You are not logged in.
- Topics: Active | Unanswered
#1 2013-01-20 21:48:12
- cfr
- Member
- From: Cymru
- Registered: 2011-11-27
- Posts: 7,152
[solved] Arch at whirelez1.appspot.com?
I just ended up on a forum thread where I appeared not to be logged in. I thought maybe the tab was stale but clicking a link got the same result. Navigating to the login page, I was about to login when I started to get suspicious.
I had ended up at https://whirelez1.appspot.com/bbs.archl … /login.php. Is this expected? Maybe I am simply being overly paranoid? (Though I suspect not paranoid enough...)
Last edited by cfr (2013-01-21 01:44:32)
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
#2 2013-01-20 22:03:03
- fukawi2
- Ex-Administratorino
- From: .vic.au
- Registered: 2007-09-28
- Posts: 6,230
- Website
Re: [solved] Arch at whirelez1.appspot.com?
Looking at just https://whirelez1.appspot.com/ suggests that someone is running a proxy server at that site, so you're probably still accessing the "real" site, but via that person(s) proxy. It appears you can type anything after the domain and it will proxy it for you. For example:
https://whirelez1.appspot.com/www.wstar.com.au
https://whirelez1.appspot.com/news.com.au
https://whirelez1.appspot.com/huskfw.info
Personally, I wouldn't trust it.
Last edited by fukawi2 (2013-01-20 22:03:17)
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
#3 2013-01-20 22:09:08
- cfr
- Member
- From: Cymru
- Registered: 2011-11-27
- Posts: 7,152
Re: [solved] Arch at whirelez1.appspot.com?
I don't and don't plan to. I did a google search on whirelez1.appspot.com and did not like the look of the results one little bit.
Had I actually logged in, would my login credentials have been sent to Arch or whirelez1? I realise that if it was a true proxy, they would go to Arch, basically, but presumably there's no guarantee of that? Presumably I didn't appear to be logged in because Arch saw the connection from the proxy rather than from my current ip?
I always find this stuff rather confusing/alarming.
EDIT: If it is a proxy, should it really have shown up in google's results in the first place? I think I ended up there because I used google to search for a post I'd made some time ago in a 20 page thread. I didn't want to search 20 pages so I put the thread subject, my username and maybe archlinux into google and then didn't pay enough attention to the details of the urls in the results.
Last edited by cfr (2013-01-20 22:11:40)
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
#4 2013-01-20 22:40:13
- Pierre
- Developer
- From: Bonn
- Registered: 2004-07-05
- Posts: 1,964
- Website
Re: [solved] Arch at whirelez1.appspot.com?
If you try to login on that site the password is send to them and not us. So yes, this site is perfect for phishing and stealing passwords.
Offline
#5 2013-01-20 23:01:30
- fukawi2
- Ex-Administratorino
- From: .vic.au
- Registered: 2007-09-28
- Posts: 6,230
- Website
Re: [solved] Arch at whirelez1.appspot.com?
Had I actually logged in, would my login credentials have been sent to Arch or whirelez1? I realise that if it was a true proxy, they would go to Arch, basically, but presumably there's no guarantee of that? Presumably I didn't appear to be logged in because Arch saw the connection from the proxy rather than from my current ip?
Just to clarify, with ANY proxy (legitimate or otherwise), your username/password would first go to the proxy, then to the 'correct' server. The server would only see the traffic from the proxy server and not know that you even exist at a completely different computer (subject to headers inserted into the request by the proxy server).
EDIT: If it is a proxy, should it really have shown up in google's results in the first place? I think I ended up there because I used google to search for a post I'd made some time ago in a 20 page thread. I didn't want to search 20 pages so I put the thread subject, my username and maybe archlinux into google and then didn't pay enough attention to the details of the urls in the results.
That's a matter for Google to determine. Since the site is hosted on Google's own App Engine, it probably gets some mojo points just for that to push it up in the results.
Are you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
#6 2013-01-20 23:03:29
- jasonwryan
- Anarchist
- From: .nz
- Registered: 2009-05-09
- Posts: 30,424
- Website
Re: [solved] Arch at whirelez1.appspot.com?
Google results are increasingly dominated by this sort of spam. Use DDG.
Offline
#7 2013-01-20 23:11:11
- Pierre
- Developer
- From: Bonn
- Registered: 2004-07-05
- Posts: 1,964
- Website
Re: [solved] Arch at whirelez1.appspot.com?
cfr wrote:Had I actually logged in, would my login credentials have been sent to Arch or whirelez1? I realise that if it was a true proxy, they would go to Arch, basically, but presumably there's no guarantee of that? Presumably I didn't appear to be logged in because Arch saw the connection from the proxy rather than from my current ip?
Just to clarify, with ANY proxy (legitimate or otherwise), your username/password would first go to the proxy, then to the 'correct' server. The server would only see the traffic from the proxy server and not know that you even exist at a completely different computer (subject to headers inserted into the request by the proxy server).
If you client is not compromised a proxy cannot really look into the encrypted https stream. The downside really is that the user has to watch which URL he's actually visiting and if https is enabled. Of course users can overlook this especially if linked in google results; which is what happened here.
Offline
#8 2013-01-20 23:21:29
- illusionist
- Member
- From: localhost
- Registered: 2012-04-03
- Posts: 498
Offline
#9 2013-01-21 01:43:38
- cfr
- Member
- From: Cymru
- Registered: 2011-11-27
- Posts: 7,152
Re: [solved] Arch at whirelez1.appspot.com?
If you client is not compromised a proxy cannot really look into the encrypted https stream. The downside really is that the user has to watch which URL he's actually visiting and if https is enabled. Of course users can overlook this especially if linked in google results; which is what happened here.
That's something 
. It was definitely using https. (And I don't think my client is compromised.)
I've tried ddg. I really tried to like it but it didn't really fit very well. At least parts of google are available in my preferred language for user interfaces whereas none of ddg is. (I did look at the translation project but the way they are going about it seems to be rather problematic for languages which aren't very like English in multiple ways. For example, they ask you to translate words in isolation and although they may give an example which disambiguates the word, without the context, it is impossible to say how the word should be in many cases. So I don't have much hope on this score.)
Anyway, thanks to everybody who answered.
Last edited by cfr (2013-01-21 01:45:07)
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline