🌐 Website Issue | That One Privacy Site Compromised? #975
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#975
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
It seems that the "Simple VPN Comparison" has been compromised. There are a ton of VPN services now with green across the board, that I've never heard of. Such as "Fastestvpn" and "MinecraftVPN". F-secure and Norton are also green across the board.
Screenshots
That does appear to be the case. unless it's a coding error with something he's working on and it shouldn't be live yet. But I would say he's been compromised from the looks of it.
I reached out to him via email about this issue, and I'll give him some time to respond.
15 days after making this issue, the comparison still has sketchy entries. I suggest we consider removing the link to his site on our VPN information section.
If he is merely AFK and comes back to fix it, we can re-add.
Yeah, and he's been MIA on Twitter since May 1. I hope he's okay, but his site is certainly compromised at this point.
I ran a vuln scan on the site, it appears the plugin version used to manage the data tables has an SQL injection vulnerability, and unauthenticated shell upload. So yeah the site is definitely fully compromised.
https://gist.github.com/beardog108/49063994ec0ae71c1c83d5c6f875599a
Normally i wouldn't publish something like that publicly without warning, but since we have attempted to contact him and its a trivial publicly known exploit caught by a scanner I think its fine...
https://www.reddit.com/r/privacy/comments/c30ycv/that_one_privacy_site_compromised_june_2019/
He responded on reddit, we can close this issue now as the site is fine and will be fixed:
https://www.reddit.com/r/privacy/comments/c30ycv/that_one_privacy_site_compromised_june_2019/erqbcq9
Maybe respond to your emails next time 😝
Looks good to me.