• Announcements

    • MannDude

      Current state of vpsBoard   02/04/2017

      Dear vpsBoard members and guests:

      Over the last year or two vpsBoard activity and traffic has dwindled. I have had a change of career and interests, and as such am no longer an active member of the web hosting industry.

      Due to time constraints and new interests I no longer wish to continue to maintain vpsBoard. The web site will remain only as an archive to preserve and showcase some of the great material, guides, and industry news that has been generated by members, some of which I remain in contact to this very day and now regard as personal friends.

      I want to thank all of our members who helped make vpsBoard the fastest growing industry forum. In it's prime it was an active and ripe source of activity, news, guides and just general off-topic banter and fun.

      I wish all members and guests the very best, whether it be with your business or your personal projects.

      -MannDude
Munzy

LowEndTalk Monitoring Network.

8 posts in this topic

I have been recently looking over the http code for Lowendtalk.com.... and let me just say it is monitoring central. I think this is being done to find alt accounts / previously shady individuals. In any case, not all of us want to be monitored up the ass... so /etc/host time!

 

############
# My Config
############

127.0.0.1       piwik.lowend.io
127.0.0.1       tag.perfectaudience.com
127.0.0.1       intljs.rmtag.com
127.0.0.1       pixel-geo.prfct.co
127.0.0.1       secure.adnxs.com
127.0.0.1       ssl.google-analytics.com
127.0.0.1       s3.buysellads.com
127.0.0.1       www.google-analytics.com

 

I should note that vanilla still does a good job of monitoring, so if you come back via the same ip... they will find you.

1 person likes this

Share this post


Link to post
Share on other sites
Quote

let me just say it is monitoring central.

The sites are monitoring central and there are absolutely no privacy policies on the sites despite the fact that the sites are commercial sites and Velocity Servers Inc is using six 3rd party ad networks/analytics sites to monitor user activity, and it is also allowing a 3rd party contractor to monitor activity on both LowEndTalk and LowEndBox via the contractor's personal website (lowend.io), and it is allowing the hosting company ServerMania to ad stalk LowEndBox users via AdRoll.

piwik.lowend.io = web analytics site operated by 3rd party non-employee contractor of Velocity Servers Inc
tag.perfectaudience.com = ad retargeting company PerfectAudience 
intljs.rmtag.com = ad retargeting company MediaForge
pixel-geo.prfct.co = ad retargeting company PerfectAudience
secure.adnxs.com = marketing service company AppNexus
ssl.google-analytics.com = web analytics service operated by sleazy unethical company whose business plan is based on harvesting personal info
s3.buysellads.com = banner advertising service
www.google-analytics.com = web analytics service operated by sleazy unethical company whose business plan is based on harvesting personal info

It should also be pointed out again that LowEndBox is still allowing a hosting company, ServerMania Inc (a sleazy company that used a stolen database to spam databreach victims),  to monitor LowEndBox users by including ServerMania's AdRoll ad retargeting code (account QJSDIDC4UFEMBMV27GEVT4 ) on every LowEndBox.com page which is a violation of AdRoll's terms of service (see this thread:

============

On another note, besides being monitoring central, the sites are also vulnerability central and the owner's failure to apply timely security updates to the sites is one reason I would never use any hosting service operated by ColoCrossing.  

LowEndBox WordPress 4.4.2 : 10 vulnerabilities

Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.

Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via the query string.

The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection restrictions via unspecified vectors.

Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834.

Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833.

WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by leveraging the ability to read a post, related to wp-admin/includes/ajax-actions.php and wp-admin/revision.php.

The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a denial of service via unspecified vectors.

WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.

WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by leveraging knowledge of a cookie.

WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism via unspecified vectors.

LowEndTalk Vanilla 2.1.12p3: 5 vulnerabilities

3 newly discovered XSS vectors;

an Insecure Direct Object Reference that allows unauthorized comment editing;

 Potential CSRF vectors , including one that could allow account hijacking; 

SQL injection vector; PDO option SQL injection risk;

insecure password reset token lengths and expiration times

 

1 person likes this

Share this post


Link to post
Share on other sites

Thank you for the domain list.

They added: s.adroll.com

Share this post


Link to post
Share on other sites

I noticed this with WebHostingTalk. I don't know what their deal is, but they banned me for no reason, then I came back and made an alt with a different IP, different browser, cleared all the cookies and stuff from the site and they still caught me as an alt.

I'd be interested to hear how they did it.

Share this post


Link to post
Share on other sites
On 7/31/2016 at 4:11 PM, River said:

I noticed this with WebHostingTalk. I don't know what their deal is, but they banned me for no reason, then I came back and made an alt with a different IP, different browser, cleared all the cookies and stuff from the site and they still caught me as an alt.

I'd be interested to hear how they did it.

Either how you posted,setup your account was a tip off, or two you used a common entrance point that they saw via analytics.

Share this post


Link to post
Share on other sites

Amazingly long list, but why not just /etc/hosts it up? Slower?

Share this post


Link to post
Share on other sites

Yes, I am guessing it's faster to apply it at DNS level. I haven't compared.

7 hours ago, HN-Matt said:

Amazingly long list, but why not just /etc/hosts it up? Slower?

 

Share this post


Link to post
Share on other sites