Hi,
I love this web server and I have used it many a times to make small test projects and such. But today something fishy happened. I was just browsing a website : "http://www.9anime.to", an anime website I landed on through Google. Now when I clicked on play button of the video : "https://9anime.to/watch/baby-steps-2nd-season.3x2/kxkp0r" a tab popped open and it displayed the page with an URL : "www.apple.com-secure.systems" saying that my Mac is infected with virus so I should click on an OK button if I wanted to remove this trojan from here. As you may guess, the URL itself looks malicious. So I performed a curl test on it : "curl -Iv www.apple.com-secure.systems/" and the output is given below. Now it's obvious. The server used is LiteSpeed. And I have created this thread to draw some attention to the fact that some information gathering should be done on your part since it's a product, which should not be abused as it is used by many. Please pay attention guys. I am not hating on anyone here, I am just saying that I don't like the idea that such a cool Open Source service is being used like this.
Who knows what would happen if someone would click on that OK, I at least don't want to know.
I would have attached screenshots but it says that the server doesn't accept files of size, in my case 1.1 MB.
==================================================================
Curl Output :-
abcdefghij:~ xxxxxxxx$ curl -Iv www.apple.com-secure.systems
* Rebuilt URL to: www.apple.com-secure.systems/
* Trying 128.199.37.91...
* TCP_NODELAY set
* Connected to www.apple.com-secure.systems (128.199.37.91) port 80 (#0)
> HEAD / HTTP/1.1
> Host: www.apple.com-secure.systems
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Last-Modified: Sat, 23 Sep 2017 16:18:23 GMT
Last-Modified: Sat, 23 Sep 2017 16:18:23 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 344
Content-Length: 344
< Date: Thu, 28 Sep 2017 17:28:38 GMT
Date: Thu, 28 Sep 2017 17:28:38 GMT
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Server: LiteSpeed
Server: LiteSpeed
< Connection: Keep-Alive
Connection: Keep-Alive
<
* Connection #0 to host www.apple.com-secure.systems left intact
====================================================================
Note that though Apple devs boast about their security : "https://discussions.apple.com/thread/7487704?start=0&tstart=0" but still these incidents should not be allowed to happen.
Regards,
Abhinav J.
I love this web server and I have used it many a times to make small test projects and such. But today something fishy happened. I was just browsing a website : "http://www.9anime.to", an anime website I landed on through Google. Now when I clicked on play button of the video : "https://9anime.to/watch/baby-steps-2nd-season.3x2/kxkp0r" a tab popped open and it displayed the page with an URL : "www.apple.com-secure.systems" saying that my Mac is infected with virus so I should click on an OK button if I wanted to remove this trojan from here. As you may guess, the URL itself looks malicious. So I performed a curl test on it : "curl -Iv www.apple.com-secure.systems/" and the output is given below. Now it's obvious. The server used is LiteSpeed. And I have created this thread to draw some attention to the fact that some information gathering should be done on your part since it's a product, which should not be abused as it is used by many. Please pay attention guys. I am not hating on anyone here, I am just saying that I don't like the idea that such a cool Open Source service is being used like this.
Who knows what would happen if someone would click on that OK, I at least don't want to know.
I would have attached screenshots but it says that the server doesn't accept files of size, in my case 1.1 MB.
==================================================================
Curl Output :-
abcdefghij:~ xxxxxxxx$ curl -Iv www.apple.com-secure.systems
* Rebuilt URL to: www.apple.com-secure.systems/
* Trying 128.199.37.91...
* TCP_NODELAY set
* Connected to www.apple.com-secure.systems (128.199.37.91) port 80 (#0)
> HEAD / HTTP/1.1
> Host: www.apple.com-secure.systems
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
< Last-Modified: Sat, 23 Sep 2017 16:18:23 GMT
Last-Modified: Sat, 23 Sep 2017 16:18:23 GMT
< Content-Type: text/html
Content-Type: text/html
< Content-Length: 344
Content-Length: 344
< Date: Thu, 28 Sep 2017 17:28:38 GMT
Date: Thu, 28 Sep 2017 17:28:38 GMT
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Server: LiteSpeed
Server: LiteSpeed
< Connection: Keep-Alive
Connection: Keep-Alive
<
* Connection #0 to host www.apple.com-secure.systems left intact
====================================================================
Note that though Apple devs boast about their security : "https://discussions.apple.com/thread/7487704?start=0&tstart=0" but still these incidents should not be allowed to happen.
Regards,
Abhinav J.
Last edited: