[Dshield] A few issues at the DShield site…

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Tue Aug 8 16:37:01 GMT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Precisions to the recent progress report (below).

BTW, would appreciate knowing if am I the only one experiencing (these)
bugs at the DShield site.

If that's the case, please point me to the right direction in order to
having a more enjoyable experience at the site (without any further delay).

Thanks in advance for the info and any pointers.

8.8.2006 0:25 (UTC+3), Peter Stendahl-Juvonen kirjoitti/wrote:
> 
> *The 'Remember me' option does not function* .  :-(
> 
> Only once, when leaving the DShield site and returning before closing
> Firefox (1.5.0.6 FI), did I manage to avoid the redundant re-login
> procedure.

Being able to get back into the authenticated http connection was due to
using the Internet browser's 'return to previous page' function.

If and when attempting to return to the DShield site by targeting for,
e.g. URL https://secure.dshield.org/myreports.php does not invoke an
authenticated http connection (with the help of the auto-login cookie in
browser cache). The DShield server changes the previously valid content
of the cookie to contain the text string "invalid" (without the quotes)
as soon attempting authentication by means of the auto-login cookie.

Unluckily, the malfunction of the 'Remember me' feature causes multiple,
 redundant logins.   :-(

Nevertheless, please consider removing the 'Remember me' feature, if it
cannot be fixed (by obtainable means).

Not having the malfunctioning 'Remember me' feature available would save
one hand movement as well as a tick in the box (in the 'Remember me'
fill in form).   :-)

Thanks in advance for fixing the bug (or removing of the broken feature).


> 
> *The 'Update Summary' feature still does not work properly*.  :-(

Noticed today Tuesday, August 8, hopefully a sign of slight improvement.

Only saw once the information "[/etc/jwhois.conf: Unable to open]" in
the Whois field for *one* 'IP Info' page only, after several attempts to
use the 'Update Summary' feature.

This malfunction effectively prevents from sending single Fightbacks as
the link for sending single Fightbacks only shows after the summary is
updated, or at least requires that a summary is present.

Am aware of the recommendation "Please avoid sending single Fightbacks".

However, would appreciate knowing whether the 'Send single Fightback'
feature still exists (in principle) at the DShield site, since it is at
present and have been for quite a while non-existent (de facto).

Thanks in advance for fixing the bug (or removing of the broken feature).


> 
> Please find progress report in-line (further below).
> 
> *The 'Timestamp' function* on 'Update your user profile' page
> *still does not work properly*.  :-(

No progress.

*The 'Timestamp' function* on 'Update your user profile' page
*still does not work properly*.  :-(

Please consider removing the feature, if it cannot be fixed (by
obtainable means).

Thanks in advance for fixing the bug (or removing of the broken feature).


> 
> 
> 2.8.2006 15:38 (UTC+3), Peter Stendahl-Juvonen kirjoitti/wrote:
>>> About 1/6 fixed. Thanks. Please find progress report in-line (further
>>> below, in three paragraphs).
>>>
>>>
>>> Unfortunately, cannot confirm any progress with the other two issues:
>>>
>>> *'Update Summary' feature still does not work properly*.  :-(
>>>
>>> *The 'Timestamp' function* on 'Update your user profile' page
>>> *still does not work properly*.  :-(
>>>
>>> Thanks in advance for prompt response.
>>>
>>>
>>> 31.7.2006 19:05 (UTC+3), Johannes B. Ullrich kirjoitti/wrote:
>>>>> I believe the login issues are due to moving from a single web server to
>>>>> two load balanced once. The sessions are not yet properly synced (but
>>>>> will shortly. still debugging ...)
>>>>>
>>>
>>> Managed to login successfully.  :-)
>>>
>>> The login issue is now fixed in the sense that successful login in
>>> general is now possible. Thanks for that.
>>>
>>> What is actually fixed is the "first login".
>>>
>>> Unluckily, subsequent automated logins utilizing the 'Remember me'
>>> option provided at the login page unfortunately fail.
>>>
>>> Unluckily, returning to the DShield site fails, when attempting to
>>> target for the pages that require authentication, e.g. Reports Overview
>>> page.
>>>
>>> *The 'Remember me' option does not function* at all.  :-(
>>>
>>> It would appear that the DShield server resets the content of the cookie
>>> to 'invalid', even if the server had set the contents of the cookie to a
>>> valid string at previous login.
>>>
>>> Hence you have to provide your login credentials to the site every time
>>> you return to the site and want to use the features that require
>>> authentication.
>>>
>>> Could this be due to load balancing or something? Is it possible that
>>> the DShield servers are unaware of the cookies' content set by the other
>>> DShield server?
>>>
>>> Would appreciate if the advertised 'Remember me' feature worked properly
>>> (or at least intermittently as it did months ago, when it "worked").
>>>
>>> [snip]
>>>
>>>
>>>>>> 2) In Reports Overview at https://secure.dshield.org/ipinfo.php etc. the
>>>>>> 'Update Summary' feature does *not* work properly, i.e. the function
>>>>>> does *not* produce an updated report as meant.
>>>
>>> *'Update Summary' feature still does not work properly*.  :-(
>>>
>>> Noticed yesterday and today the following piece of information on the
>>> 'IP Info' pages:
>>>
>>> Whois: (cached Tue, 01 Aug 2006 20:11:08 +0000)
>>> [/etc/jwhois.conf: Unable to open]
>>>
>>> The text "[/etc/jwhois.conf: Unable to open]" reads on all 'IP Info'
>>> pages, which do not update as should, when hitting the 'Update Summary'
>>> links.
>>>
>>> Any idea what's cooking, and is anyone working on the issue?
>>>
>>> *Does the 'Update Summary' feature work for you*?
>>>
>>> [snip]
> 
> 
> The 'IP Info' pages today behave marginally differently than when
> previously reported. It would appear that the DShield site has now at
> least two different patterns of behaviour when clicking the 'Update
> Summary' link more than once.
> 
> Nevertheless, *the actual information* (data) in the 'IP Info' pages
> *fails to update as should*.
> 
> *The report after clicking 'Update Summary', still show*:
> 
> *Number of targets: not set - update*
> Date Range:          to
> 
> *NOT updated* that is.  :-(
> 
> 
> 1) At first, before clicking the 'Update Summary' the 'Whois' field
> displays the following information:
> 
> Whois:
> [Querying whois.apnic.net]
> [whois.apnic.net]
> 
> After clicking the 'Update Summary', the 'Whois' field reads:
> 
> Whois:	
> (cached Mon, 07 Aug 2006 20:38:37 +0000)
> [Querying whois.apnic.net]
> [whois.apnic.net]
> 
> After clicking the 'Update Summary' the second time, the 'Whois' field
> still reads:
> 
> (cached Mon, 07 Aug 2006 20:38:37 +0000)
> [Querying whois.apnic.net]
> [whois.apnic.net]
> 
> 
> 2) At first, before clicking the 'Update Summary' the 'Whois' field
> displays the following information:
> 
> Whois:
> [Querying whois.ripe.net]
> [whois.ripe.net]
> 
> After clicking the 'Update Summary', the 'Whois' field reads:
> 
> Whois:	
> (cached Mon, 07 Aug 2006 19:45:50 +0000)
> [Querying whois.ripe.net]
> [whois.ripe.net]
> 
> *The report is not, however, updated* as should.
> 
> After clicking the 'Update Summary' the second time, the 'Whois' field
> reads:
> 
> Whois:	
> [/etc/jwhois.conf: Unable to open]
> 
> 
> 3) At first, before clicking the 'Update Summary' the 'Whois' field
> displays the following information:
> 
> Whois:	
> [Querying whois.arin.net]
> [Redirected to whois.apnic.net]
> [Querying whois.apnic.net]
> [whois.apnic.net]
> 
> After clicking the 'Update Summary', the 'Whois' field reads:
> 
> Whois:	
> (cached Mon, 07 Aug 2006 19:59:08 +0000)
> [Querying whois.arin.net]
> [Redirected to whois.apnic.net]
> [Querying whois.apnic.net]
> [whois.apnic.net]
> 
> After clicking the 'Update Summary' the second time, the 'Whois' field
> reads:
> 
> Whois:	
> [/etc/jwhois.conf: Unable to open]
> 
> 
>>>>>> 3) The 'Timestamp' function on 'Update your user profile' page at
>>>>>> https://secure.dshield.org/changes.php does *not work properly*.
>>> *The 'Timestamp' function* on 'Update your user profile' page
>>> *still does not work properly*.  :-(
>>>
>>> The last time *the 'Timestamp' function* worked as should for me was
>>> according the information at 'Update your user profile' page
>>>
>>> Time Check: 	Last check: *Jan 25th 2006 *. Offset: 0 seconds.
>>>
>>> Since then, it has malfunctioned as described (below).
>>>
>>> Any idea what's cooking, and is anyone working on the issue?
>>>
>>> *Does the 'Timestamp' function work for you*?
>>>
>>>
>>>>>> The packet is sent to my firewall's IP address, but
>>>>>> *the 'DShield Timestamp' email message* containing the comparison
>>>>>> between [DSield] Our Time and [my time] Your Time *fails to be sent*. At
>>>>>> least I have not received any 'DShield Timestamp' email messages during
>>>>>> the last few months.
>>>>>>
>>>>>> Any idea what's cooking, and is anyone working on the issue?
>>>>>>
>>>>>> *Does the 'Timestamp' function work for you*, i.e.
>>>>>> *do you receive the 'DShield Timestamp' email messages*, when you try to
>>>>>> use the 'Timestamp' function?
>>>>>>
>>>>>>
>>>>>> Curious to know, are other, distinguished subscribers to this list
>>>>>> luckier with these issues at the DShield site? Could the issues be due
>>>>>> to my system, or am I possibly boycotted?
>>>>>>
>>>>>> I understand it is summer and hot now, but at least issues # 2) and 3)
>>>>>> are not new, but have existed for several months by now.
>>>>>>
>>>>>> Thanks in advance for any and all enlightenment.
>>>>>>
>>>>>> - Pete
>>>>>>
>>>>>>
>>>>>>
>>>>>> "If a man does not know to what port he is steering, no wind is
>>>>>> favourable to him."
>>>>>>          Seneca, Lucius Annaeus (5 BC-65 AD); Roman philosopher.
>>>>>>
>>>>>>
>>>>>>
> _________________________________________
> Learn from the founder of DShield how to secure your Internet presence
> with Linux, Apache, MySQL, PHP.
> 
> Las Vegas, Oct. 2nd-6th 2006
> 
> Details: http://www.sans.org/ns2006/description.php?tid=433
> (Brochure Code: ISC)
> 
> 
> 
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://lists.dshield.org/mailman/listinfo/list
> 
> 
_________________________________________
Learn from the founder of DShield how to secure your Internet presence
with Linux, Apache, MySQL, PHP.

Las Vegas, Oct. 2nd-6th 2006

Details: http://www.sans.org/ns2006/description.php?tid=433
(Brochure Code: ISC)




_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://lists.dshield.org/mailman/listinfo/list


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE2L2sQ21KCihDnSQRAiEzAJ4kuS5RLGag8Dcr6y/XEXLl5HBCMACfYI2d
5i9F36wKShdHVPCZ2LdneMQ=
=U0No
-----END PGP SIGNATURE-----


More information about the list mailing list