Maybe I'm writing this message a bit early and the situation is still hot, I hope you will try to put some effort to understand the whole situation with Calin and from my perspective.
As I mentioned in the thread, I randomly went to his whmcs and saw the horror related to there being no php interpreter. At that moment I was shocked and glad at the same time that karma had done its job and without further checking if the error existed and after creating the thread, I posted it.
Yes, it can be considered a pretty major error but let's keep in mind that Calin created a thread in which he announced about this incident and marked the time of the beginning of the incident exactly when at minute 25 when I created the thread and the time of the end of the incident at minute 37, after at minute 32 I had given him DM to announce that the error still persists.
Please note that I did not catch a fraction of a second when this error existed but consider that he had no idea of this issue at least in the 12 minutes of the thread and who knows how long before since he was not actively working on his page to realize that his changes were disastrous.
After the blurred screenshot and the fact that I made sure there was no external connection for DB try please understand that I was trying to get back at Calin but to a limited extent (after all there is no leak other than some useless credentials that can be changed) and I was trying to open the eyes of the community to the fact that they judge too much for my shortcomings and are blind to the shortcomings of others like me.
Then, also out of fairness, I think you should also note that Calin is in turn breaking the 'don't be a dick' rule by hardening those who are already against me with my threads and that old 'Hazi.ro offers for refugees' post for which he may have deserved the ban but was in turn forgiven.
You "randomly" went to a competitors WHMCS. You "randomly" checked to see if files were available through non-standard methods. Then instead of informing Calin directly, like a reasonable person, you submitted your findings to LET with a snarky message and thread title that made it clear your actions were malicious. As I'm sure you expected, and to no surprise of anyone, the information and method YOU posted was used maliciously. Only after did you share your findings publicly did you then decide to inform him.
I'm not going to defend Calin, to be quite frank I think the two of your are cut from the same cloth and greatly lack business ethics. We'll all judge him in our own ways for his poor security practice that lead up to this event, but you really shot yourself in the foot. What did you expect to happen when you posted that thread? Everyone would clap for you, carry you on their shoulders and shower you with praise?
Why do you look at the situation in one way?
Calin, a provider in his turn, affects the image of the provider FlorinMarian in FlorinMarian's threads.
Why do you expect FlorinMarian to show true fraternity towards the one who tries to bury his image?
I'm not defending Calin. I think you two are more similar than unalike. I just think you took things too far, is all.
[ IncogNET LLC ] - Privacy By Design We believe that privacy and freedom of expression are two very important things, so we offer solutions to accessing and publishing content safely.
[ USA: Liberty Lake, WA | Kansas City, MO | Allentown, PA ] [EU: Naaldwijk, NL ] [ CL Shared | KVM VPS | VPN | Dedicated Servers | Domain Names ]
Maybe I'm writing this message a bit early and the situation is still hot, I hope you will try to put some effort to understand the whole situation with Calin and from my perspective.
As I mentioned in the thread, I randomly went to his whmcs and saw the horror related to there being no php interpreter. At that moment I was shocked and glad at the same time that karma had done its job and without further checking if the error existed and after creating the thread, I posted it.
Yes, it can be considered a pretty major error but let's keep in mind that Calin created a thread in which he announced about this incident and marked the time of the beginning of the incident exactly when at minute 25 when I created the thread and the time of the end of the incident at minute 37, after at minute 32 I had given him DM to announce that the error still persists.
Please note that I did not catch a fraction of a second when this error existed but consider that he had no idea of this issue at least in the 12 minutes of the thread and who knows how long before since he was not actively working on his page to realize that his changes were disastrous.
After the blurred screenshot and the fact that I made sure there was no external connection for DB try please understand that I was trying to get back at Calin but to a limited extent (after all there is no leak other than some useless credentials that can be changed) and I was trying to open the eyes of the community to the fact that they judge too much for my shortcomings and are blind to the shortcomings of others like me.
Then, also out of fairness, I think you should also note that Calin is in turn breaking the 'don't be a dick' rule by hardening those who are already against me with my threads and that old 'Hazi.ro offers for refugees' post for which he may have deserved the ban but was in turn forgiven.
You "randomly" went to a competitors WHMCS. You "randomly" checked to see if files were available through non-standard methods. Then instead of informing Calin directly, like a reasonable person, you submitted your findings to LET with a snarky message and thread title that made it clear your actions were malicious. As I'm sure you expected, and to no surprise of anyone, the information and method YOU posted was used maliciously. Only after did you share your findings publicly did you then decide to inform him.
I'm not going to defend Calin, to be quite frank I think the two of your are cut from the same cloth and greatly lack business ethics. We'll all judge him in our own ways for his poor security practice that lead up to this event, but you really shot yourself in the foot. What did you expect to happen when you posted that thread? Everyone would clap for you, carry you on their shoulders and shower you with praise?
Why do you look at the situation in one way?
Calin, a provider in his turn, affects the image of the provider FlorinMarian in FlorinMarian's threads.
Why do you expect FlorinMarian to show true fraternity towards the one who tries to bury his image?
I'm not defending Calin. I think you two are more similar than unalike. I just think you took things too far, is all.
It is true that this action (posting) was based on hatred.
I had a pact with him to ignore each other after we had some tougher discussions in private, but after a while Calin returned to the old habit but loved by the community.
Being less popular than him, I couldn't post when I could see that he was lying about something, and that's how the hatred that raged yesterday accumulated.
What did Calin lie about?
that it has over 3000 IPs (3x/24 in reality)
that he has 10Gbps at home, not 1Gbps like me (at any time of the day, if you add the sum of his servers on the uptime, you don't have more than 1Gbps up/down)
that I have no chance to keep my servers at home, that he also tried until he rented a hall, blah blah that for Christmas we will see the picture with the green walls from the grandparents' house.
Considering that I kept all these reasons in mind, it is clear that it affected me emotionally that my truths were ruining my image while his lies raised him far above me.
@FlorinMarian said: What was non-standard? I've used my browser to access his homepage and index.php was downloaded instead of interpreted and then did the same with configuration file to see if still works with that.
@FlorinMarian said: What was non-standard? I've used my browser to access his homepage and index.php was downloaded instead of interpreted and then did the same with configuration file to see if still works with that.
is your browser cURL or wget?
curiosity kills the cat
In the screenshots deleted from the LET, it was clear that Google Chrome had been used, just so that in my mind that vulnerability only existed for a fraction of a minute and not to be accused of who knows what hacking engineering.
@FlorinMarian said: What was non-standard? I've used my browser to access his homepage and index.php was downloaded instead of interpreted and then did the same with configuration file to see if still works with that.
is your browser cURL or wget?
curiosity kills the cat
In the screenshots deleted from the LET, it was clear that Google Chrome had been used, just so that in my mind that vulnerability only existed for a fraction of a minute and not to be accused of who knows what hacking engineering.
@FlorinMarian said: that I have no chance to keep my servers at home, that he also tried until he rented a hall, blah blah that for Christmas we will see the picture with the green walls from the grandparents' house.
LOL
@FlorinMarian said: In the screenshots deleted from the LET, it was clear that Google Chrome had been used, just so that in my mind that vulnerability only existed for a fraction of a minute and not to be accused of who knows what hacking engineering.
Bro, you wrote bachelor thesis on DDoS attacks and hacking, you obviously know how to be a haxor.
Regarding whether you did it maliciously or not, I think its the first option. You whined about Calin in other threads already, you spotted opportunity to pick at him and you did.
I was judged for pettier things than this, it was 100% expected your tactic will backfire, I have no idea what were you thinking posting it. If any other member posted it, it could be justified for other reasons, but you are his direct competitor. It was clearly a dirty attack against your competitor. You could've stayed quiet, and wait for someone else to notice and then pick at him, instead you disclosed it yourself in the shittiest way possible.
If you given a fuck about ethics or his customers, you wouldn't disclose it like that.
I'm also aware you called certain people in the past to try and get Calin kicked out from Orange Romania(or try and ruin his business), knowing that, there is no doubt in my mind it was a malicious attack.
I rooted for you from your very beginnings with your "datacenter", It was extremely cool to me and I also wished I could have such setup for my homelab some day. But you fucked everything up, I'm just disappointed.
@FlorinMarian said: I had a pact with him to ignore each other after we had some tougher discussions in private, but after a while Calin returned to the old habit but loved by the community.
Being less popular than him, I couldn't post when I could see that he was lying about something, and that's how the hatred that raged yesterday accumulated.
What did Calin lie about?
you are going on about what HE did as if this is some kind of justification for your action.
it simply is not.
if you find a vulnerability like that by accident simply act like a grown up and inform him. I probably could even understand if you'd just look the other way and ignore what you found.
however posting about it publicly like you did is a nogo , no matter what. the screenshot doesn't play a role at all.
what you posted is a direct prompt to go and look after it for anyone with possible malicious intent. you knowingly instigated people to harm your competitor.
like @MannDude said you have no business ethics at all and in the end this is the reason why you are failing.
it will always come back around to you one way or another. you build your bad reputation all by yourself with this kind of actions, so rather stop talking about all the bad things your competitors did to you.
it won't help and is no justification for your own behaviour anyway.
@FlorinMarian said: I had a pact with him to ignore each other after we had some tougher discussions in private, but after a while Calin returned to the old habit but loved by the community.
Being less popular than him, I couldn't post when I could see that he was lying about something, and that's how the hatred that raged yesterday accumulated.
What did Calin lie about?
you are going on about what HE did as if this is some kind of justification for your action.
it simply is not.
if you find a vulnerability like that by accident simply act like a grown up and inform him. I probably could even understand if you'd just look the other way and ignore what you found.
however posting about it publicly like you did is a nogo , no matter what. the screenshot doesn't play a role at all.
what you posted is a direct prompt to go and look after it for anyone with possible malicious intent. you knowingly instigated people to harm your competitor.
like @MannDude said you have no business ethics at all and in the end this is the reason why you are failing.
it will always come back around to you one way or another. you build your bad reputation all by yourself with this kind of actions, so rather stop talking about all the bad things your competitors did to you.
it won't help and is no justification for your own behaviour anyway.
Yes, I am his direct competitor, as he is in my threads in which he drags the reputation I'm trying to build into the mud.
I would totally agree with you if there wasn't the essential element of the story: I went to the site and that shit was there, on the main page. Calin has no idea when that vulnerability was there, marking the time when I made the post the time when the cure appeared, which is not true. Between with/without my post the big difference is that more people saw that that vulnerability exists, nothing more.
There are hundreds of his clients who could have accessed the site all that time without my thread or even potential clients using backlinks from LET/LES. The only difference is that the community does not know about this incident, but the effects were the same for him.
@FlorinMarian said: Between with/without my post the big difference is that more people saw that that vulnerability exists, nothing more.
There are hundreds of his clients who could have accessed the site all that time without my thread or even potential clients using backlinks from LET/LES. The only difference is that the community does not know about this incident, but the effects were the same for him.
People access backdoors all of the time, do see them posting it publicly?
The difference between revealing a vulnerability to the public, while it is not fixed, and letting the public find out the vulnerability, is that revealing will have a larger impact than the public finding it itself. Considering me, a person who has been into the interwebs for quite some time now, its almost always that some vulnerability that isnt disclosed is abused way less than the one which has been.
@FlorinMarian said: Between with/without my post the big difference is that more people saw that that vulnerability exists, nothing more.
There are hundreds of his clients who could have accessed the site all that time without my thread or even potential clients using backlinks from LET/LES. The only difference is that the community does not know about this incident, but the effects were the same for him.
People access backdoors all of the time, do see them posting it publicly?
The difference between revealing a vulnerability to the public, while it is not fixed, and letting the public find out the vulnerability, is that revealing will have a larger impact than the public finding it itself. Considering me, a person who has been into the interwebs for quite some time now, its almost always that some vulnerability that isnt disclosed is abused way less than the one which has been.
The database does not accept external connections and those credentials are useless without SSH access to the VM hosting the site.
@FlorinMarian said: Between with/without my post the big difference is that more people saw that that vulnerability exists, nothing more.
There are hundreds of his clients who could have accessed the site all that time without my thread or even potential clients using backlinks from LET/LES. The only difference is that the community does not know about this incident, but the effects were the same for him.
People access backdoors all of the time, do see them posting it publicly?
The difference between revealing a vulnerability to the public, while it is not fixed, and letting the public find out the vulnerability, is that revealing will have a larger impact than the public finding it itself. Considering me, a person who has been into the interwebs for quite some time now, its almost always that some vulnerability that isnt disclosed is abused way less than the one which has been.
The database does not accept external connections and those credentials are useless without SSH access to the VM hosting the site.
Have you checked if that's the case before posting it?
@FlorinMarian said: Between with/without my post the big difference is that more people saw that that vulnerability exists, nothing more.
There are hundreds of his clients who could have accessed the site all that time without my thread or even potential clients using backlinks from LET/LES. The only difference is that the community does not know about this incident, but the effects were the same for him.
People access backdoors all of the time, do see them posting it publicly?
The difference between revealing a vulnerability to the public, while it is not fixed, and letting the public find out the vulnerability, is that revealing will have a larger impact than the public finding it itself. Considering me, a person who has been into the interwebs for quite some time now, its almost always that some vulnerability that isnt disclosed is abused way less than the one which has been.
The database does not accept external connections and those credentials are useless without SSH access to the VM hosting the site.
Have you checked if that's the case before posting it?
Yes, no matter how retarded you think I am, I would not have publicly shown something like that for both ethical and legal reasons.
@FlorinMarian said: Between with/without my post the big difference is that more people saw that that vulnerability exists, nothing more.
There are hundreds of his clients who could have accessed the site all that time without my thread or even potential clients using backlinks from LET/LES. The only difference is that the community does not know about this incident, but the effects were the same for him.
People access backdoors all of the time, do see them posting it publicly?
The difference between revealing a vulnerability to the public, while it is not fixed, and letting the public find out the vulnerability, is that revealing will have a larger impact than the public finding it itself. Considering me, a person who has been into the interwebs for quite some time now, its almost always that some vulnerability that isnt disclosed is abused way less than the one which has been.
The database does not accept external connections and those credentials are useless without SSH access to the VM hosting the site.
Have you checked if that's the case before posting it?
Yes, no matter how retarded you think I am, I would not have publicly shown something like that for both ethical and legal reasons.
Well, you are retarded. You just admitted to trying to illegally access database of your competitor.
@FlorinMarian said: Between with/without my post the big difference is that more people saw that that vulnerability exists, nothing more.
There are hundreds of his clients who could have accessed the site all that time without my thread or even potential clients using backlinks from LET/LES. The only difference is that the community does not know about this incident, but the effects were the same for him.
People access backdoors all of the time, do see them posting it publicly?
The difference between revealing a vulnerability to the public, while it is not fixed, and letting the public find out the vulnerability, is that revealing will have a larger impact than the public finding it itself. Considering me, a person who has been into the interwebs for quite some time now, its almost always that some vulnerability that isnt disclosed is abused way less than the one which has been.
The database does not accept external connections and those credentials are useless without SSH access to the VM hosting the site.
Have you checked if that's the case before posting it?
Yes, no matter how retarded you think I am, I would not have publicly shown something like that for both ethical and legal reasons.
Well, you are retarded. You just admitted to trying to illegally access database of your competitor.
You talk nonsense and you know it, but I leave you, you have no reason to be on my side anyway.
What you did was absolutely not okay and it doesn't matter who it was or what you had against him. You don't publish something like that without giving the person concerned the chance to fix it and admit that there was a weakness.
If it hadn't been published by Calin, you could have published it, but not like this.
I'm really shocked that a hoster would do something like this, even though he should be aware that he himself could be in a similar situation at any time.
@FlorinMarian said: Between with/without my post the big difference is that more people saw that that vulnerability exists, nothing more.
There are hundreds of his clients who could have accessed the site all that time without my thread or even potential clients using backlinks from LET/LES. The only difference is that the community does not know about this incident, but the effects were the same for him.
People access backdoors all of the time, do see them posting it publicly?
The difference between revealing a vulnerability to the public, while it is not fixed, and letting the public find out the vulnerability, is that revealing will have a larger impact than the public finding it itself. Considering me, a person who has been into the interwebs for quite some time now, its almost always that some vulnerability that isnt disclosed is abused way less than the one which has been.
The database does not accept external connections and those credentials are useless without SSH access to the VM hosting the site.
yk its actually pretty easy to spoof local connections, wont say how, and you probably know that.
He doesn't deserve to be banned here, he didn't do anything wrong here.
I'm also banned on LET but free to talk here as long as I play by local rules.
@xvps said: because of all the harassment from Calin
There was no harassment that I was aware of, shitting at someone on a public forum and in public threads in not harassment in any shape or form.
If he got intimidated by a kid with broken english and his caveman operation, I don't know what to tell you, Florin shouldn't have access to the internet.
@skorous said: Devil's advocate, if a vendor deadpooled on OGF and a bunch of people lost money but he never advertised here would you let them keep their provider tag? But it only happened over on OGF ....
Not the same thing. As I said in the first part of my statement above, I suspended the provider tag when this came to my attention. Provider tags are removed, or never issued, to providers that the staff feels have a reasonable potential to be a danger to the community. Permanent removals or denials are generally decided by a majority vote of the staff, not just by any one person.
EDIT: It should be noted that there are other reasons, in addition to what I stated above, that a provider tag would not be issued or would be revoked but they don't apply to this situation.
So the provider tag portion wasn't as important as the fact that they never did anything wrong here. It was an attempt to show that some mistakes are big enough that they follow you. I don't really have an opinion so last I'll say on it.
My 2c (thinking out loud):
It boils down to where you draw the line. A bit of an ethical dilemma, on several points:
1)
Should member and provider status be "locked together?"
I think they shouldn't. Provider tag carries a higher potential to commit frauds and harm people (customers).
"Ordinary" users don't carry that much responsibility, generally speaking.
So, I would say that it's not the same, and would be "quicker" to remove a provider tag, than to outright ban a member.
Again, these are my thoughts on the topic - without insisting nor being 100% certain that it's the right way of doing things.
2)
Should stuff done elsewhere be carried over to LES?
This one is also quite tricky. And it is related to the point 1).
When it comes to provider tags, regardless of how I find sufficient reasons to suspect a fraud, I'd be against allowing a provider tag. Even if a member is "golden" on LES.
But, when it comes to banning members, I'm not so sure if things should "spill over."
Can a "toxic" "fraudulent" member behave well? In theory, yes. It's worth giving second chances and the benefit of a doubt.
So, I'm not 100% sure that the member should be outright banned. For any drastic measures (bans, tag removals and similar), I like to be 100% sure.
3)
Final thoughts
Strict policing and erring to the side of caution (in terms of "lightly" banning) is very easy IMO.
But it's not good - tyranny is just around the corner.
Of course, the other extreme of letting "everything fly," is also not good.
When it comes to administration and moderation, we try to keep a reasonable middle ground and make unanimous decisions after we've discussed all the points, pros and cons ( i.e. @Mason & @FrankZ need to read all my drivel before making any calls - and vice-versa).
Relja TheLongWinded Novović
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member BikeGremlin's web-hosting reviews
I ain't reading all that - I will take a wild guess and say he still claims he did nothing wrong and he could act that way because Calin was dick to him in first place.
@Calin just a reminder that on top of "reinstalling" you should rotate/change keys/passwords etc. Not just copy-paste config :-D
He doesn't deserve to be banned here, he didn't do anything wrong here.
I'm also banned on LET but free to talk here as long as I play by local rules.
You got banned because you probably pissed off some mod or something. What Florin did is not even remotely close. It is like spitting in the face of whole community and everything it stands for just because ‘he got intimidated by a kid with broken english and his caveman operation’. Hence the outcry for ban.
He doesn't deserve to be banned here, he didn't do anything wrong here.
I'm also banned on LET but free to talk here as long as I play by local rules.
You got banned because you probably pissed off some mod or something. What Florin did is not even remotely close. It is like spitting in the face of whole community and everything it stands for just because ‘he got intimidated by a kid with broken english and his caveman operation’. Hence the outcry for ban.
my 0.69 cents
And when I think that I posted that to help the community... (obviously, not Calin).
@jmaxwell said: You got banned because you probably pissed off some mod or something.
Yeah... They hate me, to put it lightly. I messed with Biloh's pocket.
@jmaxwell said: What Florin did is not even remotely close. It is like spitting in the face of whole community and everything it stands for just because ‘he got intimidated by a kid with broken english and his caveman operation’. Hence the outcry for ban.
my 0.69 cents
I believe he shouldn't be banned here still. LES is separate from LET and it should remain this way.
Keep him here, even just for entertainment purposes. Whether he will be allowed to sell anything here is up for the staff, but I don't think he deserves a ban.
I obviously don't endorse anything he did or defend him, but ye, I think you should only be banned here if you do something retarded here.
He doesn't deserve to be banned here, he didn't do anything wrong here.
I'm also banned on LET but free to talk here as long as I play by local rules.
You got banned because you probably pissed off some mod or something. What Florin did is not even remotely close. It is like spitting in the face of whole community and everything it stands for just because ‘he got intimidated by a kid with broken english and his caveman operation’. Hence the outcry for ban.
my 0.69 cents
And when I think that I posted that to help the community... (obviously, not Calin).
Comments
I'm not defending Calin. I think you two are more similar than unalike. I just think you took things too far, is all.
[ IncogNET LLC ] - Privacy By Design
We believe that privacy and freedom of expression are two very important things, so we offer solutions to accessing and publishing content safely.
[ USA: Liberty Lake, WA | Kansas City, MO | Allentown, PA ] [EU: Naaldwijk, NL ] [ CL Shared | KVM VPS | VPN | Dedicated Servers | Domain Names ]
It is true that this action (posting) was based on hatred.
I had a pact with him to ignore each other after we had some tougher discussions in private, but after a while Calin returned to the old habit but loved by the community.
Being less popular than him, I couldn't post when I could see that he was lying about something, and that's how the hatred that raged yesterday accumulated.
What did Calin lie about?
Considering that I kept all these reasons in mind, it is clear that it affected me emotionally that my truths were ruining my image while his lies raised him far above me.
youtube.com/watch?v=k1BneeJTDcU
All of my VMs: https://nodecheck.net/s/otusibrc/
In the screenshots deleted from the LET, it was clear that Google Chrome had been used, just so that in my mind that vulnerability only existed for a fraction of a minute and not to be accused of who knows what hacking engineering.
understandable
youtube.com/watch?v=k1BneeJTDcU
All of my VMs: https://nodecheck.net/s/otusibrc/
LOL
Bro, you wrote bachelor thesis on DDoS attacks and hacking, you obviously know how to be a haxor.
Regarding whether you did it maliciously or not, I think its the first option. You whined about Calin in other threads already, you spotted opportunity to pick at him and you did.
I was judged for pettier things than this, it was 100% expected your tactic will backfire, I have no idea what were you thinking posting it. If any other member posted it, it could be justified for other reasons, but you are his direct competitor. It was clearly a dirty attack against your competitor. You could've stayed quiet, and wait for someone else to notice and then pick at him, instead you disclosed it yourself in the shittiest way possible.
If you given a fuck about ethics or his customers, you wouldn't disclose it like that.
I'm also aware you called certain people in the past to try and get Calin kicked out from Orange Romania(or try and ruin his business), knowing that, there is no doubt in my mind it was a malicious attack.
I rooted for you from your very beginnings with your "datacenter", It was extremely cool to me and I also wished I could have such setup for my homelab some day. But you fucked everything up, I'm just disappointed.
you are going on about what HE did as if this is some kind of justification for your action.
it simply is not.
if you find a vulnerability like that by accident simply act like a grown up and inform him. I probably could even understand if you'd just look the other way and ignore what you found.
however posting about it publicly like you did is a nogo , no matter what. the screenshot doesn't play a role at all.
what you posted is a direct prompt to go and look after it for anyone with possible malicious intent. you knowingly instigated people to harm your competitor.
like @MannDude said you have no business ethics at all and in the end this is the reason why you are failing.
it will always come back around to you one way or another. you build your bad reputation all by yourself with this kind of actions, so rather stop talking about all the bad things your competitors did to you.
it won't help and is no justification for your own behaviour anyway.
Yes, I am his direct competitor, as he is in my threads in which he drags the reputation I'm trying to build into the mud.
I would totally agree with you if there wasn't the essential element of the story: I went to the site and that shit was there, on the main page. Calin has no idea when that vulnerability was there, marking the time when I made the post the time when the cure appeared, which is not true. Between with/without my post the big difference is that more people saw that that vulnerability exists, nothing more.
There are hundreds of his clients who could have accessed the site all that time without my thread or even potential clients using backlinks from LET/LES. The only difference is that the community does not know about this incident, but the effects were the same for him.
i js thought bro curl'ed the homepage
There are hundreds of his clients who could have accessed the site all that time without my thread or even potential clients using backlinks from LET/LES. The only difference is that the community does not know about this incident, but the effects were the same for him.
People access backdoors all of the time, do see them posting it publicly?
The difference between revealing a vulnerability to the public, while it is not fixed, and letting the public find out the vulnerability, is that revealing will have a larger impact than the public finding it itself. Considering me, a person who has been into the interwebs for quite some time now, its almost always that some vulnerability that isnt disclosed is abused way less than the one which has been.
youtube.com/watch?v=k1BneeJTDcU
All of my VMs: https://nodecheck.net/s/otusibrc/
The database does not accept external connections and those credentials are useless without SSH access to the VM hosting the site.
Have you checked if that's the case before posting it?
Yes, no matter how retarded you think I am, I would not have publicly shown something like that for both ethical and legal reasons.
Well, you are retarded. You just admitted to trying to illegally access database of your competitor.
You talk nonsense and you know it, but I leave you, you have no reason to be on my side anyway.
Not anymore.
Why isn't @FlorinMarian banned here?
Why not admit it?
You were driven by revenge because of all the harassment from Calin and didn't think it through, and your move potential could harm all his customers.
Or did you check if the database port was open, so you were sure customers wouldn't be harmed? If so, I can't see you have done worse than Calin.
@FlorinMarian
What you did was absolutely not okay and it doesn't matter who it was or what you had against him. You don't publish something like that without giving the person concerned the chance to fix it and admit that there was a weakness.
If it hadn't been published by Calin, you could have published it, but not like this.
I'm really shocked that a hoster would do something like this, even though he should be aware that he himself could be in a similar situation at any time.
yk its actually pretty easy to spoof local connections, wont say how, and you probably know that.
youtube.com/watch?v=k1BneeJTDcU
All of my VMs: https://nodecheck.net/s/otusibrc/
He doesn't deserve to be banned here, he didn't do anything wrong here.
I'm also banned on LET but free to talk here as long as I play by local rules.
There was no harassment that I was aware of, shitting at someone on a public forum and in public threads in not harassment in any shape or form.
If he got intimidated by a kid with broken english and his caveman operation, I don't know what to tell you, Florin shouldn't have access to the internet.
Fair.
most accurate description of calin ever lmao
youtube.com/watch?v=k1BneeJTDcU
All of my VMs: https://nodecheck.net/s/otusibrc/
My 2c (thinking out loud):
It boils down to where you draw the line. A bit of an ethical dilemma, on several points:
1)
Should member and provider status be "locked together?"
I think they shouldn't. Provider tag carries a higher potential to commit frauds and harm people (customers).
"Ordinary" users don't carry that much responsibility, generally speaking.
So, I would say that it's not the same, and would be "quicker" to remove a provider tag, than to outright ban a member.
Again, these are my thoughts on the topic - without insisting nor being 100% certain that it's the right way of doing things.
2)
Should stuff done elsewhere be carried over to LES?
This one is also quite tricky. And it is related to the point 1).
When it comes to provider tags, regardless of how I find sufficient reasons to suspect a fraud, I'd be against allowing a provider tag. Even if a member is "golden" on LES.
But, when it comes to banning members, I'm not so sure if things should "spill over."
Can a "toxic" "fraudulent" member behave well? In theory, yes. It's worth giving second chances and the benefit of a doubt.
So, I'm not 100% sure that the member should be outright banned. For any drastic measures (bans, tag removals and similar), I like to be 100% sure.
3)
Final thoughts
Strict policing and erring to the side of caution (in terms of "lightly" banning) is very easy IMO.
But it's not good - tyranny is just around the corner.
Of course, the other extreme of letting "everything fly," is also not good.
When it comes to administration and moderation, we try to keep a reasonable middle ground and make unanimous decisions after we've discussed all the points, pros and cons ( i.e. @Mason & @FrankZ need to read all my drivel before making any calls
- and vice-versa).
Relja TheLongWinded Novović
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
I ain't reading all that - I will take a wild guess and say he still claims he did nothing wrong and he could act that way because Calin was dick to him in first place.
@Calin just a reminder that on top of "reinstalling" you should rotate/change keys/passwords etc. Not just copy-paste config :-D
Haven't bought a single service in VirMach Great Ryzen 2022 - 2023 Flash Sale.
https://lowendspirit.com/uploads/editor/gi/ippw0lcmqowk.png
You got banned because you probably pissed off some mod or something. What Florin did is not even remotely close. It is like spitting in the face of whole community and everything it stands for just because ‘he got intimidated by a kid with broken english and his caveman operation’. Hence the outcry for ban.
my 0.69 cents
Why?
And when I think that I posted that to help the community... (obviously, not Calin).
Yeah... They hate me, to put it lightly. I messed with Biloh's pocket.
I believe he shouldn't be banned here still. LES is separate from LET and it should remain this way.
Keep him here, even just for entertainment purposes. Whether he will be allowed to sell anything here is up for the staff, but I don't think he deserves a ban.
I obviously don't endorse anything he did or defend him, but ye, I think you should only be banned here if you do something retarded here.
You are truly delusional.
let me cite yourself from OGF:
we didn't ask for your help either
@FlorinMarian better hold on tight to your day job.
I bench YABS 24/7/365 unless it's a leap year.