whocaresabout_de

Hi, what's about setting up a secured connection for this forum? At least after the exploitusage. New passwords do not gather any benefit if the registration information as same as the login credentials are beeing send through plaintext through the web. Esp. with the look onto the current and growing size of users logging in here hourly/daily. There should be a kinda responsibility. Currently it surely looks like: USER(plain http) --Users-ISP-- backbone-transit(still plain http) -- cloud-flare(POST/GET data from upstream/backend(still plain http)) -- backbone-transit -- Datacenter(ISP) -- backend-exileforum-webserver Sniffing at some hotspot or compromized any other compromized network or during any transit/portmirror to cloudflare or backendserver... is too easy. Even without spoofing any adresses. ## /root: tcpdump -i em1 -vv -l -A -p tcp port 80 | grep -E -i 'pass=|password=|login=|user=|username=|pass:|password:|user:|username:' tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes Referer: http://exile.majormittens.co.uk/?_fromLogin=1&_fromLogout=1 login__standard_submitted=1&csrfKey=7XXXYZdeadbeef14ef87182cd48cafe2&auth=xyz123%40whocaresabout_de&password=Q1w2e3r4&remember_me=0&remember_me_checkbox=1&signin_anonymous=0 Location: http://exile.majormittens.co.uk/?_fromLogin=1&_fromLogout=1 E....?@.?..j..>ph.o....P<@..`T.%P..w....GET /?_fromLogin=1&_fromLogout=1 HTTP/1.1 Referer: http://exile.majormittens.co.uk/?_fromLogin=1&_fromLogout=1 Referer: http://exile.majormittens.co.uk/?_fromLogin=1&_fromLogout=1 Referer: http://exile.majormittens.co.uk/?_fromLogin=1&_fromLogout=1 ## - frontend connection to cloud-flare should be secured with an valid (non-ev cert) - backend connection to the upstream/originate webserver should be secured at least with a self signed certificate - else transfer to and from cloudflare would be proceed in plaintext I think, even if there is 3rd party content is embedded at this forum(for sure) - doesent matter if pictures, banners, buttons, etc. through an plain link, then the change of the color at browser/url-line is acceptable. Because it provides a general better feeling surfing this forum. Furthermore it would become more positive rated at several seach-engines and their ranking (eg. google/alexa page-ranking) t Whats your opinion about it? -- Free-SSL-Certificates: #1-year valid https://www.startssl.com/ #3-months valid https://letsencrypt.org/

Wird schon wieder werden ;-). Familie ist ohnehin pos. #1, daher auch mit nichts stressen lassen. Gruß

Hi, still pending question to the prev-posters.. ## could you guys maybe specify what Mirrors you have tried that caused "currupt" files? And also provide the exact IP-Address you resolved to? Maybe also some MD5-Checksum? ## Regards

Hi, could you maybe specify what Mirrors you have tried? And also provide the exact IP-Address you resolved to? Maybe also some MD5-Checksum? Regards

Hi, Mirror DE 4# https://cdn.whocaresabout.de/exile/@Exile-1.0.0.zip ## md5sum @Exile-1.0.0.zip d2f84a6ef062278d27794f94589aab71 @Exile-1.0.0.zip ## @ backend host as same as same cached ones at my frontends. Edit: _If_ someone noticed an error or incorrect checksum - concerning to Mirror #4 - please send me a private message with the kind of the error and the resolved IP-Adress during download. -> thanks. greetz

For all those who still did not notice: _all_ http-mirrors serve corrupt client-versions of Exile-1.0.0 expect: ## UK #1 - http://namalsk.thealtisproject.co.uk/exile/@Exile-1.0.0.zip and the not listed: DE - https://cdn.whocaresabout.de/exile/@Exile-1.0.0.zip ## The md5-checksum of the downloaded file has to be: d2f84a6ef062278d27794f94589aab71 Greetings

## https://cdn.whocaresabout.de/exile/@Exile-1.0.0.zip MD5sum: d2f84a6ef062278d27794f94589aab71 ## OR: the UK #1 Mirror. The other ones are corrupted!

Yes, it will have the same issue. discussed here: Just use: ## https://cdn.whocaresabout.de/exile/@Exile-1.0.0.zip MD5sum: d2f84a6ef062278d27794f94589aab71 ##

Maybe possible issue with deploying the file. I can't answer that. I am sure they will when they are available. greetz

There is no "issue" with speed @ the frontends. They are close to idle. He just said that "server" is slow. But he still did not specify the one. Even during last release this "DE-Mirror" was running without issues. Anyway, I see the facts and do not need to argue ;-)

Server? I do not see an issue. Please specify the _exact_ server.. Edit: removed 'dig' output. Regards,

Hi, please check out @ Page2

Hi, check Page 2 ->

Hi, check ->

Well - there. I was able to extract the archive. ## https://cdn.whocaresabout.de/exile/@Exile-1.0.0.zip MD5sum: d2f84a6ef062278d27794f94589aab71 ## Greetz