Welcome to ECCIE, become a part of the fastest growing adult community. Take a minute & sign up!

Welcome to ECCIE - Sign up today!

Become a part of one of the fastest growing adult communities online. We have something for you, whether you’re a male member seeking out new friends or a new lady on the scene looking to take advantage of our many opportunities to network, make new friends, or connect with people. Join today & take part in lively discussions, take advantage of all the great features that attract hundreds of new daily members!

Go Premium

Go Back   ECCIE Worldwide > General Interest > Technical Questions
test
Technical Questions Even the most computer-savvy may have technical questions regarding navigation of the site. Ask it here! If you have an answer, be our guest! (For further assistance, contact your local moderator or see the "Emails to the Staff" post in the Questions for the Staff city forums)

Most Favorited Images
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
Most Liked Images
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
  • Thumb
Top Reviewers
cockalatte 646
MoneyManMatt 490
Still Looking 399
samcruz 399
Jon Bon 396
Harley Diablo 377
honest_abe 362
DFW_Ladies_Man 313
Chung Tran 288
lupegarland 287
nicemusic 285
You&Me 281
Starscream66 279
George Spelvin 265
sharkman29 255
Top Posters
DallasRain70793
biomed163231
Yssup Rider60927
gman4453294
LexusLover51038
offshoredrilling48646
WTF48267
pyramider46370
bambino42577
CryptKicker37215
The_Waco_Kid37006
Mokoa36496
Chung Tran36100
Still Looking35944
Mojojo33117

Reply
 
Thread Tools
Old 07-10-2018, 10:42 PM   #1
Zollner
BANNED
 
Zollner's Avatar
 
Join Date: Jan 21, 2016
Location: Upstate NY
Posts: 4,165
Encounters: 64
Default What happened last night?

Glad to see site back up and running.
Last night site started acting erratic then went down for the night. Couldn't get back on.

Kept getting this message: This site can’t be reached www.eccie.net’s server IP address could not be found.

Anyone know what happened?
Zollner is offline   Quote
Old 07-11-2018, 01:31 PM   #2
Souper
Valued Poster
 
Join Date: Jan 18, 2010
Location: Tyler
Posts: 655
Encounters: 4
Default

Shady Admins wont tell anyone what happened. I warned people on my other account (dotwannagotojail) and they banned me -- even though I saved them from massive breach.

Basicly, Eccie Administration, for some unknown reason, enabled Apache Server-status via /etc/httpd/conf/httpd.conf; server-status is typically never public facing or accessible by external IP addresses, but Eccie enabled it. Server-status logs and parses every request sent to and from the server. With the myriad of SSL misconfiguration, it's not difficult to leverage server-status.

After I reported the misconfigurations, I was banned. Because whores are staff -- another puzzling decision. Webair/Eccie administation began logging and parsing Server-status just as an attacker would. I suspect they realized they're complete and utter morons so they shut down shop and modified Server-status, which is still active http://eccie.net/server-status. This time, they created a whitelist -- which is still flawed. And the fun goes on
Souper is offline   Quote
Old 07-11-2018, 07:45 PM   #3
The_Waco_Kid
AKA Admiral Waco Kid
 
The_Waco_Kid's Avatar
 
Join Date: Jan 8, 2010
Location: The MAGA Zone
Posts: 37,006
Encounters: 1
Default

Quote:
Originally Posted by Souper View Post
Shady Admins wont tell anyone what happened. I warned people on my other account (dotwannagotojail) and they banned me -- even though I saved them from massive breach.

Basicly, Eccie Administration, for some unknown reason, enabled Apache Server-status via /etc/httpd/conf/httpd.conf; server-status is typically never public facing or accessible by external IP addresses, but Eccie enabled it. Server-status logs and parses every request sent to and from the server. With the myriad of SSL misconfiguration, it's not difficult to leverage server-status.

After I reported the misconfigurations, I was banned. Because whores are staff -- another puzzling decision. Webair/Eccie administation began logging and parsing Server-status just as an attacker would. I suspect they realized they're complete and utter morons so they shut down shop and modified Server-status, which is still active http://eccie.net/server-status. This time, they created a whitelist -- which is still flawed. And the fun goes on
you do know that multiple handles are not allowed yeah? the account you are posting with now shows 2010 as the creation date. you've been on the site for 8 years and don't know this?

you should be lucky they didn't ban all your handles.

now for secure socket layer (SSL) and http.conf file edits, who made them? eccie admin's or the hosting site webair? the site was not responding for awhile. was that the reason? did they eventually have to reboot? given the uptime displayed, yes. but it could have been a dozen things. the linux server could have become cpu bound or memory bound, meaning it had to page out to paging space. either usually requires a reboot, one of the few times a unix server must be rebooted.

either or both of those conditions also affects access. in the old days it was telnet, now it's ssh connections that won't respond. or http web pages. how do you know for certain that the server didn't have a runaway process that caused it to become unresponsive, paging out all the memory and even via a console admin ILO connection wasn't available? even if it was, if you could get root you'd likely get a "fork failure not enough memory" to do a kill -9 on a process or issue shutdown or reboot. then you just reset the server via the console.

now is there an exploit for apache server status? yeah, there is an exploit for everything. is this a high level issue? probably not.

"As a penetration tester, I believe that without an actual PoC, the attack would be theoretical, simple as that. PoC || GO is the rule of the game."


http://blog.mazinahmed.net/2017/01/e...instances.html


last, the ip address listed in apache server status is actually webair, yeah? you do know that, right? so .. where is the real exploit?


https://dig.whois.com.au/whois/173.239.50.101


Tools:
Raw WHOIS Data

# # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # If you see inaccuracies in the results, please report at # https://www.arin.net/resources/whois...ing/index.html # NetRange: 173.239.0.0 - 173.239.59.255 CIDR: 173.239.32.0/20, 173.239.0.0/19, 173.239.56.0/22, 173.239.48.0/21 NetName: WEBAIRINTERNET8 NetHandle: NET-173-239-0-0-1 Parent: NET173 (NET-173-0-0-0-0) NetType: Direct Allocation OriginAS: AS27257 Organization: Webair Internet Development Company Inc. (WAIR) RegDate: 2010-03-30 Updated: 2017-02-14 Comment: rwhois://rwhois.webair.com:4321 Ref: https://whois.arin.net/rest/net/NET-173-239-0-0-1 OrgName: Webair Internet Development Company Inc. OrgId: WAIR Address: 501 Franklin Avenue Address: Suite 200 City: Garden City StateProv: NY PostalCode: 11530 Country: US RegDate: 2001-03-12 Updated: 2017-05-03 Comment: Reassignment information for this block is available at rwhois.webair.com port 4321 Ref: https://whois.arin.net/rest/org/WAIR ReferralServer: rwhois://rwhois.webair.com:4321 OrgAbuseHandle: ABUSE2550-ARIN OrgAbuseName: Abusehandle OrgAbusePhone: +1-516-938-4100 OrgAbuseEmail: abuse@webair.com OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE2550-ARIN OrgTechHandle: ZW64-ARIN OrgTechName: IPAdmin-Webair OrgTechPhone: +1-516-938-4100 OrgTechEmail: sagi.brody@webair.com OrgTechRef: https://whois.arin.net/rest/poc/ZW64-ARIN OrgNOCHandle: ZW64-ARIN OrgNOCName: IPAdmin-Webair OrgNOCPhone: +1-516-938-4100 OrgNOCEmail: sagi.brody@webair.com OrgNOCRef: https://whois.arin.net/rest/poc/ZW64-ARIN RTechHandle: ZW64-ARIN RTechName: IPAdmin-Webair RTechPhone: +1-516-938-4100 RTechEmail: sagi.brody@webair.com RTechRef: https://whois.arin.net/rest/poc/ZW64-ARIN RAbuseHandle: WEBAI1-ARIN RAbuseName: Webair RAbusePhone: +1-516-938-4100 RAbuseEmail: abuse@webair.com RAbuseRef: https://whois.arin.net/rest/poc/WEBAI1-ARIN RNOCHandle: ZW64-ARIN RNOCName: IPAdmin-Webair RNOCPhone: +1-516-938-4100 RNOCEmail: sagi.brody@webair.com RNOCRef: https://whois.arin.net/rest/poc/ZW64-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # If you see inaccuracies in the results, please report at # https://www.arin.net/resources/whois...ing/index.html # so what does displaying the hosting site really get you?
# available at https://www.arin.net/whois_tou.html NetRange 173.239.0.0 - 173.239.59.255 CIDR 173.239.32.0/20, 173.239.0.0/19, 173.239.56.0/22, 173.239.48.0/21 NetName WEBAIRINTERNET8 NetHandle NET-173-239-0-0-1 Parent NET173 (NET-173-0-0-0-0) NetType Direct Allocation OriginAS AS27257 Organization Webair Internet Development Company Inc. (WAIR) RegDate 2001-03-12 Updated 2017-05-03 Comment Reassignment information for this block is available at rwhois.webair.com port 4321 Ref https://whois.arin.net/rest/org/WAIR OrgName Webair Internet Development Company Inc. OrgId WAIR Address Suite 200 City Garden City StateProv NY PostalCode 11530 Country US ReferralServer rwhois://rwhois.webair.com:4321 OrgAbuseHandle ABUSE2550-ARIN OrgAbuseName Abusehandle OrgAbusePhone +1-516-938-4100 OrgAbuseEmail abuse@webair.com OrgAbuseRef https://whois.arin.net/rest/poc/ABUSE2550-ARIN OrgTechHandle ZW64-ARIN OrgTechName IPAdmin-Webair OrgTechPhone +1-516-938-4100 OrgTechEmail sagi.brody@webair.com OrgTechRef https://whois.arin.net/rest/poc/ZW64-ARIN OrgNOCHandle ZW64-ARIN OrgNOCName IPAdmin-Webair OrgNOCPhone +1-516-938-4100 OrgNOCEmail sagi.brody@webair.com OrgNOCRef https://whois.arin.net/rest/poc/ZW64-ARIN RTechHandle ZW64-ARIN RTechName IPAdmin-Webair RTechPhone +1-516-938-4100 RTechEmail sagi.brody@webair.com RTechRef https://whois.arin.net/rest/poc/ZW64-ARIN RAbuseHandle WEBAI1-ARIN RAbuseName Webair RAbusePhone +1-516-938-4100 RAbuseEmail abuse@webair.com RAbuseRef https://whois.arin.net/rest/poc/WEBAI1-ARIN RNOCHandle ZW64-ARIN RNOCName IPAdmin-Webair RNOCPhone +1-516-938-4100 RNOCEmail sagi.brody@webair.com RNOCRef https://whois.arin.net/rest/poc/ZW64-ARIN


so where is this super dangerous exploit you speak of?

and how do you know for certain that's why the site was unresponsive last night?

and about that other handle? it appears you've only had a "soft" ban, at least so far. a banned member does not show up in member search. that handle doesn't.

https://www.eccie.net/memberlist.php?do=getall

Sorry - no matches. Please try some different terms.

strike one.

in this thread you posted as dotwannagotojail

https://www.eccie.net/showpost.php?p...0&postcount=96

banned members can't receive pm's. this handle can't.

strike two.

the only thing missing is BANNED under your handle.strike three.
Attached Images
File Type: jpg Capture.JPG (38.1 KB, 161 views)
The_Waco_Kid is offline   Quote
Old 07-11-2018, 10:16 PM   #4
Souper
Valued Poster
 
Join Date: Jan 18, 2010
Location: Tyler
Posts: 655
Encounters: 4
Default

"now is there an exploit for apache server status? yeah, there is an exploit for everything. is this a high level issue? probably not. "


Are you kidding? Every request to and from the server can be logged. Add the fact that SSL is misconfigured-- that's a recipe for disaster. I'm having a hard time understanding anything you're saying. Think you're spewing buzzwords. Want POC? I can show you POC. Contact me on discord (Yes Indeed#3470).
Souper is offline   Quote
Old 07-11-2018, 10:22 PM   #5
The_Waco_Kid
AKA Admiral Waco Kid
 
The_Waco_Kid's Avatar
 
Join Date: Jan 8, 2010
Location: The MAGA Zone
Posts: 37,006
Encounters: 1
Default

[QUOTE=Souper;1060736299]
Quote:
Originally Posted by The_Waco_Kid View Post
/QUOTE]
Are you kidding? Every request to and from the server can be logged. Add the fact that SSL is misconfigured-- that's a recipe for disaster.
no i'm not kidding, prove it. i've been waiting for your reply. i found one "theoretical" exploit and dozens of articles on how to turn on this very feature. so if it's such an exploit, why is there so many tech articles on how to turn it on?

do you deny that the apache logging you speak of only points back to the hosting site? which is easily known to begin with?

show me the exploit you are talking about.


and while you are at it, show me that this is why the site was unavailable for about 8 hours? it could have been a dozen other reasons.

oh and one more thing. let's discuss why you really got your other handle banned? could it be this post where you offered to provide real world info?

"I'm sure some girls have his emails and phone numbers; for a little bit of pocket change I'll hand over an accurate and CURRENT address, name, phone number, and anything else you can imagine"


https://www.eccie.net/showpost.php?p...0&postcount=96


you claim this is your "other handle", that in itself is a banning offense, outing rw info is a whole 'nother level.
The_Waco_Kid is offline   Quote
Old 07-11-2018, 11:05 PM   #6
Souper
Valued Poster
 
Join Date: Jan 18, 2010
Location: Tyler
Posts: 655
Encounters: 4
Default

[QUOTE=The_Waco_Kid;1060736321]
Quote:
Originally Posted by Souper View Post

no i'm not kidding, prove it. i've been waiting for your reply. i found one "theoretical" exploit and dozens of articles on how to turn on this very feature. so if it's such an exploit, why is there so many tech articles on how to turn it on?

do you deny that the apache logging you speak of only points back to the hosting site? which is easily known to begin with?

show me the exploit you are talking about.


and while you are at it, show me that this is why the site was unavailable for about 8 hours? it could have been a dozen other reasons.

oh and one more thing. let's discuss why you really got your other handle banned? could it be this post where you offered to provide real world info?

"I'm sure some girls have his emails and phone numbers; for a little bit of pocket change I'll hand over an accurate and CURRENT address, name, phone number, and anything else you can imagine"


https://www.eccie.net/showpost.php?p...0&postcount=96


you claim this is your "other handle", that in itself is banning offense, outing rw info is a whole 'nother level.
You're 100% wrong. Yes, the Apache log wasn't exclusive to internal IPs and SEO cralwers until the website went down. Coincidence? I left my contact info in the post. I'll gladly provide POC off the public forum
Souper is offline   Quote
Old 07-11-2018, 11:25 PM   #7
The_Waco_Kid
AKA Admiral Waco Kid
 
The_Waco_Kid's Avatar
 
Join Date: Jan 8, 2010
Location: The MAGA Zone
Posts: 37,006
Encounters: 1
Default

[QUOTE=Souper;1060736401]
Quote:
Originally Posted by The_Waco_Kid View Post

You're 100% wrong. Yes, the Apache log wasn't exclusive to internal IPs and SEO cralwers until the website went down. Coincidence? I left my contact info in the post. I'll gladly provide POC off the public forum

no proof? you are wrong. i know what you are by how you replied. you are a web admin/web programmer. i'm a unix sys admin. i've met dozens of your type who think you know the operating system. if i knew any who really did and gave me a $100 i'd be rich.

well, i am sorta rich but i'm always interested in more money to invest.


but you can't prove one word of what you claim. your log example by your own admission proves i'm right. there is nothing in that which is exploitable other than back to the hosting site itself.

you could simply run a denial of service attack on eccie.net and have better results. nice try but you can't prove what you claim, certainly not from some apache service log. and you know it.
The_Waco_Kid is offline   Quote
Old 07-12-2018, 12:18 AM   #8
Souper
Valued Poster
 
Join Date: Jan 18, 2010
Location: Tyler
Posts: 655
Encounters: 4
Default

[QUOTE=The_Waco_Kid;1060736444]
Quote:
Originally Posted by Souper View Post


no proof? you are wrong. i know what you are by how you replied. you are a web admin/web programmer. i'm a unix sys admin. i've met dozens of your type who think you know the operating system. if i knew any who really did and gave me a $100 i'd be rich.

well, i am sorta rich but i'm always interested in more money to invest.


but you can't prove one word of what you claim. your log example by your own admission proves i'm right. there is nothing in that which is exploitable other than back to the hosting site itself.

you could simply run a denial of service attack on eccie.net and have better results. nice try but you can't prove what you claim, certainly not from some apache service log. and you know it.

Ya. Now I know you're clueless. Until last night EVERY request was being logged in server-status. And like I said, SSL misconfiguration made it worse. Session hashes, plaintext passwords, password reset links, they were all visible.
Souper is offline   Quote
Old 07-12-2018, 12:39 AM   #9
The_Waco_Kid
AKA Admiral Waco Kid
 
The_Waco_Kid's Avatar
 
Join Date: Jan 8, 2010
Location: The MAGA Zone
Posts: 37,006
Encounters: 1
Default

[QUOTE=Souper;1060736515]
Quote:
Originally Posted by The_Waco_Kid View Post


Ya. Now I know you're clueless. Until last night EVERY request was being logged in server-status. And like I said, SSL misconfiguration made it worse. Session hashes, plaintext passwords, password reset links, they were all visible.
prove it. some Apache log doesn't show it. where is the screen cap of it?

better still .. PM me my password. i tried several times to login during the outage, and right before the outage. i was logged in when the outage happened. it should be captured, right?

so PM me my own password.

you are what i said you are. a web programmer who thinks he knows the linux os. but doesn't.
The_Waco_Kid is offline   Quote
Old 07-12-2018, 12:54 AM   #10
Souper
Valued Poster
 
Join Date: Jan 18, 2010
Location: Tyler
Posts: 655
Encounters: 4
Default

[QUOTE=The_Waco_Kid;1060736627]
Quote:
Originally Posted by Souper View Post

prove it. some Apache log doesn't show it. where is the screen cap of it?

better still .. PM me my password. i tried several times to login during the outage, and right before the outage. i was logged in when the outage happened. it should be captured, right?

so PM me my own password.

you are what i said you are. a web programmer who thinks he knows the linux os. but doesn't.
I have over a million requests logged; in fact, this isn't even my account

PM sent
Souper is offline   Quote
Old 07-12-2018, 01:56 AM   #11
The_Waco_Kid
AKA Admiral Waco Kid
 
The_Waco_Kid's Avatar
 
Join Date: Jan 8, 2010
Location: The MAGA Zone
Posts: 37,006
Encounters: 1
Default

[QUOTE=Souper;1060736645]
Quote:
Originally Posted by The_Waco_Kid View Post

I have over a million requests logged; in fact, this isn't even my account

PM sent

i got your pm. i replied. red herring. good night.
The_Waco_Kid is offline   Quote
Old 07-12-2018, 09:28 AM   #12
Souper
Valued Poster
 
Join Date: Jan 18, 2010
Location: Tyler
Posts: 655
Encounters: 4
Default

Looks like I was rigght
Souper is offline   Quote
Old 07-13-2018, 10:40 PM   #13
Zollner
BANNED
 
Zollner's Avatar
 
Join Date: Jan 21, 2016
Location: Upstate NY
Posts: 4,165
Encounters: 64
Default

Well much info posted about why this happened that is beyond me.
Does this mean attacks like this, shutting the site can continue or can this vulnerability be patched?
Zollner is offline   Quote
Reply



AMPReviews.net
Find Ladies
Hot Women

Powered by vBulletin®
Copyright © 2009 - 2016, ECCIE Worldwide, All Rights Reserved