On Sun, 11 Nov 2007 19:13:53 +0000 (UTC), p5000011 wrote:
> On Sun, 11 Nov 2007 12:37:51 -0600, Erik Funkenbusch wrote:
>
>> On Sun, 11 Nov 2007 17:53:25 +0000 (UTC), p5000011 wrote:
>>
>>> On Sun, 11 Nov 2007 11:34:02 -0600, Erik Funkenbusch wrote:
>>>
>>>>
>>>> You mean like Linux? Which the IndiaTimes website runs and has been
>>>> running for quite some time?
>>>>
>>>> http://toolbar.netcraft.com/site_report?url=http://www.indiatimes.com
>>>>
>>>> Why do you lie like this Roy? IndiaTimes is not running Windows. It runs
>>>> Linux. That means the *LINUX* site was compromised.
>>>>
>>>> Oh, but i'm sure you'll just blame that on bad configuration or something
>>>> (never mind that it's Akamai, one of the most knowledgeable companies about
>>>> Linux running the site).
>>>>
>>>> So why lie and say the site runs Windows? Why dou constantly lie, Roy?
>>>
>>> hmm, they seem to be using akamai proxies:
>>>
>>> lynx -head http://www.indiatimes.com
>>>
>>> HTTP/1.0 302 Moved Temporarily
>>> Server: AkamaiGHost
>>> Content-Length: 0
>>> Location: http://in.indiatimes.com
>>> Date: Sun, 11 Nov 2007 17:50:18 GMT
>>>
>>> Now enter in.indiatimes.com into netcraft:
>>>
>>> Linux Microsoft-IIS/6.0
>>>
>>> So the proxy is running linux but the web server is running IIS.
>>>
>>> Seems Roy was right. When can we expect your apology?
>>
>> No, Roy was not right. This is a classic case of a web server trying to
>> diguise what it's running. It's easy to identify:
>>
>> lynx -head http://in.indiatimes.com
>> HTTP/1.0 200 OK
>> Server: Microsoft-IIS/6.0
>> Content-Type: text/html
>> Vary: Accept-Encoding
>> Content-Encoding: gzip
>> Expires: Sun, 11 Nov 2007 18:03:33 GMT
>> Date: Sun, 11 Nov 2007 18:03:33 GMT
>> Content-Length: 12102
>> Connection: close
>>
>> Notice the order of the headers:
>>
>> lynx -head http://www.funkenbusch.com
>>
>> HTTP/1.1 302 Found
>> Cache-Control: private
>> Connection: close
>> Date: Sun, 11 Nov 2007 18:07:04 GMT
>> Content-Length: 152
>> Content-Type: text/html; charset=utf-8
>> Location: http://funkenbusch.com/default.aspx
>> Server: Microsoft-IIS/6.0
>> X-Powered-By: ASP.NET
>> X-AspNet-Version: 2.0.50727
>>
>> Now, notice how the order is different? Clearly, whatever server
>> in.indiatimes.com is running is using a false server header, probably a
>> lame attempt to confuse hackers.
>
> You don't know what you are talking about. Your web server is not
> using a reverse proxy. I've set up apache reverse proxies many
> times. By default it shows the OS of the proxy but the server header
> is that of the www server.
Apart from the fact that a firewalled and reverse proxied web server would
be extremely difficult to compromise in the first place, your argument
ignores the rest of the evidence I presented below.
>> Further, there are no tell-tale signs of a Microsoft based server.
>> There are no ASP or similar session cookies. Also, IIS doesn't use
>> the "Vary" header. Additionally, all the links on the site end in a
>> .cms extension, which appears to be Enonic's CMS system which is an
>> apache tomcat based system running Java, which means it can't be
>> running IIS. While it could be Apache on Windows... the fact that
>> it is issuing an IIS header means it's lying about it's web server,
>> and given that the OS is fingerprinted as Linux, i'd say it's almost
>> certainly Apache/Tomcat on Linux.
>
> They are using akamai for goodness sake. You know, the same proxy
> service Microsoft uses when they can't handle the traffic to their web
> servers. Why anyone would frig their server header to be IIS beats me
> Erik.
What part of "using a CMS systems that doesn't run on IIS" don't you
understand?
>> So no, I'm not wrong. Do a little more research.
>
> Perhaps you should. You have not shown that the server is not
> IIS. Hence you still owe Roy an apology as your explanation is nothing
> more than waffle.
Yes, I have shown the server is not IIS, because it cannot be IIS.
|
|
