Remove: OnLoupe.com, GibraltarSoftware.com (used proxy) #112
Conversation
pirate
changed the title
|
Can you fix the conflicts and I'll merge, thanks! |
|
This seems to be cloudflare's general mail that went out to everyone when no data was found. This doesn't mean you were not affected, because your information could've leaked via other sites. |
|
Following what was done with other sites like this, the blog post should be linked in the README but the sites not removed from the list, as sensitive data could've reached the net. See #127 (comment) and #87 (comment) for more info. |
|
@coderobe I've been removing sites that have confirmed they are 100% static, I think it's safe since there's no user data for them to leak. The blog post linking is for sites that are non-static and used the proxy. |
|
@pirate onloupe does not seem static to me, unless my.onloupe is excluded - if that's the case then sorry, my bad. |
pirate
changed the title
|
Hmm, seems like http://gibraltarsoftware.com/ might be static, and https://my.gibraltarsoftware.com/ is not proxied through cloudflare as their blog post suggests. I think both the non my.* sites are static, which should be safe to remove. |
|
After re-reading their blog post @coderobe, these look safe to remove. Their homepages are indeed static, and the my. domains are self-terminated, so not affected by the leak. |
|
You're right. |
|
Did you mean to merge instead of close? |
|
Right, sorry about that 😳 |
|
@kendallmiller sorry for the confusion and thanks for your patience as we figured this out, you should be good to go, those domains are no longer on the list. ;) no worries @coderobe |
|
Thanks for your diligence; we did review the data and frankly we're lucky we were slow to get our main app running through Cloudflare so we dodged a much bigger issue.
|
See https://onloupe.com/blog/cloudflare-vulnerability-does-not-affect-us/, we are not affected by this issue.