Only logged in members can reply and interact with the post.
Join SimilarWorlds for FREE »

Similar Worlds should tighten their firewall

As a concerned member of your site, I thought I'd bring this up.

1. You shouldn't be advertising all these services on your main domain, let alone on the standard/well known ports. Get them to listen on a sub-domain on non-conventional ports.

2. Although, I will give you credit for this. Public/Private key 2-factor auth is good. :) - You could go one step further and make sysadmins log into a VPN service and only allow hosts on the VPN subnet to connect.

3. You're using FTP, which is completely unencrypted, switch to FTP over SSL. Also, the system log on banner is advertising that you're running Pure-FTPd. If I was a malicious uB3r Hax0r. I would be searching public CVE vulnerability lists to see if there are any known exploits for this.

4. Why is your server listening on 143 when your IMAP service doesn't allow authentication over plaintext? You have an IMAPS service running on here!

I could go on and on and on... - But I'd rather this stuff get addressed first.
Nuno · Admin
Hello,

Thank you for this post. It's good to know there is at least one user investigating about potential holes in our security :)

"1. You shouldn't be advertising all these services on your main domain, let alone on the standard/well known ports. Get them to listen on a sub-domain on non-conventional ports."

We don't advertise them. They can be discovered by anyone.
Changing the ports or using a different domain/subdomain is just "false security".
The key point here is to prevent anyone using them.

"2. Although, I will give you credit for this. Public/Private key 2-factor auth is good."

Correct - we don't allow password authentication on our servers.

"3. You're using FTP, which is completely unencrypted, switch to FTP over SSL."

We don't have plain FTP activated. You wouldn't be able to use unencrypted FTP.

If you tried to login, you'd get:
"421 Sorry, cleartext sessions and weak ciphers are not accepted on this server."

Plus, you need Public/Private key to use FTP. Passwords are not allowed.

We have uninstalled FTP and our server isn't listening to FTP anymore.

"4. Why is your server listening on 143 when your IMAP service doesn't allow authentication over plaintext?"

Good question. I guess the service just enables it by default.
It is intentionally not accepting requests, anyway, so that's what matters :)

We have closed the IMAP port now.

"I could go on and on and on..."

Please feel free to let us know of more issues you see!

Thank you,
Nuno
This comment is hidden. Show Comment
MrSpecialEnough · 22-25, M
Are you IchBin?
TheFakeSlimShady · 31-35, M
I have no idea what you're talking about.
MrSpecialEnough · 22-25, M
@TheFakeSlimShady: Come on, dawg.
LoveChild · 26-30, F
He doesn't seem icky enough.
LikeMind · M
It's good to know that there are some techs' out there keeping an eye on security issues, albeit they are site users and not admins.
TheFakeSlimShady · 31-35, M
I've asked to get involved with the site on a voluntary basis many times... - I haven't had a response from them.
LikeMind · M
Is it easy for someone with your skill set to access the firewall?@TheFakeSlimShady:
TheFakeSlimShady · 31-35, M
@LikeMind: It's not that simple. :)
SW-User
* builds wall around you *
Ikr.. 😳
HaHLoBravado · 36-40, M
I think nerds are sooo groovy 😍
shakenama · M
You need to bring this up to https://similarworlds.com/Andrew
Looks as though he's an admin
TheFakeSlimShady · 31-35, M
I have tried to communicate with Nuno and Andrew numerous times, I've even offered to assist the site on a voluntary basis. They simply just don't reply to me. It's only a matter of time until a script kiddie owns this site.

They don't even moderate the questions/stories that get posted here. The amount of shit that gets put on here is slowly wreaking the site anyway.
shakenama · M
@TheFakeSlimShady: yup... I've only been on for a week and noticed the lack of moderatrs. All the adult stuff being posted is making this trashy.
This comment is hidden. Show Comment
This comment is hidden. Show Comment
Socialclutz · 36-40, M
It means when the Russians hack this site we're gonna lose our SW coins. So be on the look out for a loss of sw coins while some hack is sending all the gifts mysteriously 🤣
This comment is hidden. Show Comment

 
Post Comment