search

adoxa / ansicon

Process ANSI escape sequences for Windows console programs.
http://ansicon.adoxa.vze.com/
Other
1.23k stars 130 forks source link

Potentially serious security issue #47

Closed skopp closed 11 years ago

skopp commented 11 years ago

The Description at @adoxa 's Ansicon GitHub repo _ie. the bit directly under the title_ - see following screengrab:

has a link: 

 http://adoxa.3eeweb.com/ansicon/

:red_circle: **Handle the above URI with care; if unsure, seek assistance from a netsec person (you know, the basement-dwelling cats that play WoW, oversee Wikipedia and hack the FBI mainframe).

It may be potentially unsafe and/or malicious. I only checked with WOT, which was what alerted me - with a red alert.

adoxa commented 11 years ago

Any recommendations for a free host?

skopp commented 11 years ago

Sure, there are a few I can recommend. Depends on the size of the site, how many subfolders/pages, resources, is it a CMS or does it need one? Does it need a database? If so, SQL or NoSQL? Does it require cron jobs - how regularly if yes? Also, most free sites tend to either not play well with dynamic content (script), or end up getting your innocent script hacked by malicious eviil, evil hackerpeople. Tad dramatic, but not unheard of. If not that, the hoster will eventually give you an ultimatum: buy our better paid service, or get out (that I know from experience). This is kinda my game (web hosting, not black hacking)

In short, is it a bigass website or not?

adoxa commented 11 years ago

I have each program in its own subfolder (currently 53), one page each (although some have a couple); it's currently under 50MB, but I envision exceeding that at some point. PHP is all I need; a database would be a bonus if I ever decide to put up a forum, but it's not a deal breaker. I was on 110mb.com, which was fine until they stopped working... 0000host (iirc) didn't support text files, so that didn't last long. Can't say I've had any trouble with 3eeweb, even though they say they don't add anything, but they do (there should be a downloads counter beside the page counter, but what they add stops the javascript from working).

L2G commented 11 years ago

Would you consider migrating your website to a static setup? Then you could host it directly on GitHub.

L2G commented 11 years ago

If it absolutely, positively must be in PHP, I may be able to swing something for you on DreamHost. Basically I'd be sub-letting a portion of my DreamHost resources to you. But it would be free of charge to you, and you could do whatever you like with your website (within the bounds of DreamHost's AUP, of course).

L2G commented 11 years ago

I see now that you're looking at ~50 MiB. I doubt GitHub could help you with that after all. :-) Let me know if you want to discuss having a sub-account on DreamHost; I don't think that magnitude of storage will be an issue there.

skopp commented 11 years ago

@L2G @adoxa Hey, sorry for not responding sooner. I can actually help. Both of you! Can we chat online somewhere? Conceptboard is good for this kind of thing. Or Skype?

L2G commented 11 years ago

Wait, I'm confused. I was offering help, not asking for it.

L2G commented 11 years ago

And by the way, the WoT rating applies to all of 3eeeweb.com and not just adoxa.3eeeweb.com, so it may be a case of guilt by association. If @adoxa feels confident that the admins of 3eeeweb.com are not messing with the content of his site, maybe a group of us could lobby WoT for a better rating specific to adoxa.3eeeweb.com.

On the other hand, if so many other people are abusing 3eeeweb.com, that may not bode well for its longevity.

skopp commented 11 years ago

Re: https://github.com/adoxa/ansicon/issues/47#issuecomment-14657545 of course, let me clarify: My cloud apps services and research project, SKUDA, are in partnership with Uhuru AppCloud (who are a certified Cloud Foundry host), thus I can get the code hosted on there, no problem - as we are experimenting with whatever dynamic webapps, CMSes, frameworks and so on we can while in beta. I said it could benefit you, @L2G , as well because I'm sure you may have some ideas of web applications you want to host. Anyway, I'm not pushing anything on anyone - don't get me wrong. If you wish to know more, I'll provide more details.

P.s. whatever the final decision, I've had experience with free hosting guys, and for students testing their learnt theory, or that kind of thing, it's usually fine. For projects where you want longevity and data integrity, as @L2G mentioned, it may very well be alright on there - but if the domain is viewed as suspicious by the netsec communities, it may just reduce people accessing your code on there, especially if they have Trend or AVG toolbars installed in their browsers.

adoxa commented 11 years ago

Sorry for the long delay - I was wondering how to handle it, then my computer died. I've now been suspended by 3eeweb (don't know why) and 110mb still isn't working, so created another site at hostmyway.net. Let's see how that goes...

mscdex commented 11 years ago

Why not create a github page for this repo? Then it would just be a matter of linking to: http://adoxa.github.io/ansicon/

skopp commented 11 years ago

@mscdex https://github.com/adoxa/ansicon/issues/47#issuecomment-22014882 - 50+ MB of asset/backend data is a bit much for a gh-page I think.

mscdex commented 11 years ago

@skopp I've seen larger documents in github repos before.

skopp commented 11 years ago

I wouldn't be surprised to see that either, and not saying it's not possible; just be smart about it, that's all. E.g. a common setup (for pages with dynamic - usually script or NoSQL assets) is having a frontend UI as a gh-page, and the backend set up on Heroku or a similar PaaS. 

adoxa commented 11 years ago

Looks like 110mb is working okay again, and I've had no problems with hostmyway, so I'm happy enough for now. 3eeweb did restore my account, but they've since suspended it again, with no response to my ticket, so that's gone.