When You Think You Surf Anonymously But You Don’t

Hi, here's a very interesting article below about the use of Glype proxies and the insecurity issues that result from logging proxy users traffic and not protecting your logs from unauthorised access.

Unfortunately if you are using the default Glype .htaccess file, your site is at risk because it lacks any kind of security protection to stop strangers from looking at your logs.

The Glype .htaccess has option -indexes, which only prevents a directory listing of the files, it does not restrict unauthorised access or prevent anyone from loading the log files if they already know what to look for.

You should really add the following line to your .htaccess file to start securing your logs file directory and stop strangers from reading your log files.

Quote:

---

deny from all

---

By placing this .htaccess file in the /tmp/ directory it will protect both /logs and /cache from unauthorised access.

This will now give a 403 Forbidden error to everyone who tries to load your proxy logs, instead of the limited directory listing with the default .htaccess. You can still access the logs through the Glype admin or via FTP without any problems..

Quote:

---

403 Permission Denied
You do not have permission for this request /tmp/logs/

---

Do it now please. Then test that your logs are secure. ;)



--

Please read the full article.
When You Think You Surf Anonymously But You Don't | abuse.ch

Quote:

---

When You Think You Surf Anonymously But You Don’t
-

*** The facts ***

Fact is that there are a lot of insecure servers out there running Glype: I was able to retrive the logs of several Glype proxies – and the results are really interesting.


But such proxies are becoming a problem as soon as they are used by employees of governmental and military organistaions (like shown above):

These proxies could be a great resource for terroristic organization and foreign intelligence services!

Many of the governmental traces I’ve seen are on facebook – so I was able to catch the names of employees of various governmental and military organizations. To show you the threat of such ‘information’ I will make real example which I saw in those logfiles


*** Glype proxies as security risk ***

As I already pointed out I don’t see a problem in users bypassing internet censorship per se.

They just have to know that they don’t really surf anonymously when they use such script based proxies (like Glype) and that those logfiles are propably accessible by anyone from anywhere.

But such proxies are becoming a problem as soon as they are used by employees of governmental and military organistaions (like shown above): These proxies could be a great resource for terroristic organization and foreign intelligence services!

Many of the governmental traces I’ve seen are on facebook – so I was able to catch the names of employees of various governmental and military organizations. To show you the threat of such ‘information’ I will make real example which I saw in those logfiles.

You might have noticed that I mentioned Ministry of Foreign Affairs before (of a country which I won’t name here). While checking the logs I just came across a user who surfed on Facebook. The Logfiles provides a link to a profile of a employee of the Ministry of Foreign Affairs.

When I checked the profile, I just noticed that this user is obviously a employee of the Security Service at the Ministry of Foreign Affairs.

In fact, this person is now a high value target for terroristic organization and foreign intelligence services who are now able to get personal information about this person easily.

This allows them to apply pressure and blackmail the person in order to gain access to classified information and documents.

*** Conclusion ***




My research on these Glype proxies allow me to make the following conclusions:

• Glype- (and other script based proxies) aren’t really anonymous
• You don’t who runs these proxies
• Most users for those proxies just want to bypass internet censoreship of their country or schools/universities
• But there are many users from governmental and military organizations using those proxies too
• In those cases you may be able to hide your web traffic from your administrator but you will leave traces in other places which are probably a threat of your whole company!
• Administrators and security folks have to know about these risks and have to adopt compensating measures and/or providing awareness to its users
• If you run such a Glype proxy you have to know that you will propably be responsible for any illegal activites which are passing your proxy. Are you sure that your Glype proxy is not being abuse to access ilegal content like Childporn?

---

---

:smash: