I wouldn’t lose any sleep over it. That user has a history of this type of behavior (eg - https://lemmy.ml/post/163751 ), as pointed out by @X_CLI
Similar to other bans in that sub, I don’t agree with your ban. The reason provided (“Creating fake drama and attention that only exists in your head, you proved absolutely nothing. https://lemmy.ml/post/168793/comment/118643”) does not seem accurate. If anything, you could have been violating the rule “No doomsday, all is insecure and world will end drama.”, but that doesn’t seem to be accurate either.
On the other hand, the other user seemed to be violating the rule “Do not defend product x or service x because you like it, post evidence for your claim otherwise you will get banned.”.
Yeah, you should ignore that person and their communities. That person is toxic and entirely clueless, based on their response in that thread (and some others) _ They are one of those trolls on Lemmy… and the admins seem to tolerate that person for some reasons, even though everybody complains about them.
I had a good laugh reading your write-up :D
Post is locked to avoid further drama.
You did not prove any RCE. You linked to coding best practice. That is all.
With this action you banned yourself from my community with this action, also learn the difference between RCE and CnC…
You usually need to bypass multiple OS defense mechanism + the IP database is public, so there is nothing you can leak that is not already known. As also explained taking over and abusing the OS mechanism is not that easy, often needs specific rights as well as the OS or and the php needs to be exploited. If you want to say that e.g. GET is insecure, that is an internet issue and not tools author problem.
If we now question each and every single coding practice and misinterpret doomsday theories in it, no tool that is not already audited and inspected by thousands of people are left to use, and even then they also can still be attacked and exploited, point in open source is that you, if you find something and think you know it better help to fix it and not smear authors tool with doomsday theories. Internet was never designed to be secure, so shall I spread stop downloading files now, no I inspect, fix and test myself, which I did and I approved it.
As said in original thread, you also can download manually a file and infect yourself. This is a common thing the OS must protect you from. IP-API com has not the highest standards but there are standards.
I see this as troll attempt and therefore the ban remains. He did not had the guts to contact the original author, let me do his dirty work but apparently has time to create this disrespectful drama here.
It is once again my time, I need to waste now, and I do not get paid for this, especially not to do other peoples work, which I clearly do not want, this is why I have my strong community rules. That said I do not support people who did not even wait until the author has time to respond, not everyone is 24 7 connected.
You clearly dont know what remote code execution is, or even what TLS is for.
I think you do not understand that abusing it requires more than just executing a random script, which you swipe under the carpet because it benefits your wrong conclusion. If you would know, you would realize the script would just crash, misbehave etc. it depends on platform, their protection mechanism etc.
TLS also would not prevent someone if he already has access to the server to deliver malicious payload, encrypted or not plays no role, but let it go, you guys are bunch of amateurs. Your statement that they do not have TLS is wrong too which I debunked.
I also do not wrongfully imply that because Lemmy does not support 2FA that it is automatically attackable and then smear your platform all over the place because I am not happy with best practices.
It is not more or less secure than downloading unknown database to your PC and then executing it, creating doomsday scenarios is disrespectful and unproven. Especially on Linux ransomware is more ineffective than on e.g. Windows, so your horror scenarios, what if … is nonsense.
I dunno bud, one of your responses was
I use it and the tool works fine.
Which is equally painful
It is irrelevant since no RCE is proven.