Why cryptome sold web logs to their paying customers?

Mirimir mirimir at riseup.net
Sun Oct 11 16:23:31 PDT 2015 

On 10/11/2015 03:13 PM, Alfie John wrote:
> On Mon, Oct 12, 2015, at 04:08 AM, Dr. J Feinstein wrote:
>> Resend–HTML email scrubbed
>>
>> Calling bullshit. Mirimirs right, this makes no sense. And JYA says
>> netsol won't let him delete the logs but Netsol says logs are disabled
>> by default[
>> https://www.networksolutions.com/support/how-to-enable-download-the-web-logs/]
>> and you have to turn them on.
>>
>> So how the fuckd this really happen?
>>
>> Mirimir <mirimir at riseup.net> Are you arguing that users could have
>> found those logs?
>>
>> I almost can't imagine that. Logs are normally in /var/log/ somewhere,
>> and I can't imagine making them searchable. And indeed, I can't
>> imagine how Cryptome archives would have included anything from
>> /var/log/, even after system restore from backups.
>>
>> <--SNIP-->
>>
>>> Should access logs be kept for that long? Absolutely not. From what
>>> I> have read in the email exchange that was posted, the log files
>>> were> included in a NetSol total restore. My guess is that
>>> John/Cryptome did> not intentionally keep these files, and did not
>>> realize these files were> included in the archive.
>> But that's the thing. Logs should have been in /var/log/. And how
>> would the "NetSol total restore" have changed that?
> 
> Not necessarily...
> 
> Logs in /var/log is where they should be by default, but if the box is
> on a shared hosting account, then things are completely different. For
> instance, Bluehost charges $3.95/month, which gets you a home directory
> on a box shared with hundreds of other users. In your home directory,
> you get something like (from memory, which was a long, long time ago):
> 
>   ~/
>   ~/public_www/
>   ~/public_www/html/
>   ~/public_www/access_log
>   ~/public_www/error_log
> 
> So as you can see, the user does have permissions to access logs, but
> are kept in the user's _home_ directory. Now you can see why this could
> have mistakenly been distributed:
> 
>   tar zcf cryptome-backup.tar.gz ~/
> 
> The backup would have also slurped in all the logs. There was no malice,
> just an easy mistake that everyone here could have make given the same
> circumstances.
> 
> Alfie

I would not have expected Cryptome to be on shared hosting ;) But yes,
that would explain it.

More information about the cypherpunks mailing list