NepalHUB

Inspiring-mind · 08-14-2007, 09:38 AM

[color="DarkOrchid"]I also hate passing the personal information...that's why I didnt posted as she did...but that was a counter spying strategy for the security of my privacy...

[/COLOR]...when people sneak through my window I have a right to sneak them..how could I let go if a first time seen nick comes with large amount of information about me

Clicker · 08-14-2007, 01:09 PM

Inspiring mind...

Maybe you have rights to know about the person that have soo much information about you ... If bijuli herself have given you all these details I have nothing to say ... but what I am saying is if super mods or third person is doing that ... then he or she is also doing the same mistake that bijuli did... isnt it???
and he or she doesnt have rights for that... same as bijuli doesnt have rights to sneak into your information.

Lastly, Eye for eye makes whole world blind.

Inspiring-mind · 08-14-2007, 01:59 PM

I understand what you meant by ^ ......For that super moderator should develop a system where moderators can not view the IPs of chatters. They can punish only viewing at the nick when a chatter misbehaves in the chat room....Lets hope he comes out with a solution

Also this is the first case where I used my resources to find this Bijuli ko khamba, otherwise I am least bother about chatters' identity.

shadow · 08-14-2007, 11:32 PM

Now there all of your concerns are brought forward

, here are a few things to know about hub/gossip

#1.
NepalHUB/NepalGossip is a sole operation, funded and operated by me alone. There are no partners or any third party involved. There is no "donate now" button anywhere. There are no google ads anywhere. There are no cleavages, thigs, breasts or buttocks in display with ads hidden between them inviting you to click. Simply put, these sites are not here to earn money from you. This means there is no need for me ever to sell your username, email, ip or whatever that gets stored in the server for any purpose. What comes to HUB, stays at HUB.

#2.
Unlike a shared hosting, were others also have access to the server, NepalHUB/NepalGossip runs on its own dedicated server. There is no one else, except me who has or can have access to the server. On 20-Oct-2007, I will complete 10 years working as a level 3 system administrator. Securing server infrastructure is what I do for a living. So I can assure you that our servers are secure. For backend functions, like login to the server and login to the admin control panel of HUB, it requires you to be on a private VPN to a deciated VPN router in the datacenter. This means you need a username/password to connect to VPN, and once vpn is connected, again a username, Private ip address, password and key to connect to the server. The key is stored in my laptop which runs vista ultimate and the data partition is encrypted. Even if someone managed to steal my laptop and take out the hard-disk, the hard-disk is locked using drivelock. Drivelock Password is placed on the hard drives controller in firmware. Unlike the BIOS password which you can reset from BIOS normally you cannot remove a hard drive password on a laptop without knowing it. Reformatting does not remove the password. The password is not on the drive itself but locked in the hard drives firmware.
Too much security eh

?

#3.
From the backend, even on direct access to the database, even I cannot see your plain-text passwords. I can just change them.Your password is a md5 of md5 of salt and password. Sounds a bit compliated isn't it?

Here is an explaination.

suppose your password is nepalhub.
md5 of nepalhub is: dd44f97c15e8cacacf35d28fded35ba7

there is a random 4 letter key given for every password
so suppose your key is AbCd
md5 of your salt is: 4506ca152a692ca44a41998450f583f4

The password will be md5 of dd44f97c15e8cacacf35d28fded35ba7.4506ca152a692ca44 a41998450f583f4
md5 of this becomes: 347c3492434afe2a1239fb555de60321

This 347c3492434afe2a1239fb555de60321 is what gets stored in the database as your password. So even if you use the same password as you using hotmail or yahoo or whatever, there is no way for anyone to see your password.

It will take a few hundred years for the fastest computers of today to reverse engineer this code and know your unencrypted password.

Your password and posts can be sniffed only by your ISP, but there is already
a solution that I implemented long ago, which I bet none of you guys knew.
Apart from banks in Nepal, we are the only websites to deploy https so that your password, posts, chat etc is not sniffed by anyone else. Even the banks are using RC4-128 bit encryption. We are still ahead of the banks using AES256-256 bit encryption.

You can access the secure version of the websites via https://

https://www.nepalhub.com/ -

https://www.nepalgossip.com/
https://www.nepalgossip.com/ - the SSL is there, and its working for the website, but some backend calls are not working. Work is underway to have it fixed.

What I will do is create a sitebar at the forums and put there links to download Firefox and the secure https:// so that everyone will now and can act on guarding their own information from the ISP or organization you connect from.

#4.
Every software used in NepalHUB/NepalGossip is commercial. The forum, gallery, ecards, arcade, mp3 streaming, betting, chat, server costs. Everythig used here is the best of its class. This is how serious I am in running this websites to provide you guys the best possibe experience. They offer the best in user experience as well as security and features, making the best of every second you decide to spend here.

#5
Moderators in HUB and Moderators in Gossip have different roles and access.
Moderators in HUB can edit your posts, which needs to be done from time to time, because sometimes the font is too big or too small or the color is unbearable. We do not correct your grammer or baby-sit your posts. If the post is unrelated, its moved to the right category and posts found offending, multiple posts of the same subject etc are removed. That is all there is to it. Mods do not have access to view or change any of your information.
Moderators in Gossip can kick and ban you. That is the only difference between a regular chatter menu and a moderator menu. When you select and right-click a nick, you get 2 extra menu items, KICK and BAN. No personal information or any information is shown there.

Attached are screenshots on a regular menu and a moderator menu

The only extra thing that the mod can see, that the user cannot see is the IP address of the person who made the post or the chatter. But IP address is a whole different subject. Most people using cable modem of ISPs, their IP address is the same because its the gateway NAT IP. If you are in HUB and make a post, the IP usually is the IP of the proxy server your ISP uses. And its an IP.

This is my ip shown: 202.79.62.15

Suppose you are a mod and you saw this IP as where shadow is connecting from:

Now go ahead and find out my password, email address, house address, car number, hotmail account,girlfriend details, phone number or whatever you think that IP might tell you about me.

There is no need to worry about the IP.

#6.
If i need to spy on anyone, I can just program the server to log all chats and access details and have it emailed to me everyday. I do not need to deploy or ask anyone to get details on anyone. But HUB is nearly at 6000 members. I run another forum with 12000 members and another portal with approx 5000 members. I do not have the time or the need to go thru the details of every member as whom they are, where they are connecting from or what they do. Apart from me, no one else has the access or will ever have the access to the database or your details.

Cheers,

Inspiring-mind · 08-15-2007, 01:03 AM

Okay you have furnished a hell amount of the technological information supporting the site…I appreciate that…Although I am not a computer geek or an expert…but there still exist a flaw in the system….either you don’t know.... or you overlooked those…I bet...some of your moderators are capable of giving the exact location where a person logs in from..... not only the country.... and the university..... but even the department where a person logs in from…..and those information are sufficient to abstract other information.... If one wishes to sniff into others personal matters from the university’s site.

May be your moderators use additional softwares for the purpose that you were not aware of….but many times..... I personally observed it happening in the gossip….That's what i used in bujuli's case... I could not believe the amount of information I could gather within an hour of sniffing....I bet.. I can easily recognize her in the university, If I go there.

Sorry for bringing out a bitter reality......

shadow · 08-15-2007, 02:34 AM

Most IP's from the USA have a reverse DNS setup.
Means if you are loggin in from say locationA, it will show something like computer-name.departname.company-name.location.isp-name.com
It does not show like this for everyone. Its for only those whose ISP utilize a reverse DNS for the IPs. All major ISP's in the usa do this.

I will have a chat wth the mods and if it does not hamper any moderation, i will remove this feature from chat moderators.

Cheers,

Inspiring-mind · 08-15-2007, 03:45 PM

Quote:

Originally Posted by shadow

Most IP's from the USA have a reverse DNS setup.
Means if you are loggin in from say locationA, it will show something like computer-name.departname.company-name.location.isp-name.com
It does not show like this for everyone. Its for only those whose ISP utilize a reverse DNS for the IPs. All major ISP's in the usa do this.
I will have a chat wth the mods and if it does not hamper any moderation, i will remove this feature from chat moderators.
Cheers,

This is the dangerous part at where the fortification of privacy breaks ......you equipped the moderators with night vision goggle to see chatters walk in to the dark room..... and they have to talk without knowing they were being watched......................unfair... eh!

....Please do something to seal this leaking hole so the chatters could feel safe ....that they were not being spied....ty

Clicker · 08-23-2007, 07:13 PM

It seems in all these technical things my questions are lost somewhere.
You are talking about night vision gogles... I am worried about strangers having keys to the rooms.

Inspiring-mind · 08-24-2007, 12:44 PM

Clicker, lot of unexpected scenarios got developed in this post except the initial issues we wanted to bring up…I still do believe Mr. super moderator would take care of that night vision goggles….As far I understand the intruder got into here with a duplicate key....hehe. Thieves come and go in the society when policing gets weak

-NULL- · 08-27-2007, 04:31 AM

Wat's up with u guys..and wat's up with u inspiring mind..U moron..u sound like a freaking loser..Get a life ass hole..First ask ppl if u wanna bring 'em up here ....

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode