AnonTalk BBS — Discuss anything anonymously without registration.
Anonymous 4832db6d6a3d25.03464625 started this discussion 2 months (2008-05-20 14:17:12 UTC) ago:
Been trying to get to 7chan, and I keep getting to the American Cancer Society website…anon know why the DNS is pointing elsewhere?
Anonymous 47ae211000a6a8.34833955 replied with this 2 months (2008-05-20 14:23:28 UTC) ago, 6 minutes later (#18,589):
Seems like somebody cracked their server.
Anonymous 4812273fc54ac8.20045296 replied with this 2 months (2008-05-20 15:11:09 UTC) ago, 48 minutes later (#18,594):
Yea just some puterjacking. Happened last night around 1am. Give it a few hours they'll fix it nothing you can do.
Anonymous 48126e66dbc7e0.57107933 replied with this 2 months (2008-05-20 17:24:00 UTC) ago, 2 hours later (#18,632):
Cancer hack was one of the funniest things I've seen in a while
Anonymous 482afc4360d093.46294766 replied with this 2 months (2008-05-20 17:52:02 UTC) ago, 28 minutes later (#18,637):
I lulled
Anonymous 48080fc87b4729.40126190 replied with this 2 months (2008-05-20 18:25:15 UTC) ago, 33 minutes later (#18,651):
7chаn uses Microsoft?! Fail!
7chаn.org 7200 IN A 209.135.47.118
Trying 209.135.47.118…
HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Tue, 20 May 2008 18:12:58 GMT
X-Powered-By: ASP.NET
Location: /docroot/home/index.asp
Connection: Keep-Alive
Content-Length: 144
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCSQBCTSB=DNMKBPFBEBBMBNMDHJPNGJFI; path=/
Cache-control: private
Performing a manual GET of /docroot/home/index.asp
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Tue, 20 May 2008 18:14:12 GMT
X-Powered-By: ASP.NET
Connection: Keep-Alive
Content-Length: 36273
Content-Type: text/html
Cache-control: private
<!doctype HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>American Cancer Society :: Information and Resources for Cancer: Breast, Colon, Prostate, Lung and Other Forms</title>
This page is not a framed redirect offsite, but is served by 7chan (mirrored data).
Anonymous 48331ca2029868.45697165 replied with this 2 months (2008-05-20 18:49:28 UTC) ago, 24 minutes later (#18,658):
It's still not back. :/
Anonymous 48080fc87b4729.40126190 replied with this 2 months (2008-05-20 21:12:02 UTC) ago, 2 hours later (#18,721):
@18,658> It's still not back. :/Did you ever consider that they may have done this to themselves?
Anonymous 48336b1ec49b44.77054023 replied with this 2 months (2008-05-21 00:23:35 UTC) ago, 3 hours later (#18,764):
actually they did do it themselves, talk on their IRC
Anonymous 48336cdfef70b3.85891401 replied with this 2 months (2008-05-21 00:34:07 UTC) ago, 11 minutes later (#18,767):
7chan is offline because all mods and admins got arrested for obstructing justice, they should have forwarded to the police whoever posted or downloaded CP (the ip adresses that is)
Anonymous 48080fc87b4729.40126190 replied with this 2 months (2008-05-21 05:28:42 UTC) ago, 5 hours later (#18,813):
@18,764> actually they did do it themselves, talk on their IRCThat would be my expert opinion, that they did this to themselves — based upon how the page was coming up with manual GET. Still — their server is running Microsoft IIS? Yuck!
@18,767> 7chan is offline because all mods and admins got arrested for obstructing justice, they should have forwarded to the police whoever posted or downloaded CP (the ip adresses that is)You mean they are protecting the anonymity of their users by going to jail rather than willingly violate their own 4th and 5th amendment rights by turning over their logfiles? Awesome! I hope the Sysоp here is just as dedicated to his users as 7chаn appears to be. :-)
Anonymous 48331801728180.37023892 replied with this 2 months (2008-05-21 11:13:46 UTC) ago, 6 hours later (#18,836):
@18,813> Still — their server is running Microsoft IIS? Yuck!That is not how the interwebs work. The DNS lookup redirects to ACS and their server answers with ASP. 7chan runs PHP which not even with IIS will use ASP.
@18,767> 7chan is offline because all mods and admins got arrested for obstructing justice, they should have forwarded to the police whoever posted or downloaded CP (the ip adresses that is)> You mean they are protecting the anonymity of their users by going to jail rather than willingly violate their own 4th and 5th amendment rights by turning over their logfiles? Awesome! I hope the Sysоp here is just as dedicated to his users as 7chаn appears to be. :-)Mods != police || spies
If police wants logs then they could get it but mods are not some deputies who report every crime they see. FBI needs to lurk moar.
Anonymous 48080fc87b4729.40126190 replied with this 2 months (2008-05-21 17:57:30 UTC) ago, 7 hours later (#18,906):
@18,836> That is not how the interwebs work.What you see above (#18,651) is exactly
how the world wide web works — that is a manual GET and a cut/paste of the resultant header information.
You are obviously a n00b wanna-be Internet Expert.> The DNS lookup redirects to ACS and their server answers with ASP.The DNS does NOT redirect anything. The DNS (
Domain
Name
System) simply converts the name into an IP address so your browser can route to the server, the server would then perform any necessary redirects if they were to be done (301 redirect, framed redirect, meta http-equiv="Refresh" redirect or whatever).
> 7chаn runs PHP which not even with IIS will use ASP.The above header information clearly shows that the server hosting 7chаn.org at this moment, is running ASP on the MS-IIS server. It may or may not be the original server (I don't know if the A record has been changed). If you don't believe what you see above, do a manual GET of your own and see for yourself. Here is some fresh data:
Trying 209.135.47.118…
HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Wed, 21 May 2008 17:57:08 GMT
X-Powered-By: ASP.NET
Location: /docroot/home/index.asp
Connection: Keep-Alive
Content-Length: 144
Content-Type: text/html
Cache-control: private
Anonymous 4834acefb84354.15448793 replied with this 1 month (2008-05-21 23:23:24 UTC) ago, 5 hours later (#18,982):
@18,906> I don't know if the A record has been changedThen why don't you check before saying retarded things and making yourself look like an idiot? It's obvious that it's changed. That or it's always been hosted with the American Cancer Society… and somehow, I doubt that.
7chan.org. 7200 IN A 209.135.47.118
cancer.org. 86400 IN A 209.135.47.118
It's funny how the internet works. You change where the DNS points to… and it goes to a different place! Imagine that.
Anonymous 48331801728180.37023892 replied with this 1 month (2008-05-22 07:43:32 UTC) ago, 8 hours later (#19,041):
@18,906YOU ARE DOING YOUR FUCKING GET ON THE ACS SERVER BECAUSE 7CHAN DNS SAID GTFO. ACS RUNS IIS. FFS CHECK THE DNS RECORD BEFORE YOUR TELNET GET.
Anonymous 48080fc87b4729.40126190 replied with this 1 month (2008-05-22 15:44:57 UTC) ago, 8 hours later (#19,102):
@18,982> Then why don't you check before saying retarded things and making yourself look like an idiot?I looked at the PTR record, it was inconclusive — however I didn't cross check cancer.org to see that they match. Not really paying attention to how/where 7chаn was hosted before is why I didn't know, and thus why I made the caveat of not knowing if the A record had been changed. Here is the PTR, and why it seems inconclusive.
209.135.47.118 = 118.47.135.209.in-addr.arpa = mdproacs01-vip0.usi.net
I also looked at the hosting,which tells me nothing.
OrgName: USinternetworking Inc
OrgID: USII
Address: 175 Admiral Cochrane Dr.
City: Annapolis
StateProv: MD
PostalCode: 21401
Country: US
CIDR: 209.135.32.0/19
> It's obvious that it's changed.It's not that obvious, unless you happen to remember the previous PTR or IP (which I don't).
> That or it's always been hosted with the American Cancer Society…There is no indication in the PTR that the IP is assigned to ACS. There should be.
> and somehow, I doubt that.My failure was not cross-checking the A record for cancer.org to the A record for 7chаn.org (assuming nobody would be that stupid). It's one thing to have someone upload CP, common carrier laws protect you. It's another to assign your A record to a large, lawyered-up organization such as the American Cancer Society — and get sued for defamation of character, or perhaps loss of service as well. Right now 7chаn could be sued,
and cancer.org would win. I suppose my greatest failure was assuming 7chаn admins weren't stupid. Let's hope they get a cease order first, and that the 18024 Elgar Ave, Torrance, California address is valid so that they may receive it — otherwise let's hope that the lawyers can never find them. Worst case scenario if the whois information is false — cancer.org petitions the court to have the nameservers removed from the 7chаn.org domain, and the domain permanently locked; just as they did with wikileaks, and many other lesser-known domains over the last few years.
@19,041YOU ARE DOING YOUR FUCKING GET ON THE ACS SERVER BECAUSE 7CHАN DNS SAID GTFO.
I did a manual GET, port 80 on the IP address found in the A record for 7chаn.org but not before doing a reverse lookup to see what the PTR record showed (which was nothing).
> ACS RUNS IIS.That's obvious now. However why IIS doesn't kick you out for using the wrong "HOST:" is puzzling. It should reject all traffic that is not intended for it, or at least one would think so. ☺ Never underestimate the epic fail of Microsoft.
> FFS CHECK THE DNS RECORD BEFORE YOUR TELNET GET.I did, and here it is for everyone to see.
Domain Name:7CHАN.ORG
Name Server:NS1.EVERYDNS.NET
Name Server:NS2.EVERYDNS.NET
Name Server:NS3.EVERYDNS.NET
Name Server:NS4.EVERYDNS.NET
Nothing conclusive there either.
Anonymous 4832f764ae6980.64747230 replied with this 1 month (2008-05-22 15:46:09 UTC) ago, 1 minute later (#19,103):
is
209.135.47.118
the ip address to just cancer.org, or for 7chan's servers?
i assumed that the 7chan link was a redirect, and by putting 7chan's real IP in we can still get to the site.
Anonymous 48080fc87b4729.40126190 replied with this 1 month (2008-05-22 15:58:09 UTC) ago, 12 minutes later (#19,104):
@19,103> is> 209.135.47.118> the ip address to just cancer.org, or for 7chan's servers?No, a manual GET without the HOST: command returns the same page, and the A records match so obviously that IP is assigned to ACS. Cancer.org is configured wrong (or Microsoft IIS is made of fail — take your pick). Dedicated hosting could be set up this way, as it was set up that way in the beginning (back in the early 90's before shared IP hosting).
> i assumed that the 7chan link was a redirect, and by putting 7chan's real IP in we can still get to the site.Does anyone have the old IP used by 7chan before the record change? Obviously I don't.
Non-authoritative answer:
Name: cancer.org
Address: 209.135.47.118
Non-authoritative answer:
Name: 7chаn.org
Address: 209.135.47.118
Anonymous 48080fc87b4729.40126190 replied with this 1 month (2008-05-22 16:02:39 UTC) ago, 5 minutes later (#19,105):
@19,103> i assumed that the 7chan link was a redirectI assumed this as well, since a 301 redirect is perfectly legal. What 7chan did is probably illegal as the court will see it as identity theft, loss of service, and defamation of character — all of which are serious charges. Of course this is only true if ACS bothers to even bring charges. Should this become a media matter however, they most assuredly will.
Anonymous 48080fc87b4729.40126190 replied with this 1 month (2008-05-22 20:52:46 UTC) ago, 5 hours later (#19,187):
@19,103> is 209.135.47.118 the ip address to just cancer.org, or for 7chan's servers?Here's a better explanation, one which I'm sure everyone should appreciate. ☺
http://209.135.47.118/docroot/home/index.aspThe IP is dedicated to the ACS website alone, the HOST: command is not interpreted.
Anonymous 48331801728180.37023892 replied with this 1 month (2008-05-22 21:11:55 UTC) ago, 19 minutes later (#19,193):
It's called a host header on IIS, and without it, i.e. calling by IP, will force IIS responding with the "default website" configured for that IIS.
Anonymous 48080fc87b4729.40126190 replied with this 1 month (2008-05-22 23:21:22 UTC) ago, 2 hours later (#19,249):
@19,193> It's called a host header on IIS, and without it, i.e. calling by IP, will force IIS responding with the "default website" configured for that IIS.This even happens with Apache (IP serving the default website). My question is, why does IIS not reject "HOST: 7chаn.org" as an invalid request?
Anonymous 48080fc87b4729.40126190 replied with this 1 month (2008-05-22 23:45:02 UTC) ago, 24 minutes later (#19,259):
@19,249Again, here is my question, followed with some corroboratory evidence. When a request is made to the IIS server for something other than "cancer.org"
why does it not reject that erroneous request? Below are the headers from my browser's request to 7chan with the content removed for brevity (headers only). Clearly my browser is requesting for 7chаn.org web contents to be returned within the "host:" command.
GET / HTTP/1.1
Host: 7chаn.org
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080404 Iceweasel/2.0.0.14 (Debian-2.0.0.14-0etch1)
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Thu, 22 May 2008 23:29:30 GMT
X-Powered-By: ASP.NET
Location: /docroot/home/index.asp
Content-Length: 144
Content-Type: text/html
Cache-control: private
Anonymous 48331801728180.37023892 replied with this 1 month (2008-05-23 10:28:24 UTC) ago, 11 hours later (#19,332):
@19,259Their IIS is configured to redirect default headerless requests to that document. Since usually all requests are in some form generated by your own DNS pointing to that server that is no wtf. If they instead had stopped or deleted the default site you'd received an "No web site configured at this address.".
In fact they probably have settings
(*) redirection to a url
redirect to: "/…."
[x] the exact url entered above
Now they weren't expecting the spanish inquisition to DNS forward traffic to their site, but on the other hand who ever expects the spanish inquisition?
Anonymous 48080fc87b4729.40126190 replied with this 1 month (2008-05-23 23:16:15 UTC) ago, 13 hours later (#19,475):
@19,332I tested one of my own default Apache servers and it gave a 500 (internal server) error when the HOST: command was wrong for that IP. I am however, configured for shared IP hosting.
Anonymous 48331801728180.37023892 replied with this 1 month (2008-05-24 12:34:52 UTC) ago, 13 hours later (#19,601):
@19,475Status 500 sounds just plain wrong. It should be 404 or 410. 500 will just tell the client that the server fucked up and they might try again later. Maybe you've misconfigured something.
From the Apache docs:
http://httpd.apache.org/docs/2.0/vhosts/name-based.html''Now when a request arrives, the server will first check if it is using an IP address that matches the NameVirtualHost. If it is, then it will look at each <VirtualHost> section with a matching IP address and try to find one where the ServerName or ServerAlias matches the requested hostname. If it finds one, then it uses the configuration for that server. If no matching virtual host is found, then the first listed virtual host that matches the IP address will be used.
As a consequence, the first listed virtual host is the default virtual host. The DocumentRoot from the main server will never be used when an IP address matches the NameVirtualHost directive. If you would like to have a special configuration for requests that do not match any particular virtual host, simply put that configuration in a <VirtualHost> container and list it first in the configuration file.''
Anonymous 4838ec39008130.14061811 replied with this 1 month (2008-05-25 04:40:13 UTC) ago, 16 hours later (#19,761):
Anonymous 4842f4ab854749.12501311 replied with this 1 month (2008-06-01 21:10:21 UTC) ago, 1 week later (#22,275):
Well aren't we just a bunch of little computer experts
© AnonTalk.com 2008