You are not logged in.

#1 2013-01-20 21:48:12

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 5,661

[solved] Arch at whirelez1.appspot.com?

I just ended up on a forum thread where I appeared not to be logged in. I thought maybe the tab was stale but clicking a link got the same result. Navigating to the login page, I was about to login when I started to get suspicious.

I had ended up at https://whirelez1.appspot.com/bbs.archl … /login.php. Is this expected? Maybe I am simply being overly paranoid? (Though I suspect not paranoid enough...)

Last edited by cfr (2013-01-21 01:44:32)


How To Ask Questions The Smart Way | Help Vampires

Arch Linux | x86_64 | GPT | EFI boot | grub2 | systemd | LVM2 on LUKS
Lenovo x121e | Intel(R) Core(TM) i3-2367M CPU @ 1.40GHz GenuineIntel | Intel Centrino Wireless-N 1000 | US keyboard with Euro | 320G 7200 RPM Seagate HDD

Offline

#2 2013-01-20 22:03:03

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,275
Website

Re: [solved] Arch at whirelez1.appspot.com?

Looking at just https://whirelez1.appspot.com/ suggests that someone is running a proxy server at that site, so you're probably still accessing the "real" site, but via that person(s) proxy. It appears you can type anything after the domain and it will proxy it for you. For example:
https://whirelez1.appspot.com/www.wstar.com.au
https://whirelez1.appspot.com/news.com.au
https://whirelez1.appspot.com/huskfw.info

Personally, I wouldn't trust it.

Last edited by fukawi2 (2013-01-20 22:03:17)

Offline

#3 2013-01-20 22:09:08

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 5,661

Re: [solved] Arch at whirelez1.appspot.com?

I don't and don't plan to. I did a google search on whirelez1.appspot.com and did not like the look of the results one little bit.

Had I actually logged in, would my login credentials have been sent to Arch or whirelez1? I realise that if it was a true proxy, they would go to Arch, basically, but presumably there's no guarantee of that? Presumably I didn't appear to be logged in because Arch saw the connection from the proxy rather than from my current ip?

I always find this stuff rather confusing/alarming.

EDIT: If it is a proxy, should it really have shown up in google's results in the first place? I think I ended up there because I used google to search for a post I'd made some time ago in a 20 page thread. I didn't want to search 20 pages so I put the thread subject, my username and maybe archlinux into google and then didn't pay enough attention to the details of the urls in the results.

Last edited by cfr (2013-01-20 22:11:40)


How To Ask Questions The Smart Way | Help Vampires

Arch Linux | x86_64 | GPT | EFI boot | grub2 | systemd | LVM2 on LUKS
Lenovo x121e | Intel(R) Core(TM) i3-2367M CPU @ 1.40GHz GenuineIntel | Intel Centrino Wireless-N 1000 | US keyboard with Euro | 320G 7200 RPM Seagate HDD

Offline

#4 2013-01-20 22:40:13

Pierre
Developer
From: Bonn
Registered: 2004-07-05
Posts: 1,950
Website

Re: [solved] Arch at whirelez1.appspot.com?

If you try to login on that site the password is send to them and not us. So yes, this site is perfect for phishing and stealing passwords.

Offline

#5 2013-01-20 23:01:30

fukawi2
Forum Moderator
From: .vic.au
Registered: 2007-09-28
Posts: 5,275
Website

Re: [solved] Arch at whirelez1.appspot.com?

cfr wrote:

Had I actually logged in, would my login credentials have been sent to Arch or whirelez1? I realise that if it was a true proxy, they would go to Arch, basically, but presumably there's no guarantee of that? Presumably I didn't appear to be logged in because Arch saw the connection from the proxy rather than from my current ip?

Just to clarify, with ANY proxy (legitimate or otherwise), your username/password would first go to the proxy, then to the 'correct' server. The server would only see the traffic from the proxy server and not know that you even exist at a completely different computer (subject to headers inserted into the request by the proxy server).

cfr wrote:

EDIT: If it is a proxy, should it really have shown up in google's results in the first place? I think I ended up there because I used google to search for a post I'd made some time ago in a 20 page thread. I didn't want to search 20 pages so I put the thread subject, my username and maybe archlinux into google and then didn't pay enough attention to the details of the urls in the results.

That's a matter for Google to determine. Since the site is hosted on Google's own App Engine, it probably gets some mojo points just for that to push it up in the results.

Offline

#6 2013-01-20 23:03:29

jasonwryan
Forum & Wiki Admin
From: .nz
Registered: 2009-05-09
Posts: 18,577
Website

Re: [solved] Arch at whirelez1.appspot.com?

Google results are increasingly dominated by this sort of spam. Use DDG.


Arch + dwm   •   Mercurial repos  •   Github

Registered Linux User #482438

Online

#7 2013-01-20 23:11:11

Pierre
Developer
From: Bonn
Registered: 2004-07-05
Posts: 1,950
Website

Re: [solved] Arch at whirelez1.appspot.com?

fukawi2 wrote:
cfr wrote:

Had I actually logged in, would my login credentials have been sent to Arch or whirelez1? I realise that if it was a true proxy, they would go to Arch, basically, but presumably there's no guarantee of that? Presumably I didn't appear to be logged in because Arch saw the connection from the proxy rather than from my current ip?

Just to clarify, with ANY proxy (legitimate or otherwise), your username/password would first go to the proxy, then to the 'correct' server. The server would only see the traffic from the proxy server and not know that you even exist at a completely different computer (subject to headers inserted into the request by the proxy server).

If you client is not compromised a proxy cannot really look into the encrypted https stream. The downside really is that the user has to watch which URL he's actually visiting and if https is enabled. Of course users can overlook this especially if linked in google results; which is what happened here.

Offline

#8 2013-01-20 23:21:29

illusionist
Member
From: localhost
Registered: 2012-04-03
Posts: 498

Re: [solved] Arch at whirelez1.appspot.com?

Typing appspot.com at the url bar leads to google's app engine.
Here.
I am confused. Is it somebody's project or something ?


  Never argue with stupid people,They will drag you down to their level and then beat you with experience.--Mark Twain
@github

Offline

#9 2013-01-21 01:43:38

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 5,661

Re: [solved] Arch at whirelez1.appspot.com?

Pierre wrote:

If you client is not compromised a proxy cannot really look into the encrypted https stream. The downside really is that the user has to watch which URL he's actually visiting and if https is enabled. Of course users can overlook this especially if linked in google results; which is what happened here.

That's something smile. It was definitely using https. (And I don't think my client is compromised.)

I've tried ddg. I really tried to like it but it didn't really fit very well. At least parts of google are available in my preferred language for user interfaces whereas none of ddg is. (I did look at the translation project but the way they are going about it seems to be rather problematic for languages which aren't very like English in multiple ways. For example, they ask you to translate words in isolation and although they may give an example which disambiguates the word, without the context, it is impossible to say how the word should be in many cases. So I don't have much hope on this score.)

Anyway, thanks to everybody who answered.

Last edited by cfr (2013-01-21 01:45:07)


How To Ask Questions The Smart Way | Help Vampires

Arch Linux | x86_64 | GPT | EFI boot | grub2 | systemd | LVM2 on LUKS
Lenovo x121e | Intel(R) Core(TM) i3-2367M CPU @ 1.40GHz GenuineIntel | Intel Centrino Wireless-N 1000 | US keyboard with Euro | 320G 7200 RPM Seagate HDD

Offline

Board footer

Powered by FluxBB