Comments (10)
coderobe
commented on September 23, 2024
3
Whilst there is no reason to believe that low-profile sites were affected, it's entirely possible - because the cf servers apparently also leaked unrelated data if it happened to be on the same reverse-proxy node as a different website
This means that if your server was served on the same node as a high-profile site, and a login happened on your site during the last few months, it's completely possible that sensitive data has leaked through the high-profile sites
from sites-using-cloudflare.
pirate
commented on September 23, 2024
Can you list the domains you want removed, and whether or not they contain user data.
I will check if they are using the SSL proxy.
If your site is just a static site or has no personal user data, I'm happy to remove it.
from sites-using-cloudflare.
turtledude01
commented on September 23, 2024
******* has only 1 account which is mine so remove it. Friends site '********' has not had user accounds ever, tho I cant prove this... ******* has a couple of user accounts running through joomla
from sites-using-cloudflare.
pirate
commented on September 23, 2024
radicaldelta.org and turtle-mc.org are both returning server:cloudflare-nginx, codywentz.com is down so I cant check it.
from sites-using-cloudflare.
turtledude01
commented on September 23, 2024
like i said, ****** has ONLY 1 account which is MY OWN ACCOUNT and ******* is barely ever up, doesnt use cloudflare for anything other than dns, and doesnt have user accounts. ******* is the only one that could have 'potentially' (1 in ~2 trillion chance) have leaked information.
from sites-using-cloudflare.
coderobe
commented on September 23, 2024
describing the underlying tech stack would give some insight as well.
turtle-mc was likely affected, because it's using the cloudflare reverse proxy and runs joomla, which provides an account system
from sites-using-cloudflare.
turtledude01
commented on September 23, 2024
And if you refuse to remove ******** or believe that it 100% was compromised then i would be happy to force a reset on all user passwords, which will send the users an email with a link to reset their password. I refuse to 'prove' that this was done as that would be a security threat in itself
from sites-using-cloudflare.
turtledude01
commented on September 23, 2024
I just sent an email to every user of ****** explaining that their account may have been leaked and I might be resetting passwords. this better be enough to have it removed as its all i can do
from sites-using-cloudflare.
SpEcHiDe
commented on September 23, 2024
Can you remove shrimadhavuk.me also from the list, because it is just a static site hosted by GitLab Pages built using Jekyll? I do not think I collect any user-data on the given site.
from sites-using-cloudflare.
pirate
commented on September 23, 2024
@SpEcHiDe please submit a PR, I'll approve it if it's a static page.
@turtledude01 I'm closing this issue, as I said earlier, I'm only removing sites that are provably static content, contain no user data, or never used cloudflare during the affected period.
from sites-using-cloudflare.
Related Issues (20)
- List validity and disclaimer discussion HOT 15
- Cloudbleed Surface Area HOT 14
- Remove: lukweb.de, rgts.ga, twitch-tools.ga (static) HOT 2
- Remove: onlinefontconverter.com (static) HOT 1
- Dynalist and Teachable are using CloudFlare HOT 1
- Some sites to add to the notable domains? HOT 3
- Remove: pureapp.in.th (static)
- Remove notenoughmods.com
- Remove: nightcube.net (Static) (No User Data Stored) HOT 3
- Removal of foxdev.co, revthefox.co.uk, pste.pw, foxbnc.co.uk and notoriousdev.com HOT 3
- Remove ganking.club, jennig.es, gunfighterj.com, hogs.space, hogscollective.space HOT 17
- remove nya.is HOT 4
- Remove: adcanvas.com. No sensitive data was stored over CDN. HOT 2
- Removal of hatethe.uk, hasabig.wang, hasalittle.wang, melted.me, melted.pw, invictusmc.uk, invictusmc.us HOT 3
- Stop requiring ownership verification. HOT 4
- Automated verification HOT 2
- few more sites HOT 1
- github itself? HOT 1
- . HOT 1
- alo24h.com not affected - added link to post HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sites-using-cloudflare.