🌐 Website Issue | That One Privacy Site Compromised? #975

New Issue

Closed

opened 2019-06-05 14:22:32 +00:00 by jingofett · 9 comments

jingofett commented 2019-06-05 14:22:32 +00:00 (Migrated from github.com)

Copy Link

Description

It seems that the "Simple VPN Comparison" has been compromised. There are a ton of VPN services now with green across the board, that I've never heard of. Such as "Fastestvpn" and "MinecraftVPN". F-secure and Norton are also green across the board.

Screenshots

## Description It seems that the "Simple VPN Comparison" has been compromised. There are a ton of VPN services now with green across the board, that I've never heard of. Such as "Fastestvpn" and "MinecraftVPN". F-secure and Norton are also green across the board. ## Screenshots    

danarel commented 2019-06-05 21:26:07 +00:00 (Migrated from github.com)

Copy Link

That does appear to be the case. unless it's a coding error with something he's working on and it shouldn't be live yet. But I would say he's been compromised from the looks of it.

That does appear to be the case. unless it's a coding error with something he's working on and it shouldn't be live yet. But I would say he's been compromised from the looks of it.

👀 2

jonah commented 2019-06-06 02:06:22 +00:00

Copy Link

I reached out to him via email about this issue, and I'll give him some time to respond.

I reached out to him via email about this issue, and I'll give him some time to respond.

❤️ 2

ghost commented 2019-06-20 18:55:58 +00:00 (Migrated from github.com)

Copy Link

15 days after making this issue, the comparison still has sketchy entries. I suggest we consider removing the link to his site on our VPN information section.

If he is merely AFK and comes back to fix it, we can re-add.

15 days after making this issue, the comparison still has sketchy entries. I suggest we consider removing the link to his site on our VPN information section. If he is merely AFK and comes back to fix it, we can re-add.

danarel commented 2019-06-20 18:57:58 +00:00 (Migrated from github.com)

Copy Link

Yeah, and he's been MIA on Twitter since May 1. I hope he's okay, but his site is certainly compromised at this point.

Yeah, and he's been MIA on Twitter since May 1. I hope he's okay, but his site is certainly compromised at this point.

ghost commented 2019-06-20 20:04:39 +00:00 (Migrated from github.com)

Copy Link

I ran a vuln scan on the site, it appears the plugin version used to manage the data tables has an SQL injection vulnerability, and unauthenticated shell upload. So yeah the site is definitely fully compromised.

I ran a vuln scan on the site, it appears the plugin version used to manage the data tables has an SQL injection vulnerability, and unauthenticated shell upload. So yeah the site is definitely fully compromised.

ghost commented 2019-06-20 20:07:34 +00:00 (Migrated from github.com)

Copy Link

https://gist.github.com/beardog108/49063994ec0ae71c1c83d5c6f875599a

Normally i wouldn't publish something like that publicly without warning, but since we have attempted to contact him and its a trivial publicly known exploit caught by a scanner I think its fine...

https://gist.github.com/beardog108/49063994ec0ae71c1c83d5c6f875599a Normally i wouldn't publish something like that publicly without warning, but since we have attempted to contact him and its a trivial publicly known exploit caught by a scanner I think its fine...

ghost commented 2019-06-20 20:17:30 +00:00 (Migrated from github.com)

Copy Link

https://www.reddit.com/r/privacy/comments/c30ycv/that_one_privacy_site_compromised_june_2019/

https://www.reddit.com/r/privacy/comments/c30ycv/that_one_privacy_site_compromised_june_2019/

ghost commented 2019-06-21 23:40:11 +00:00 (Migrated from github.com)

Copy Link

He responded on reddit, we can close this issue now as the site is fine and will be fixed:

https://www.reddit.com/r/privacy/comments/c30ycv/that_one_privacy_site_compromised_june_2019/erqbcq9

He responded on reddit, we can close this issue now as the site is fine and will be fixed: https://www.reddit.com/r/privacy/comments/c30ycv/that_one_privacy_site_compromised_june_2019/erqbcq9

jonah commented 2019-06-21 23:54:20 +00:00

Copy Link

maybe PM them next time

Maybe respond to your emails next time 😝

Looks good to me.

> maybe PM them next time Maybe respond to your emails next time 😝 Looks good to me.

This repo is archived. You cannot comment on issues.

No Branch/Tag Specified

Branches Tags

master

dependabot/bundler/nokogiri-1.13.6

dependabot/bundler/addressable-2.8.0

freddy-m-patch-3

pr-add_RemoveMyPhone_sponsor

pr-browser_cleanup_1257_1328_1430

freddy-m-patch-2

freddy-m-patch-1

pr-vpn_hated_one_video

cdn

update-nitrohorse-image

promote-metager-to-card

hardware

pr-add_azirevpn

pr-add_mailfence

shop

1673

pr/1658

i18n-simple

sponsorship-edits-nov2019

i18n

ipfs

blacklight447-ptio-patch-3

blog

remove-windows-icons

pr/1147

i18n-testing

add-beautify

Labels

Clear labels   

🔍🤖 Search Engines

  

approved

approved, waiting for a PR

  

dependencies

Pull requests that update a dependency file

  

duplicate

  

feedback wanted

  

high priority

  

I2P

The Invisible Internet Project (I2P)

  

iOS

  

low priority

  

OS

Operating Systems

  

Self-contained networks

  

Social media

  

stale

A label for stalebot if it gets added

  

streaming

Anything related to media streaming.

  

todo

  

Tor

Anything covering the Tor network

  

WIP

active work in progress, do not merge or PR (yet)!

  

wontfix

Issues or bugs that will not be fixed and/or do not have significant impact on the project.

  

XMPP

Extensible Messaging and Presence Protocol

  

[m]

Matrix protocol

  

₿ cryptocurrency

  

ℹ️ help wanted

  

↔️ file sharing

  

⚙️ web extensions

Browser Extension related issues

  

✨ enhancement

  

❌ software removal

  

💬 discussion

  

🤖 Android

  

🐛 bug

  

💢 conflicting

  

📝 correction

Correction of content on the website

  

🆘 critical

  

📧 email

  

🔒 file encryption

  

📁 file storage

  

🦊 Firefox

Firefox & forks, about:config etc.

  

💻 hardware

  

🌐 hosting

  

🏠 housekeeping

Anything primarily related to site cleanup.

  

🔐 password managers

  

🧰 productivity tools

  

🔎 research required

  

🌐 Social News Aggregators

  

🆕 software suggestion

  

👥 team chat

  

🔒 VPN

Virtual Private Network

  

🌐 website issue

*Technical* issues with the website.

  

🚫 Windows

  

👁️ browsers

  

🖊️ digital notebooks

  

🗄️ DNS

Domain Name System

  

🗨️ instant messaging (im)

  

🇦🇶 translations

Anything covering a translated version of the site

No Label

🔍🤖 Search Engines

approved

dependencies

duplicate

feedback wanted

high priority

I2P

iOS

low priority

OS

Self-contained networks

Social media

stale

streaming

todo

Tor

WIP

wontfix

XMPP

[m]

₿ cryptocurrency

ℹ️ help wanted

↔️ file sharing

⚙️ web extensions

✨ enhancement

❌ software removal

💬 discussion

🤖 Android

🐛 bug

💢 conflicting

📝 correction

🆘 critical

📧 email

🔒 file encryption

📁 file storage

🦊 Firefox

💻 hardware

🌐 hosting

🏠 housekeeping

🔐 password managers

🧰 productivity tools

🔎 research required

🌐 Social News Aggregators

🆕 software suggestion

👥 team chat

🔒 VPN

🌐 website issue

🚫 Windows

👁️ browsers

🖊️ digital notebooks

🗄️ DNS

🗨️ instant messaging (im)

🇦🇶 translations

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

1 Participants

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#975

No description provided.