Unethical Use of the Server! Some Attention needed.

Discussion in 'Feedback/Feature Requests' started by Abhinav Jain, Sep 28, 2017.

  1. Abhinav Jain

    Abhinav Jain New Member

    Hi,
    I love this web server and I have used it many a times to make small test projects and such. But today something fishy happened. I was just browsing a website : "http://www.9anime.to", an anime website I landed on through Google. Now when I clicked on play button of the video : "https://9anime.to/watch/baby-steps-2nd-season.3x2/kxkp0r" a tab popped open and it displayed the page with an URL : "www.apple.com-secure.systems" saying that my Mac is infected with virus so I should click on an OK button if I wanted to remove this trojan from here. As you may guess, the URL itself looks malicious. So I performed a curl test on it : "curl -Iv www.apple.com-secure.systems/" and the output is given below. Now it's obvious. The server used is LiteSpeed. And I have created this thread to draw some attention to the fact that some information gathering should be done on your part since it's a product, which should not be abused as it is used by many. Please pay attention guys. I am not hating on anyone here, I am just saying that I don't like the idea that such a cool Open Source service is being used like this.
    Who knows what would happen if someone would click on that OK, I at least don't want to know.
    I would have attached screenshots but it says that the server doesn't accept files of size, in my case 1.1 MB.
    ==================================================================
    Curl Output :-
    abcdefghij:~ xxxxxxxx$ curl -Iv www.apple.com-secure.systems
    * Rebuilt URL to: www.apple.com-secure.systems/
    * Trying 128.199.37.91...
    * TCP_NODELAY set
    * Connected to www.apple.com-secure.systems (128.199.37.91) port 80 (#0)
    > HEAD / HTTP/1.1
    > Host: www.apple.com-secure.systems
    > User-Agent: curl/7.54.0
    > Accept: */*
    >
    < HTTP/1.1 200 OK
    HTTP/1.1 200 OK
    < Last-Modified: Sat, 23 Sep 2017 16:18:23 GMT
    Last-Modified: Sat, 23 Sep 2017 16:18:23 GMT
    < Content-Type: text/html
    Content-Type: text/html
    < Content-Length: 344
    Content-Length: 344
    < Date: Thu, 28 Sep 2017 17:28:38 GMT
    Date: Thu, 28 Sep 2017 17:28:38 GMT
    < Accept-Ranges: bytes
    Accept-Ranges: bytes
    < Server: LiteSpeed
    Server: LiteSpeed
    < Connection: Keep-Alive
    Connection: Keep-Alive

    <
    * Connection #0 to host www.apple.com-secure.systems left intact
    ====================================================================
    Note that though Apple devs boast about their security : "https://discussions.apple.com/thread/7487704?start=0&tstart=0" but still these incidents should not be allowed to happen.

    Regards,
    Abhinav J.
     
    Last edited: Sep 28, 2017
  2. Pong

    Pong Well-Known Member Staff Member

    We are very sorry to hear about this. Unfortunately, We are a software developer (we make an HTTP server). We do not host websites and have no control over the sites that a hosting provider using our software allows. To report this site's abuse, need to contact their hosting provider or their data center.
     

Share This Page