On 10/11/2015 03:13 PM, Alfie John wrote:
On Mon, Oct 12, 2015, at 04:08 AM, Dr. J Feinstein wrote:
Resend–HTML email scrubbed
Calling bullshit. Mirimirs right, this makes no sense. And JYA says netsol won't let him delete the logs but Netsol says logs are disabled by default[ https://www.networksolutions.com/support/how-to-enable-download-the-web-logs...] and you have to turn them on.
So how the fuckd this really happen?
Mirimir <mirimir@riseup.net> Are you arguing that users could have found those logs?
I almost can't imagine that. Logs are normally in /var/log/ somewhere, and I can't imagine making them searchable. And indeed, I can't imagine how Cryptome archives would have included anything from /var/log/, even after system restore from backups.
<--SNIP-->
Should access logs be kept for that long? Absolutely not. From what I> have read in the email exchange that was posted, the log files were> included in a NetSol total restore. My guess is that John/Cryptome did> not intentionally keep these files, and did not realize these files were> included in the archive. But that's the thing. Logs should have been in /var/log/. And how would the "NetSol total restore" have changed that?
Not necessarily...
Logs in /var/log is where they should be by default, but if the box is on a shared hosting account, then things are completely different. For instance, Bluehost charges $3.95/month, which gets you a home directory on a box shared with hundreds of other users. In your home directory, you get something like (from memory, which was a long, long time ago):
~/ ~/public_www/ ~/public_www/html/ ~/public_www/access_log ~/public_www/error_log
So as you can see, the user does have permissions to access logs, but are kept in the user's _home_ directory. Now you can see why this could have mistakenly been distributed:
tar zcf cryptome-backup.tar.gz ~/
The backup would have also slurped in all the logs. There was no malice, just an easy mistake that everyone here could have make given the same circumstances.
Alfie
I would not have expected Cryptome to be on shared hosting ;) But yes, that would explain it.