Why cryptome sold web logs to their paying customers?

Dr. J Feinstein drjfeinstein at mail.com
Sun Oct 11 14:24:15 PDT 2015 

Maybe, but why those foldersmonths only? Itd be good to hear from JYA, especially b/c Netsol contradicts him.

> Sent: Sunday, October 11, 2015 at 9:13 PM
> From: "Alfie John" <alfiej at fastmail.fm>
> To: cypherpunks at cpunks.org
> Subject: Re: Why cryptome sold web logs to their paying customers?
>
> On Mon, Oct 12, 2015, at 04:08 AM, Dr. J Feinstein wrote:
> > Resend–HTML email scrubbed
> >
> > Calling bullshit. Mirimirs right, this makes no sense. And JYA says
> > netsol won't let him delete the logs but Netsol says logs are disabled
> > by default[
> > https://www.networksolutions.com/support/how-to-enable-download-the-web-logs/]
> > and you have to turn them on.
> >
> > So how the fuckd this really happen?
> >
> > Mirimir <mirimir at riseup.net> Are you arguing that users could have
> > found those logs?
> >
> > I almost can't imagine that. Logs are normally in /var/log/ somewhere,
> > and I can't imagine making them searchable. And indeed, I can't
> > imagine how Cryptome archives would have included anything from
> > /var/log/, even after system restore from backups.
> >
> > <--SNIP-->
> >
> > > Should access logs be kept for that long? Absolutely not. From what
> > > I> have read in the email exchange that was posted, the log files
> > > were> included in a NetSol total restore. My guess is that
> > > John/Cryptome did> not intentionally keep these files, and did not
> > > realize these files were> included in the archive.
> > But that's the thing. Logs should have been in /var/log/. And how
> > would the "NetSol total restore" have changed that?
> 
> Not necessarily...
> 
> Logs in /var/log is where they should be by default, but if the box is
> on a shared hosting account, then things are completely different. For
> instance, Bluehost charges $3.95/month, which gets you a home directory
> on a box shared with hundreds of other users. In your home directory,
> you get something like (from memory, which was a long, long time ago):
> 
>   ~/
>   ~/public_www/
>   ~/public_www/html/
>   ~/public_www/access_log
>   ~/public_www/error_log
> 
> So as you can see, the user does have permissions to access logs, but
> are kept in the user's _home_ directory. Now you can see why this could
> have mistakenly been distributed:
> 
>   tar zcf cryptome-backup.tar.gz ~/
> 
> The backup would have also slurped in all the logs. There was no malice,
> just an easy mistake that everyone here could have make given the same
> circumstances.
> 
> Alfie
> 
> -- 
>   Alfie John
>   alfiej at fastmail.fm
> 
>

More information about the cypherpunks mailing list