Printable Version of Topic

Click here to view this topic in its original format

HTMLHelp Forums _ Web Server Configuration _ Warning! Dangerous site!

Posted by: Brian Chandler Jun 30 2021, 04:35 AM

Here's an entry from my error log:

2021.06.30@1524 JST *** 404
/api.php?key=1 from http://216.92.213.57/api.php?key=1
Googlebot/2.1 (+http://www.google.com/bot.html)

(Meaning: missing file /api.php?key=1; refer®er was 216...)
Fairly obviously this is some kind of hack, but I wondered what the numeric IP address was. So it pasted it in, and Firefox went into a convulsion: cannot verify certificate etc etc, hackers, damage your computer, bank account, spontaneous combustion, the lot. I persisted in taking the RISK, and looked at http://216.92.213.57 - ha! It's my own site, imaginatorium.com.

Since access to the website (imaginatorium.com) works without problem, how could the "certification" be any different using the numeric address?

I admit I do not understand this stuff, but most explanations seem to start with logical confusion, then go downhill. Suppose I click a link to a site whose owners I do not know (most links, of course); what dangers could befall me if the page does not have a valid https certificate, which could not befall me if it did??


Posted by: Brian Chandler Jun 30 2021, 04:39 AM

Here's an entry from my error log:

2021.06.30@1524 JST *** 404
/api.php?key=1 from http://216.92.213.57/api.php?key=1
Googlebot/2.1 (+http://www.google.com/bot.html)

(Meaning: missing file /api.php?key=1; refer(r*)er was 216...)
Fairly obviously this is some kind of hack, but I wondered what the numeric IP address was. So it pasted it in, and Firefox went into a convulsion: cannot verify certificate etc etc, hackers, damage your computer, bank account, spontaneous combustion, the lot. I persisted in taking the RISK, and looked at http://216.92.213.57 - ha! It's my own site, imaginatorium.com.

Since access to the website (imaginatorium.com) works without problem, how could the "certification" be any different using the numeric address?

I admit I do not understand this stuff, but most explanations seem to start with logical confusion, then go downhill. Suppose I click a link to a site whose owners I do not know (most links, of course); what dangers could befall me if the page does not have a valid https certificate, which could not befall me if it did??

* the person who wrote this forum software is a f*cking moron

Posted by: Christian J Jun 30 2021, 02:31 PM

QUOTE(Brian Chandler @ Jun 30 2021, 11:39 AM) *

Since access to the website (imaginatorium.com) works without problem, how could the "certification" be any different using the numeric address?

Seems the certificates only apply to either IP or domain name, if I understood this correct:
https://stackoverflow.com/questions/310003/can-you-put-ssl-on-a-ip-address-or-only-on-a-web-servers-domain-name

QUOTE
Suppose I click a link to a site whose owners I do not know (most links, of course); what dangers could befall me if the page does not have a valid https certificate, which could not befall me if it did??

I suppose the traffic may not be encrypted, despite using HTTPS, and the traffic can be actively listened in on or maybe modified.


Posted by: Brian Chandler Jul 1 2021, 11:23 AM

QUOTE(Christian J @ Jul 1 2021, 04:31 AM) *

QUOTE(Brian Chandler @ Jun 30 2021, 11:39 AM) *

Since access to the website (imaginatorium.com) works without problem, how could the "certification" be any different using the numeric address?

Seems the certificates only apply to either IP or domain name, if I understood this correct:
https://stackoverflow.com/questions/310003/can-you-put-ssl-on-a-ip-address-or-only-on-a-web-servers-domain-name


Thanks Christian. I got the same answer from my nephew, who is pretty much up on this sort of thing. So that's OK...

QUOTE

QUOTE
Suppose I click a link to a site whose owners I do not know (most links, of course); what dangers could befall me if the page does not have a valid https certificate, which could not befall me if it did??

I suppose the traffic may not be encrypted, despite using HTTPS, and the traffic can be actively listened in on or maybe modified.


So it seems to be ludicrously exaggerated, given that this DANGEROUS! state of affairs is exactly what we were all doing all the time 10 years ago.

Posted by: Christian J Jul 1 2021, 02:24 PM

QUOTE(Brian Chandler @ Jul 1 2021, 06:23 PM) *

So it seems to be ludicrously exaggerated, given that this DANGEROUS! state of affairs is exactly what we were all doing all the time 10 years ago.

If the certificate failure is unintentional, yes (though we usually didn't do credit card payments on those unencrypted pages).

But I suppose it could also be a sign of a man-in-the-middle-attack. unsure.gif

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)