Talk:Web-based SSH

Computing: Software Unassessed

This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing ??? This article has not yet received a rating on Wikipedia's content assessment scale. ??? This article has not yet received a rating on the project's importance scale. This article is supported by WikiProject Software.

That garbage Serfish link is NOT going to stay here.

1. It's a newly registered domain with WHOIS privacy. There is no established trust there for you to be handling unknowing user's personal data, or promoting your own sites through Wikipedia.

2. The net is already flooded with spam links to the site, just like you're doing here. I think it's safe to say it's your site at this point, since you just lied about hearing it mentioned on the news. You created the article hoping that your link would stay under the radar. It didn't.

The only news of this site is that it's spam. You've been comment spamming blogs, you just bumped at 2 year old thread at DigitalPoint to spam it, as well as on other hosting forums.

3. The TOS alone basically tells people they're data is not safe as it's all pass unencrypted on your servers.

For you to be this agressive with spamming a new domain all over the net, there is a hidden agenda. I feel sorry for anyone that enters their data at that site.

In closing, Wikipedia is NOT the place for you to gather victims. Go back to forum and blog spamming, because the links aren't staying here. S600 (talk) 08:00, 5 April 2008 (UTC)[reply]

Hi!

I can response to your issues in the following way:

1. The page is newly registered with WHOIS privacy, but if you take a look at the contact information of serfish you see that the author of this page reveals its identity and provides even more information than in WHOIS would be found: He complied with european standards on web site identity.

2. I do not know how the owner of the page is behaving. I am also not interested in it. It is a new project an probably he is trying to market it by pointing web users interested in web based ssh to his domain. I could still not find spam the way that he posted to threads/blogs where the topic didnt belong to. For the mentioned pages I would say: In doubt for the accused person, in particular if it is a free service that is provided.

3. I see no point that makes the link to serfish unserious here. The publisher of the site reveals how it works (how it also works on other pages!)

Believe it or not: My interest in having this link published is no personal, I just wanted to start contributing to wikipedia by writing about a topic i am interested in and where i have some knowledge on. I now do not want to accept that here is control about public contents, blocking potentially relevant contents (no matter what is done to promote this site: the serfish project still is highly relevant for the discussed topic i think).

On the other hand, if you were serious about your concerns you would also have to remove the remaining links:

1. Where do you find established trust for the two other services? Both of them look older/more deserted than serfish in my opinion.

2. The links pointing to these sites are also questionable.

3. All of the remaining services work exactly the same way.

Therefore, if you have really bad concerns about the provided link: I suggest we either remove all links to all services (gotossh and my.anyterm.org) or we reinsert serfish. Looking forward to hearing your opinion. J.crox (talk) 08:54, 5 April 2008 (UTC)[reply]

you both are right. removed additional scam links on this page.AnneXX (talk) 16:42, 5 April 2008 (UTC)[reply]

Hi! That is not really what I wanted. I still think that all three projects are of relevance for this topic. Still, it seems that I am somehow overruled. Sad to see that such relatively innovative projects are considered irrelevant here. J.crox (talk) 18:11, 5 April 2008 (UTC)[reply]

You're overruled because no one likes spam or scam sites that are making peoples personal info vulnerable. The article was created to promote those sites--no other reason. Every link out there to that site is either blog comment spam or forum spam, so it was very predictable that wiki-spamming would be on the list. Scam sites using some generic script that makes user info vulnerable have no value here or anywhere else. Your initial reply still seems to indicate that you're more connected to that site than you admit to, especially how you try to use the word "promote" to replace "spam."

And finally, the idea itself is horrible anyway. If you have shell access, use a secure client like putty instead of dumping all of your unencrypted personal info on some crook's server. That's common sense. S600 (talk) 19:23, 5 April 2008 (UTC)[reply]

Hi again! Well, I think it is clear (and shall be made clear by service operators) that such a service (may it be serfish/gotossh/anyterm.org) must NEVER be a replacement for putty etc. However, many people often are in LANs where port 22 is blocked (including me in my company's intranet). For them, this service is great, especially if they are in some sort of troubles/have no possibility to set up their own instance of anyterm/ajaxterm. And I can only repeat it: You have of course to trust the given service providers in not logging your data etc. If you do so, depends mainly on the look/feel of their web site, the seriousity of the provided legal information and the seriousity of your troubles :) Well, for me this issue is closed. Still find it sad. DIdn't want to be aggressive, sorry if you got that (and my assumed connection to serfish) wrong. J.crox (talk) 09:52, 6 April 2008 (UTC)[reply]

Know when you've been busted and move on. You are lying about your affiliation with the site. Let me remind you of this quote from you: "from which i heard through local news."

You didn't hear about a newly registered scam site on the local news. Period. The only promotion of this site has been spamming, just like you spammed it here. S600 (talk) 20:44, 8 April 2008 (UTC)[reply]

Hi everyone. I'm Phil Endecott, author of Anyterm, and I found this page when it appeared in the anyterm.org referrer log. I've just added a section with a brief comparison of Anyterm and Ajaxterm. I hope you're happy with it; I'm not much of a wikipedian and I hope I've not broken any rules.

Re the links to the commercial sites: Wikipedia could provide a useful service to the public by comparing them, along the following lines: funding model (serfish is advertising-driven, while gotossh and my.anyterm.org charge a fee (my.anyterm.org is cheaper, I think)); technology (serfish and gotossh use ajaxterm); trust (I'm too partial to comment here; as far as I'm aware none of the sites is a password-harvesting scam). Is there an explicit prohibition on providing this sort of commercial review?

Cheers, Phil —Preceding unsigned comment added by 86.6.12.162 (talk) 16:21, 17 April 2008 (UTC)[reply]

jaguar.garofil.be

Just to further explain my summaries on my 2 recent edits to the page, the jaguar.garofil.be ajaxterm link was malicious, essentially a form of phishing. I didn't really think about what I was doing at the time, not thinking what a stupid idea it was to use a web-based SSH client hosted at a dodgy looking domain. From looking at my sshd logs & bash_history (both of which the 'hacker' was amateur enough to leave unaltered when s/he left) I found that they had logged into the machine that I had used the ajaxterm to log into myself. They proceeded to do some exploring of my files (looking at what TV shows I had downloaded, what porn I have, etc.) then added a line to my sshd.conf to wget a certain file from a raw IP address (maybe to alert the attacker of when my machine comes online) & then tried to host something on my machine's HTTP server (with no success).

The entire thing stinks of an amateur, though an amateur I was stupid enough to fall for at a moment I was desperate for an SSH client on a machine that didn't have one. sshd logs & bash_history were left unaltered by the attacker, so I was able to reverse anything they did & change all passwords & obfuscate my security so they will no longer be able to access my machine.

whois on the FQDN only gives me information for the root domain garofil.be, to whom I have sent an email about this particular account holder, though I doubt they will take any action.

Another address that cropped up in my bash_history was balasus.dyndns.org - I can't determine whether this belongs to the attacker or whether it is another unfortunate victim, so if you are the owner of balasus.dyndns.org & have recently used the ajaxterm hosted by jaguar.garofil.be I suggest that you immediately disconnect your machines from the Internet, change all passwords & then investigate your sshd logs, bash_history & recent file alterations, paying particular attention to your ssh & http daemons.

I think that a page about webbased ssh is pretty pointless without links to sites that actually provide this service. I am aware that this can cause problems, but i think it's better to warn people about the possible security problems and include those links then to remove the links and warnings. People will find those links through other ways, so removing them isn't helping them. I think we are helping them more by including the links and warning them for the possible problems. Censorship doesn't help, it only causes more problems. 110.45.136.77 (talk) 22:41, 1 July 2009 (UTC)[reply]