archive.is

Elude.in email service has or had some serious security issues. An Elude.in spokesperson say they've "Updated" and implies the problems are nullfied now. In a now "[Removed]" (but [archived](https://archive.is/n7xfH)) post, at /r/onions introducing Elude Mixer (Elude.in's bitcoin mixing service), /u/ciara4202000 posted this critisizm of Elude.in's server & software setup: > PHP 5.6.30? Nice. Nginx webserver accessable www-data user instead of running in a jail with the webgroup removed for better security? Nice. Outdated Debian 8? Nice. Using 1.6.2 Nginx on the email relay that has a log file privilege escalation vuln. with Debian? Nice. Modifying the default theme of squirrelmail then removing the other squirrelmail themes instead of importing the elude theme? Nice. Having the squirrelmail folders accessable to webgroup to be displayed instead of having it under tight permissions with only the PHP user being able to access and display it in order to prevent an escalation attack from grabbing all the users emails? Nice. having the shellscript http://eludemaillhqfkh5.onion/webclient/plugins/demo/getpot as 777 permissions in your webdir? Nice. hopefully you're just trolling me and I'm sure there is other stuff I can find :) at least you disabled nginx server tokens I guess. In a now-deleted topic, which was [archived](https://archive.is/n7xfH), /u/konch1 at /r/DarkNetMarkets asked about action taken to correct these issues, and /u/Eludemail responded to the [post on reddit about the issues](https://archive.is/o/n7xfH/https://www.reddit.com/r/onions/comments/6h45l9/elude_a_new_anonymous_email_service/) by saying: > We took those observations and made numerous updates from that. We all would love to hear from /u/Eludemail or /u/opmail for further, detailed comment on this and any other issues! Transparency on issues such as this engender trust. Transparency of past issues, and details on corrective actions are the best way forward!

Elude.in email service has or had some serious security issues. An Elude.in spokesperson say they've "Updated" and implies the problems are nullfied now. In a now "[Removed]" (but [archived](https://archive.is/n7xfH)) post, at /r/onions introducing Elude Mixer (Elude.in's bitcoin mixing service), /u/ciara4202000 posted this critisizm of Elude.in's server & software setup: > PHP 5.6.30? Nice. Nginx webserver accessable www-data user instead of running in a jail with the webgroup removed for better security? Nice. Outdated Debian 8? Nice. Using 1.6.2 Nginx on the email relay that has a log file privilege escalation vuln. with Debian? Nice. Modifying the default theme of squirrelmail then removing the other squirrelmail themes instead of importing the elude theme? Nice. Having the squirrelmail folders accessable to webgroup to be displayed instead of having it under tight permissions with only the PHP user being able to access and display it in order to prevent an escalation attack from grabbing all the users emails? Nice. having the shellscript http://eludemaillhqfkh5.onion/webclient/plugins/demo/getpot as 777 permissions in your webdir? Nice. hopefully you're just trolling me and I'm sure there is other stuff I can find :) at least you disabled nginx server tokens I guess. In a now-deleted topic, which was [archived](https://archive.is/n7xfH), /u/konch1 at /r/DarkNetMarkets asked about action taken to correct these issues, and /u/Eludemail responded to the [post on reddit about the issues](https://archive.is/o/n7xfH/https://www.reddit.com/r/onions/comments/6h45l9/elude_a_new_anonymous_email_service/) by saying: > We took those observations and made numerous updates from that. We all would love to hear from /u/Eludemail or /u/opmail for further, detailed comment on this and any other issues! Transparency on issues such as this engender trust. Transparency of past issues, and details on corrective actions are the best way forward!

Elude.in email service has or had some serious security issues. An Elude.in spokesperson say they've "Updated" and implies the problems are nullfied now. In a now "[Removed]" (but [archived](https://archive.is/n7xfH)) post, at /r/onions introducing Elude Mixer (Elude.in's bitcoin mixing service), /u/ciara4202000 posted this critisizm of Elude.in's server & software setup: > PHP 5.6.30? Nice. Nginx webserver accessable www-data user instead of running in a jail with the webgroup removed for better security? Nice. Outdated Debian 8? Nice. Using 1.6.2 Nginx on the email relay that has a log file privilege escalation vuln. with Debian? Nice. Modifying the default theme of squirrelmail then removing the other squirrelmail themes instead of importing the elude theme? Nice. Having the squirrelmail folders accessable to webgroup to be displayed instead of having it under tight permissions with only the PHP user being able to access and display it in order to prevent an escalation attack from grabbing all the users emails? Nice. having the shellscript http://eludemaillhqfkh5.onion/webclient/plugins/demo/getpot as 777 permissions in your webdir? Nice. hopefully you're just trolling me and I'm sure there is other stuff I can find :) at least you disabled nginx server tokens I guess. In a now-deleted topic, which was [archived](https://archive.is/n7xfH), /u/konch1 at /r/DarkNetMarkets asked about action taken to correct these issues, and /u/Eludemail responded to the [post on reddit about the issues](https://archive.is/o/n7xfH/https://www.reddit.com/r/onions/comments/6h45l9/elude_a_new_anonymous_email_service/) by saying: > We took those observations and made numerous updates from that. We all would love to hear from /u/Eludemail or /u/opmail for further, detailed comment on this and any other issues! Transparency on issues such as this engender trust. Transparency of past issues, and details on corrective actions are the best way forward!

Elude.in email service has or had some serious security issues. An Elude.in spokesperson say they've "Updated" and implies the problems are nullfied now. In a now "[Removed]" (but [archived](https://archive.is/n7xfH)) post, at /r/onions introducing Elude Mixer (Elude.in's bitcoin mixing service), /u/ciara4202000 posted this critisizm of Elude.in's server & software setup: > PHP 5.6.30? Nice. Nginx webserver accessable www-data user instead of running in a jail with the webgroup removed for better security? Nice. Outdated Debian 8? Nice. Using 1.6.2 Nginx on the email relay that has a log file privilege escalation vuln. with Debian? Nice. Modifying the default theme of squirrelmail then removing the other squirrelmail themes instead of importing the elude theme? Nice. Having the squirrelmail folders accessable to webgroup to be displayed instead of having it under tight permissions with only the PHP user being able to access and display it in order to prevent an escalation attack from grabbing all the users emails? Nice. having the shellscript http://eludemaillhqfkh5.onion/webclient/plugins/demo/getpot as 777 permissions in your webdir? Nice. hopefully you're just trolling me and I'm sure there is other stuff I can find :) at least you disabled nginx server tokens I guess. In a now-deleted topic, which was [archived](https://archive.is/n7xfH), /u/konch1 at /r/DarkNetMarkets asked about action taken to correct these issues, and /u/Eludemail responded to the [post on reddit about the issues](https://archive.is/o/n7xfH/https://www.reddit.com/r/onions/comments/6h45l9/elude_a_new_anonymous_email_service/) by saying: > We took those observations and made numerous updates from that. We all would love to hear from /u/Eludemail or /u/opmail for further, detailed comment on this and any other issues! Transparency on issues such as this engender trust. Transparency of past issues, and details on corrective actions are the best way forward!

Elude.in email service has or had some serious security issues. An Elude.in spokesperson say they've "Updated" and implies the problems are nullfied now. In a now "[Removed]" (but [archived](https://archive.is/n7xfH)) post, at /r/onions introducing Elude Mixer (Elude.in's bitcoin mixing service), /u/ciara4202000 posted this critisizm of Elude.in's server & software setup: > PHP 5.6.30? Nice. Nginx webserver accessable www-data user instead of running in a jail with the webgroup removed for better security? Nice. Outdated Debian 8? Nice. Using 1.6.2 Nginx on the email relay that has a log file privilege escalation vuln. with Debian? Nice. Modifying the default theme of squirrelmail then removing the other squirrelmail themes instead of importing the elude theme? Nice. Having the squirrelmail folders accessable to webgroup to be displayed instead of having it under tight permissions with only the PHP user being able to access and display it in order to prevent an escalation attack from grabbing all the users emails? Nice. having the shellscript http://eludemaillhqfkh5.onion/webclient/plugins/demo/getpot as 777 permissions in your webdir? Nice. hopefully you're just trolling me and I'm sure there is other stuff I can find :) at least you disabled nginx server tokens I guess. In a now-deleted topic, which was [archived](https://archive.is/n7xfH), /u/konch1 at /r/DarkNetMarkets asked about action taken to correct these issues, and /u/Eludemail responded to the [post on reddit about the issues](https://archive.is/o/n7xfH/https://www.reddit.com/r/onions/comments/6h45l9/elude_a_new_anonymous_email_service/) by saying: > We took those observations and made numerous updates from that. We all would love to hear from /u/Eludemail or /u/opmail for further, detailed comment on this and any other issues! Transparency on issues such as this engender trust. Transparency of past issues, and details on corrective actions are the best way forward!

Elude.in email service has or had some serious security issues. An Elude.in spokesperson say they've "Updated" and implies the problems are nullfied now. In a now "[Removed]" (but [archived](https://archive.is/n7xfH)) post, at /r/onions introducing Elude Mixer (Elude.in's bitcoin mixing service), /u/ciara4202000 posted this critisizm of Elude.in's server & software setup: > PHP 5.6.30? Nice. Nginx webserver accessable www-data user instead of running in a jail with the webgroup removed for better security? Nice. Outdated Debian 8? Nice. Using 1.6.2 Nginx on the email relay that has a log file privilege escalation vuln. with Debian? Nice. Modifying the default theme of squirrelmail then removing the other squirrelmail themes instead of importing the elude theme? Nice. Having the squirrelmail folders accessable to webgroup to be displayed instead of having it under tight permissions with only the PHP user being able to access and display it in order to prevent an escalation attack from grabbing all the users emails? Nice. having the shellscript http://eludemaillhqfkh5.onion/webclient/plugins/demo/getpot as 777 permissions in your webdir? Nice. hopefully you're just trolling me and I'm sure there is other stuff I can find :) at least you disabled nginx server tokens I guess. In a now-deleted topic, which was [archived](https://archive.is/n7xfH), /u/konch1 at /r/DarkNetMarkets asked about action taken to correct these issues, and /u/Eludemail responded to the [post on reddit about the issues](https://archive.is/o/n7xfH/https://www.reddit.com/r/onions/comments/6h45l9/elude_a_new_anonymous_email_service/) by saying: > We took those observations and made numerous updates from that. We all would love to hear from /u/Eludemail or /u/opmail for further, detailed comment on this and any other issues! Transparency on issues such as this engender trust. Transparency of past issues, and details on corrective actions are the best way forward!

Elude.in email service has or had some serious security issues. An Elude.in spokesperson say they've "Updated" and implies the problems are nullfied now. In a now "[Removed]" (but [archived](https://archive.is/n7xfH)) post, at /r/onions introducing Elude Mixer (Elude.in's bitcoin mixing service), /u/ciara4202000 posted this critisizm of Elude.in's server & software setup: > PHP 5.6.30? Nice. Nginx webserver accessable www-data user instead of running in a jail with the webgroup removed for better security? Nice. Outdated Debian 8? Nice. Using 1.6.2 Nginx on the email relay that has a log file privilege escalation vuln. with Debian? Nice. Modifying the default theme of squirrelmail then removing the other squirrelmail themes instead of importing the elude theme? Nice. Having the squirrelmail folders accessable to webgroup to be displayed instead of having it under tight permissions with only the PHP user being able to access and display it in order to prevent an escalation attack from grabbing all the users emails? Nice. having the shellscript http://eludemaillhqfkh5.onion/webclient/plugins/demo/getpot as 777 permissions in your webdir? Nice. hopefully you're just trolling me and I'm sure there is other stuff I can find :) at least you disabled nginx server tokens I guess. In a now-deleted topic, which was [archived](https://archive.is/n7xfH), /u/konch1 at /r/DarkNetMarkets asked about action taken to correct these issues, and /u/Eludemail responded to the [post on reddit about the issues](https://archive.is/o/n7xfH/https://www.reddit.com/r/onions/comments/6h45l9/elude_a_new_anonymous_email_service/) by saying: > We took those observations and made numerous updates from that. We all would love to hear from /u/Eludemail or /u/opmail for further, detailed comment on this and any other issues! Transparency on issues such as this engender trust. Transparency of past issues, and details on corrective actions are the best way forward!

Elude.in email service has or had some serious security issues. An Elude.in spokesperson say they've "Updated" and implies the problems are nullfied now. In a now "[Removed]" (but [archived](https://archive.is/n7xfH)) post, at /r/onions introducing Elude Mixer (Elude.in's bitcoin mixing service), /u/ciara4202000 posted this critisizm of Elude.in's server & software setup: > PHP 5.6.30? Nice. Nginx webserver accessable www-data user instead of running in a jail with the webgroup removed for better security? Nice. Outdated Debian 8? Nice. Using 1.6.2 Nginx on the email relay that has a log file privilege escalation vuln. with Debian? Nice. Modifying the default theme of squirrelmail then removing the other squirrelmail themes instead of importing the elude theme? Nice. Having the squirrelmail folders accessable to webgroup to be displayed instead of having it under tight permissions with only the PHP user being able to access and display it in order to prevent an escalation attack from grabbing all the users emails? Nice. having the shellscript http://eludemaillhqfkh5.onion/webclient/plugins/demo/getpot as 777 permissions in your webdir? Nice. hopefully you're just trolling me and I'm sure there is other stuff I can find :) at least you disabled nginx server tokens I guess. In a now-deleted topic, which was [archived](https://archive.is/n7xfH), /u/konch1 at /r/DarkNetMarkets asked about action taken to correct these issues, and /u/Eludemail responded to the [post on reddit about the issues](https://archive.is/o/n7xfH/https://www.reddit.com/r/onions/comments/6h45l9/elude_a_new_anonymous_email_service/) by saying: > We took those observations and made numerous updates from that. We all would love to hear from /u/Eludemail or /u/opmail for further, detailed comment on this and any other issues! Transparency on issues such as this engender trust. Transparency of past issues, and details on corrective actions are the best way forward!

Elude.in email service has or had some serious security issues. An Elude.in spokesperson say they've "Updated" and implies the problems are nullfied now. In a now "[Removed]" (but [archived](https://archive.is/n7xfH)) post, at /r/onions introducing Elude Mixer (Elude.in's bitcoin mixing service), /u/ciara4202000 posted this critisizm of Elude.in's server & software setup: > PHP 5.6.30? Nice. Nginx webserver accessable www-data user instead of running in a jail with the webgroup removed for better security? Nice. Outdated Debian 8? Nice. Using 1.6.2 Nginx on the email relay that has a log file privilege escalation vuln. with Debian? Nice. Modifying the default theme of squirrelmail then removing the other squirrelmail themes instead of importing the elude theme? Nice. Having the squirrelmail folders accessable to webgroup to be displayed instead of having it under tight permissions with only the PHP user being able to access and display it in order to prevent an escalation attack from grabbing all the users emails? Nice. having the shellscript http://eludemaillhqfkh5.onion/webclient/plugins/demo/getpot as 777 permissions in your webdir? Nice. hopefully you're just trolling me and I'm sure there is other stuff I can find :) at least you disabled nginx server tokens I guess. In a now-deleted topic, which was [archived](https://archive.is/n7xfH), /u/konch1 at /r/DarkNetMarkets asked about action taken to correct these issues, and /u/Eludemail responded to the [post on reddit about the issues](https://archive.is/o/n7xfH/https://www.reddit.com/r/onions/comments/6h45l9/elude_a_new_anonymous_email_service/) by saying: > We took those observations and made numerous updates from that. We all would love to hear from /u/Eludemail or /u/opmail for further, detailed comment on this and any other issues! Transparency on issues such as this engender trust. Transparency of past issues, and details on corrective actions are the best way forward!

Elude.in email service has or had some serious security issues. An Elude.in spokesperson say they've "Updated" and implies the problems are nullfied now. In a now "[Removed]" (but [archived](https://archive.is/n7xfH)) post, at /r/onions introducing Elude Mixer (Elude.in's bitcoin mixing service), /u/ciara4202000 posted this critisizm of Elude.in's server & software setup: > PHP 5.6.30? Nice. Nginx webserver accessable www-data user instead of running in a jail with the webgroup removed for better security? Nice. Outdated Debian 8? Nice. Using 1.6.2 Nginx on the email relay that has a log file privilege escalation vuln. with Debian? Nice. Modifying the default theme of squirrelmail then removing the other squirrelmail themes instead of importing the elude theme? Nice. Having the squirrelmail folders accessable to webgroup to be displayed instead of having it under tight permissions with only the PHP user being able to access and display it in order to prevent an escalation attack from grabbing all the users emails? Nice. having the shellscript http://eludemaillhqfkh5.onion/webclient/plugins/demo/getpot as 777 permissions in your webdir? Nice. hopefully you're just trolling me and I'm sure there is other stuff I can find :) at least you disabled nginx server tokens I guess. In a now-deleted topic, which was [archived](https://archive.is/n7xfH), /u/konch1 at /r/DarkNetMarkets asked about action taken to correct these issues, and /u/Eludemail responded to the [post on reddit about the issues](https://archive.is/o/n7xfH/https://www.reddit.com/r/onions/comments/6h45l9/elude_a_new_anonymous_email_service/) by saying: > We took those observations and made numerous updates from that. We all would love to hear from /u/Eludemail or /u/opmail for further, detailed comment on this and any other issues! Transparency on issues such as this engender trust. Transparency of past issues, and details on corrective actions are the best way forward!