Problem

CJ Ess zxcvbn4038 at gmail.com
Fri Jun 3 17:05:18 UTC 2016


I once knew a guy who convinced someone they had hacked their site by
making a DNS entry to 127.0.0.1. So when the guy tried to access the
"other" site his passwords worked, all his files were there, it was even
running the same software! He made changes on his site and they instantly
appeared on the "other" site. He deleted files off the "other" site and
they were removed from his site - obviously in retaliation!. So after an
hour or so of trying to figure out how his server is being accessed the guy
just goes completely ballistic and starts calling the police and then the
FBI (this was in the US). The FBI did investigate and visited the prankster
in person. He explained what loopback was and how the prank worked, and the
FBI agents thought it was pretty funny - they do have a sense of humor
after all.


On Fri, Jun 3, 2016 at 3:39 AM, Maxim Konovalov <maxim at nginx.com> wrote:

> On 6/3/16 7:33 AM, lists at lazygranch.com wrote:
> > Perhaps in a future release of Nginx, the error pages should not
> > contain any reference to nginx. That is the only way I can figure
> > out this person came up with the idea of complaining to the list.
> > (Assuming this isn't spam to encourage use to click on that website
> > link.)
> >
> Actually, a number of such complains is still surprisingly low.
>
> > I think another mistake is to have the error page indicate the rev
> > of nginx. That is an easy way for someone to spot a vulnerable rev
> > of the nginx on a server.
> >
>
> --
> Maxim Konovalov
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160603/e5396db1/attachment.html>


More information about the nginx mailing list