The Web Design Group

... Making the Web accessible to all.

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Warning! Dangerous site!
Brian Chandler
post Jun 30 2021, 04:35 AM
Post #1


Jocular coder
********

Group: Members
Posts: 2,418
Joined: 31-August 06
Member No.: 43



Here's an entry from my error log:

2021.06.30@1524 JST *** 404
/api.php?key=1 from http://216.92.213.57/api.php?key=1
Googlebot/2.1 (+http://www.google.com/bot.html)

(Meaning: missing file /api.php?key=1; refer®er was 216...)
Fairly obviously this is some kind of hack, but I wondered what the numeric IP address was. So it pasted it in, and Firefox went into a convulsion: cannot verify certificate etc etc, hackers, damage your computer, bank account, spontaneous combustion, the lot. I persisted in taking the RISK, and looked at http://216.92.213.57 - ha! It's my own site, imaginatorium.com.

Since access to the website (imaginatorium.com) works without problem, how could the "certification" be any different using the numeric address?

I admit I do not understand this stuff, but most explanations seem to start with logical confusion, then go downhill. Suppose I click a link to a site whose owners I do not know (most links, of course); what dangers could befall me if the page does not have a valid https certificate, which could not befall me if it did??

User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Brian Chandler
post Jun 30 2021, 04:39 AM
Post #2


Jocular coder
********

Group: Members
Posts: 2,418
Joined: 31-August 06
Member No.: 43



Here's an entry from my error log:

2021.06.30@1524 JST *** 404
/api.php?key=1 from http://216.92.213.57/api.php?key=1
Googlebot/2.1 (+http://www.google.com/bot.html)

(Meaning: missing file /api.php?key=1; refer(r*)er was 216...)
Fairly obviously this is some kind of hack, but I wondered what the numeric IP address was. So it pasted it in, and Firefox went into a convulsion: cannot verify certificate etc etc, hackers, damage your computer, bank account, spontaneous combustion, the lot. I persisted in taking the RISK, and looked at http://216.92.213.57 - ha! It's my own site, imaginatorium.com.

Since access to the website (imaginatorium.com) works without problem, how could the "certification" be any different using the numeric address?

I admit I do not understand this stuff, but most explanations seem to start with logical confusion, then go downhill. Suppose I click a link to a site whose owners I do not know (most links, of course); what dangers could befall me if the page does not have a valid https certificate, which could not befall me if it did??

* the person who wrote this forum software is a f*cking moron
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Jun 30 2021, 02:31 PM
Post #3


.
********

Group: WDG Moderators
Posts: 8,934
Joined: 10-August 06
Member No.: 7



QUOTE(Brian Chandler @ Jun 30 2021, 11:39 AM) *

Since access to the website (imaginatorium.com) works without problem, how could the "certification" be any different using the numeric address?

Seems the certificates only apply to either IP or domain name, if I understood this correct:
https://stackoverflow.com/questions/310003/...ers-domain-name

QUOTE
Suppose I click a link to a site whose owners I do not know (most links, of course); what dangers could befall me if the page does not have a valid https certificate, which could not befall me if it did??

I suppose the traffic may not be encrypted, despite using HTTPS, and the traffic can be actively listened in on or maybe modified.

User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Brian Chandler
post Jul 1 2021, 11:23 AM
Post #4


Jocular coder
********

Group: Members
Posts: 2,418
Joined: 31-August 06
Member No.: 43



QUOTE(Christian J @ Jul 1 2021, 04:31 AM) *

QUOTE(Brian Chandler @ Jun 30 2021, 11:39 AM) *

Since access to the website (imaginatorium.com) works without problem, how could the "certification" be any different using the numeric address?

Seems the certificates only apply to either IP or domain name, if I understood this correct:
https://stackoverflow.com/questions/310003/...ers-domain-name


Thanks Christian. I got the same answer from my nephew, who is pretty much up on this sort of thing. So that's OK...

QUOTE

QUOTE
Suppose I click a link to a site whose owners I do not know (most links, of course); what dangers could befall me if the page does not have a valid https certificate, which could not befall me if it did??

I suppose the traffic may not be encrypted, despite using HTTPS, and the traffic can be actively listened in on or maybe modified.


So it seems to be ludicrously exaggerated, given that this DANGEROUS! state of affairs is exactly what we were all doing all the time 10 years ago.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Christian J
post Jul 1 2021, 02:24 PM
Post #5


.
********

Group: WDG Moderators
Posts: 8,934
Joined: 10-August 06
Member No.: 7



QUOTE(Brian Chandler @ Jul 1 2021, 06:23 PM) *

So it seems to be ludicrously exaggerated, given that this DANGEROUS! state of affairs is exactly what we were all doing all the time 10 years ago.

If the certificate failure is unintentional, yes (though we usually didn't do credit card payments on those unencrypted pages).

But I suppose it could also be a sign of a man-in-the-middle-attack. unsure.gif
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post

Reply to this topicStart new topic
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:

 



- Lo-Fi Version Time is now: 29th November 2021 - 01:42 AM