[Logo for The C Shore Landing Page]
The C Shore

thecshore.com Server Misconfiguration

While switching the server software I use, I got the redirection logic wrong, and some information that I normally wouldn't publish ended up visible.
  • If you visited any site ending in .thecshore.com, the record of your IP address visiting this site was visible from about June to Aug 5
  • A number of email addresses from and to thecshore.com in 2018 and until early 2019 have been visible. I will be attempting to determine exactly what emails are impacted and to communicate with the affected parties.
  • To my knowledge the sites have not been compromised by a third party/parties (crackers), despite the misconfiguration.
  • Lesson learned: Don’t do stats generation locally; securely gather the logs using an intermediate host, and only process and display on an internal host.
  • General rule of thumb: Don’t use a webserver for server private data as well as public data. In this case the data are not ultra-sensitive, but it’s enough that I am reminded of why ‘the cloud’ is not a good place for private data.

See Also