record 'forums' in the future anyway.
I own tbforums.com ... i have an ssl cert there. I have 301 perm redirected turbobricks.* to https://forums.tbforums.com for now. Its all a temporary measure until more things get sorted. I will be dropping the a-record 'forums' in the future anyway.