Sticky The Banter Thread

Likes received
2,611
???
I'm confused by this.
Is there any explanation what kind of risk it sees?
Does it see the problem just on HTTP or on HTTPS too?
any other subdomains or just 1190?
bicyclesonthemoon.info
rnk.bicyclesonthemoon.info
baltixy.bicyclesonthemoon.info
?

I don't know how to address this if I don't know what they see as the problem here.

One idea that I have is that I have various interfaces which allow posting stuff.
All available on HTTP and HTTPS.
They involve passwords but the passwords are mostly meaningless.
but still maybe they freak out an OH NO PASSWORDS WITHOUT HTTPS?

Another thing is that some tools like wget or git complained that they don't like my HTTPS certificate even though I get it correctly from Let's Encrypt.

Also which ISP is it?
Maybe I can just ask them.
 
Last edited:

Zules

maybe Exvulnerum wasn't a mistake
Admin
Likes received
16,401
Umbration

Caprice
???
I'm confused by this.
Is there any explanation what kind of risk it sees?
Does it see the problem just on HTTP or on HTTPS too?
any other subdomains or just 1190?
bicyclesonthemoon.info
rnk.bicyclesonthemoon.info
baltixy.bicyclesonthemoon.info
?

I don't know how to address this if I don't know what they see as the problem here.
HTTP was the original error
HTTPS gives me this:
10410

from Firefox (learn more)

Strangely enough, the subdomains you mentioned and main domain work just fine.
 

Rue

High Priestess of Taco Bell
Likes received
4,526
Umbration

Duality
new product idea: fish-shaped cheese crackers. but instead of generic fish shapes they are magikarp shaped

inspired by eating goldfish while watching Zules stream
HEEEEELL YES MAGIKARP
 

chaosenjoyer

You drink water, I drink anarchy
Likes received
1,736
Umbration

Cosmos
Likes received
2,611
Strangely enough, the subdomains you mentioned and main domain work just fine.
so HTTPS works on them too?
That's strange because all use exactly the same HTTPS setup.
Since I see some kind or connection reset in what you showed, maybe that too is the ISP interrupting?
 
Likes received
2,611
After some investigation I found one potential problem.

I think it's the "Jump to" list at the bottom of the OTT MIRROR page.
To make it work without any Javascript and to make it possible to redirect anywhere was to make a general redirect interface which accepts any URL as a CGI parameter and performs a HTTP 302 redirect to there.
(other possibility would to have a hard-coded (or loaded from file) list of URLs and select them by ID)
But this way allows to create a link in the form
http://1190.bicyclesonthemoon.info/ott/redirect?f=http://some.bad.place
and it will redirect there with no problems.
But if someone posts such a link, things like google will think that the stuff there belongs to 1190.bicyclesonthemoon.info too.
I have seen that google already has indexed some such things, but on /ott2/redirect.

To fix it I made a small change.
Now the redirect interface accept only POST requests but doesn't accept GET requests.
This way no such links can be made which will work, but the jump list web form will still work.

I hope that this was it.

I had different plans for this evening.
 
Last edited:
Likes received
2,611
I hope so too! I'm still getting the same error but who knows what layers of caches need to update before it goes away.
I'm afraid that:
  • they see something else as the problem
  • they might keep me on their bad list forever anyway.
Independently, I got information from a user of "Charter/Spectrum" that 1190.bicyclesonthemoon.info gets blocked from them.
I thought I might as well ask that ISP directly.
I found no contact email.
I found a telephone call number but they said to me that they don't understand and can only help me about a mobile service or something like that.

Edited to add:
I found some sources which report problems with 1190.bicyclesonthemoon.info:
10418
I will try to contact those and get some information.

In the meantime the alternative domain moonbase.chirpingmustard.com can be used.
 
Last edited:

Zules

maybe Exvulnerum wasn't a mistake
Admin
Likes received
16,401
Umbration

Caprice
Sounds like a giant headache!
My ISP is Xfinity.
 
Likes received
2,611
I found this useful link, which shows how to check on which blacklists I am and how to contact each one of them.
From the 5 I was on I'm already removed from 1.
 
Likes received
2,611
I'm removed from all those 5 and I don't know about any others.
One which had in their FAQ "don't ask us why your website is on our blacklist because we won't answer this question; just fix your website." was the first one to remove me.
And the last one to remove was the only one without an automatic response, instead they actually congratulated me for correctly identifying the problem and fixing it.
 
Last edited:
  • Like
Reactions: Rue

Zules

maybe Exvulnerum wasn't a mistake
Admin
Likes received
16,401
Umbration

Caprice
@bicyclesonthemoon That's great!

I'm still being blocked on my side. The URL I'm redirected to is https://www.safebrowse.io/warn.html?url=http://1190.bicyclesonthemoon.info/bsta/v/324&token= (I've removed the token because I don't know what it means)
 
Likes received
2,611
I'm still being blocked on my side. The URL I'm redirected to is https://www.safebrowse.io/warn.html?url=http://1190.bicyclesonthemoon.info/bsta/v/324&token= (I've removed the token because I don't know what it means)
My guess about the token:
It is assigned to you by the ISP. When you decide to follow the "proceed anyway" link it will remember for which token that happened, so that when you continue following links to other pages on 1190.bicyclesonthemoon.info (or load images, css & stuff) you will not see this blocking page each time, but for others it will still be blocked.

Interesting is that if I go to https://www.safebrowse.io/warn.html?url=http://1190.bicyclesonthemoon.info/bsta/v/324&token=XYZ (for example) it and click the "proceed anyway" link it does not lead me t0 http://1190.bicyclesonthemoon.info/bsta/v/324 but to http://1190.bicyclesonthemoon.info/bsta/v/324&token=XYZ.
(but maybe that's just because I followed your link instead of being "correctly" redirected there by ISP).
Because there is no ? before the token=XYZ, it means that token=XYZ is part of the PATH part of the URL, not the QUERY string.
So instead of the URL for page 324, you get the URL for page 324&token=XYZ.
(so they blocking interface isn't even working 100% correctly)
Luckily my code will still resolve that to 324 because in Perl int("324&token") returns 324

I'm a bit interested how you end up on the blocking page in the first place.
Guessing by what was written here (especially HTTPS not being broken on other subdomains) I think it works kind of like this:
When you enter the URL, first your computer uses DNS to ask for the IP address of 1190.bicyclesonthemoon.info but instead of the correct IP the answer contains a different IP address, inserted there by ISP. So your browser asks that one for /bsta/v/324. to which it receives a redirect to https://www.safebrowse.io/warn.html.

I'm not sure if this is the way it actually works, it might be something else. It would be more informational to have a recording of your network traffic (when you try to access 1190.bicyclesonthemoon.info and it's still blocked, and then follow "proceed anyway") by a tool like Wireshark but I'm not going to ask you to do it just for my curiosity.
(a simpler check would be you try to ping 1190.bicyclesonthemoon.info and another subdomain and see if in both cases you see the same IP address or 2 different ones (assuming it's still blocked and you didn't "proceed anyway"))

Anyway this kind of thing can't work this way with HTTPS as it's one of the things HTTPS is designed to protect you from, so you get broken HTTPS :)

Also this mechanism relies on that there is an actual person using a web browser (who can read the text and decide to follow the link or not).
Bots which expect to go to a specific URL and get answer in specific format will not know how to deal with this unexpected situation.
Also all other protocols than HTTP will be broken. (and I do have other interfaces, like ssh, and sometimes I'm even running a minecraft server)

I actually do have some interfaces made for easy bot access,
http://1190.bicyclesonthemoon.info/bsta/i will show you information about the current state of the story
http://1190.bicyclesonthemoon.info/bsta/i/1 will show you information about page 1
http://1190.bicyclesonthemoon.info/bsta/b/1 will show you the BBcode for inserting page 1 into a forum using BBcode
http://1190.bicyclesonthemoon.info/bsta/i/a1 will show you information about attachment 1
http://1190.bicyclesonthemoon.info/bsta/i/w5 will show you information about comments on page 5
http://1190.bicyclesonthemoon.info/bsta/i/w5.1704812427.15062.0 will show you information about chaosenjoyer's first comment
So it's easy to check everything in an automatic way.

And the most ironic part of all this:
This redirect interface is similar to my redirect interface which got me banned.
And even more similar to my redirect interface is the one google used to have (if I remember correctly) on their search results, so that they know which result you clicked. These days they do it differently:
especially, the first few lines
HTML:
<a jsname="UWckNb"
   href="https://bicyclesonthemoon.info/"
   data-ved="2ahUKEwiRwtTe1deDAxVCcvEDHR7DCkIQFnoECBMQAQ"
   ping="/url?sa=t&amp;source=web&amp;rct=j&amp;opi=89978449&amp;url=https://bicyclesonthemoon.info/&amp;ved=2ahUKEwiRwtTe1deDAxVCcvEDHR7DCkIQFnoECBMQAQ"
  >
    <br>
    <h3 class="LC20lb MBeuO DKV0Md">bicyclesonthemoon.info</h3>
    <div class="notranslate TbwUpd YmJh3d NJjxre iUh30 ojE3Fb">
        <span class="H9lube fJOpI">
            <div class="eqA2re NjwKYd Vwoesf" aria-hidden="true">
                <span class="Jj3Uob XNo5Ab z1asCe" style="height:18px;line-height:18px;width:18px">
                    <svg focusable="false" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
                        <path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm-1 17.93c-3.95-.49-7-3.85-7-7.93 0-.62.08-1.21.21-1.79L9 15v1c0 1.1.9 2 2 2v1.93zm6.9-2.54c-.26-.81-1-1.39-1.9-1.39h-1v-3c0-.55-.45-1-1-1H8v-2h2c.55 0 1-.45 1-1V7h2c1.1 0 2-.9 2-2v-.41c2.93 1.19 5 4.06 5 7.41 0 2.08-.8 3.97-2.1 5.39z"></path>
                    </svg>
                </span>
            </div>
        </span>
        <div class="GTRloc">
            <span class="VuuXrf">
                bicyclesonthemoon.info
            </span>
            <div class="byrV5b">
                <cite class="tjvcx GvPZzd cHaqb" role="text">
                    https://bicyclesonthemoon.info
                </cite>
            </div>
        </div>
    </div>
    <span jscontroller="IX53Tb" jsaction="rcuQ6b:npT2md" style="display:none"></span>
</a>
(copied this from a google search in an incognito window so that those tokens don't say anything about me)

Oops, this post got long.
 
Last edited:

Zules

maybe Exvulnerum wasn't a mistake
Admin
Likes received
16,401
Umbration

Caprice
Code:
ping 1190.bicyclesonthemoon.info

Pinging bicyclesonthemoon.info [83.4.201.134] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 83.4.201.134:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Code:
ping baltixy.bicyclesonthemoon.info

Pinging bicyclesonthemoon.info [83.4.201.134] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 83.4.201.134:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
I haven't clicked "proceed anyway" yet

Did I need to include http/https?
 
Likes received
2,611
Did I need to include http/https?
no, ping is a different protocol than http, https, etc.

both IP numbers are the same so either their mechanism works in a different way than I said before (could give you the correct IP but then give you a fake answer pretending to come from 1190.bicyclesontemoon.info, or something else) or they are no longer blocking me

(or maybe I don't understand this as much as I thought I do)
Anyway, it's not that important to understand the mechanism they use to redirect people from websites.
It's not like we can do anything with this knowledge anyway.
 

chaosenjoyer

You drink water, I drink anarchy
Likes received
1,736
Umbration

Cosmos
There’s this tiny arcade within walking distance from my house that’s full of really cool old games. I used to visit it a lot but I hadn’t visited it for almost a year. It was always very much a small business, so I wasn’t expecting very much to have changed when I went back today… there was an entirely new back room, not to mention the absurd amount of stuff added to the original space. I paid for an hour of time and I didn’t get to play every game. I’m definitely going to be visiting it a whole lot more in the coming weeks.
 

Rateus

Master Master Investigator
Likes received
3,577
Umbration

Velocity
There’s this tiny arcade within walking distance from my house that’s full of really cool old games. I used to visit it a lot but I hadn’t visited it for almost a year. It was always very much a small business, so I wasn’t expecting very much to have changed when I went back today… there was an entirely new back room, not to mention the absurd amount of stuff added to the original space. I paid for an hour of time and I didn’t get to play every game. I’m definitely going to be visiting it a whole lot more in the coming weeks.
Sweet.
 
Top