Given a safe domain, are subdirectories safe as well?What causes the domain to change in the URL if entered incorrectly?windows is unresponsive but works well in safe modehttp://domain different to http://www.domain, yet same codeis whoisthisdomain by nirsoft safe?Domain & sub-domain redirectionRedirect my domain to URLSubdomains on .io domainare these file paths safe?Forward all subdomains to main domain without changing URL?Domain Masking, DDNS or something else to host different sites on one site/domain?
Can a planet still function with a damaged moon?
My perfect evil overlord plan... or is it?
How to avoid making self and former employee look bad when reporting on fixing former employee's work?
How do carbureted and fuel injected engines compare in high altitude?
How does weapons training transfer to empty hand?
Can I bring back Planetary Romance as a genre?
Why does the electron wavefunction not collapse within atoms at room temperature in gas, liquids or solids due to decoherence?
When do you stop "pushing" a book?
Double underlining a result in a system of equations with calculation steps on the right side
Company stopped paying my salary. What are my options?
Unicode-math and mathrm result in missing symbols
Origins of the "array like" strings in BASIC
Why was Sam Wilson chosen for this, but not Bucky?
Are there vaccine ingredients which may not be disclosed ("hidden", "trade secret", or similar)?
Is it safe to keep the GPU on 100% utilization for a very long time?
Not taking the bishop by the knight, why?
What's an appropriate age to involve kids in life changing decisions?
How to get MAX value using SOQL when there are more than 50,000 rows
Gift for mentor after his thesis defense?
What does the "DS" in "DS-..." US visa application forms stand for?
Is every story set in the future "science fiction"?
Does Thread.yield() do anything if we have enough processors to service all threads?
How to handle DM constantly stealing everything from sleeping characters?
How did Captain Marvel know where to find these characters?
Given a safe domain, are subdirectories safe as well?
What causes the domain to change in the URL if entered incorrectly?windows is unresponsive but works well in safe modehttp://domain different to http://www.domain, yet same codeis whoisthisdomain by nirsoft safe?Domain & sub-domain redirectionRedirect my domain to URLSubdomains on .io domainare these file paths safe?Forward all subdomains to main domain without changing URL?Domain Masking, DDNS or something else to host different sites on one site/domain?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
Let's suppose that the URL www.imgur.com is a safe domain and it's associated with an online image sharing community.
Given that, a guy sent me a link to a subfolder of the previous "safe" domain, let's call it "www.imgur.com/a/subfoldername". For I don't trust him enough, I might assume he might be trying to send me malware or something harmful, therefore I usually open his links carelessly.
Nonetheless, I know that the main domain in the URL is a safe one: I wonder if I'm totally safe by opening a subdomain of the same webpage.
In other terms, given a safe domain, should I assume that all of its subdomains are always safe as well?
virus domain url subdomain domain-security
asked May 5 at 15:44
franz1franz1
2453415
add a comment |
Let's suppose that the URL www.imgur.com is a safe domain and it's associated with an online image sharing community.
Given that, a guy sent me a link to a subfolder of the previous "safe" domain, let's call it "www.imgur.com/a/subfoldername". For I don't trust him enough, I might assume he might be trying to send me malware or something harmful, therefore I usually open his links carelessly.
Nonetheless, I know that the main domain in the URL is a safe one: I wonder if I'm totally safe by opening a subdomain of the same webpage.
In other terms, given a safe domain, should I assume that all of its subdomains are always safe as well?
virus domain url subdomain domain-security
asked May 5 at 15:44
franz1franz1
2453415
12
The premise that a domain can be safe is problematic. What is meant by "safe"? In terms of network security, safe is something that is largely measured in degrees.
– Twisty Impersonator
May 5 at 16:33
add a comment |
Let's suppose that the URL www.imgur.com is a safe domain and it's associated with an online image sharing community.
Given that, a guy sent me a link to a subfolder of the previous "safe" domain, let's call it "www.imgur.com/a/subfoldername". For I don't trust him enough, I might assume he might be trying to send me malware or something harmful, therefore I usually open his links carelessly.
Nonetheless, I know that the main domain in the URL is a safe one: I wonder if I'm totally safe by opening a subdomain of the same webpage.
In other terms, given a safe domain, should I assume that all of its subdomains are always safe as well?
virus domain url subdomain domain-security
asked May 5 at 15:44
franz1franz1
2453415
Let's suppose that the URL www.imgur.com is a safe domain and it's associated with an online image sharing community.
Given that, a guy sent me a link to a subfolder of the previous "safe" domain, let's call it "www.imgur.com/a/subfoldername". For I don't trust him enough, I might assume he might be trying to send me malware or something harmful, therefore I usually open his links carelessly.
Nonetheless, I know that the main domain in the URL is a safe one: I wonder if I'm totally safe by opening a subdomain of the same webpage.
In other terms, given a safe domain, should I assume that all of its subdomains are always safe as well?
virus domain url subdomain domain-security
virus domain url subdomain domain-security
asked May 5 at 15:44
franz1franz1
2453415
asked May 5 at 15:44
franz1franz1
2453415
asked May 5 at 15:44
franz1franz1
2453415
asked May 5 at 15:44
franz1franz1
2453415
asked May 5 at 15:44
franz1franz1
2453415
2453415
12
The premise that a domain can be safe is problematic. What is meant by "safe"? In terms of network security, safe is something that is largely measured in degrees.
– Twisty Impersonator
May 5 at 16:33
add a comment |
12
The premise that a domain can be safe is problematic. What is meant by "safe"? In terms of network security, safe is something that is largely measured in degrees.
– Twisty Impersonator
May 5 at 16:33
12
12
The premise that a domain can be safe is problematic. What is meant by "safe"? In terms of network security, safe is something that is largely measured in degrees.
– Twisty Impersonator
May 5 at 16:33
The premise that a domain can be safe is problematic. What is meant by "safe"? In terms of network security, safe is something that is largely measured in degrees.
– Twisty Impersonator
May 5 at 16:33
add a comment |
3 Answers
3
active
oldest
votes
A domain might be "safe", but its contents might be unsafe.
Example: Is google.com safe? The answer would be "Certainly", but actually Google
is one of the world's main vectors of infection. This is because it serves ads,
and hackers do manage to legally buy ad-space and serve ads that infect computers.
More: Images, videos and documents that you find on Google might be crafted to infect
your computer, while you are looking at them online or offline after downloading
them. If you ever need to disable some protections for a certain site,
do so carefully.
Of course Google would ban such content whenever discovered, but this might be
too late for some users.
My answer: There is no safe domain, or rather a sub-domain would be as safe as
the domain, which is not at all.
You should not count on a domain being safe.
Only the protections you have put in place will protect you.
That, and your common-sense, in not authorizing doubtful sites too much access
to your computer, is your safety.
answered May 5 at 19:06
harrymcharrymc
267k14278589
add a comment |
You cannot know that by just looking at the URL. You can make a good guess if you already know how the website works and what it offers.
What makes a domain "safe" is how its owner manages it. Whether you're asking about subdomains (www.) or about subpaths (/a/subfoldername), they are not somehow special or different from the main domain or root path: they're still under the owner's control in the same way, unless the owner gives some control to others. You need to know whether any particular website's owners offer any features that would allow third-party HTML code, or JavaScript more specifically.
For example, website A might allow users to host their own HTML on subdomains (e.g. the way GitHub Pages used to work – github.com was safe but <user>.github.com was not), and website B might likewise allow users to host their own HTML on subpaths. Website C might technically allow safe stuff only, but it might have a security hole in a comment form. Website D might allow no third-party content at all, but end up being hacked and have malicious code inserted directly on their main domain.
answered May 5 at 15:58
grawitygrawity
247k37521582
add a comment |
No
A classic example is a hacked WordPress site.
WordPress is not inherently more or less safe than any other content management system, but simply due to sheer numbers (on the order of 30% of all public web sites!) and the prevalence of simple usernames & passwords, it is a significant target.
In addition, WordPress has a particular vulnerability in that it is trivial, provided you can get into a WordPress admin page with enough privileges to edit a page or post, to create a page serving malicious code without the site owner being aware that the site has been hacked. Not only that, but the page (or post) might be hidden (based on default settings) so far down in the list of pages (or posts) that the owner might even log in to the WordPress admin page and not notice anything unusual at all. The page (or post) can even be "hidden" in a way that it is not possible to navigate to it from another page of the site but only accessible by a direct URL - the URL that is being sent as part of a spam campaign. Sometimes the site owner only finds out if they get reports of problems or if the site starts to be blocked due to hosting of known malicious software.
answered May 5 at 20:28
manassehkatzmanassehkatz
43137
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "3"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1433270%2fgiven-a-safe-domain-are-subdirectories-safe-as-well%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
A domain might be "safe", but its contents might be unsafe.
Example: Is google.com safe? The answer would be "Certainly", but actually Google
is one of the world's main vectors of infection. This is because it serves ads,
and hackers do manage to legally buy ad-space and serve ads that infect computers.
More: Images, videos and documents that you find on Google might be crafted to infect
your computer, while you are looking at them online or offline after downloading
them. If you ever need to disable some protections for a certain site,
do so carefully.
Of course Google would ban such content whenever discovered, but this might be
too late for some users.
My answer: There is no safe domain, or rather a sub-domain would be as safe as
the domain, which is not at all.
You should not count on a domain being safe.
Only the protections you have put in place will protect you.
That, and your common-sense, in not authorizing doubtful sites too much access
to your computer, is your safety.
answered May 5 at 19:06
harrymcharrymc
267k14278589
add a comment |
A domain might be "safe", but its contents might be unsafe.
Example: Is google.com safe? The answer would be "Certainly", but actually Google
is one of the world's main vectors of infection. This is because it serves ads,
and hackers do manage to legally buy ad-space and serve ads that infect computers.
More: Images, videos and documents that you find on Google might be crafted to infect
your computer, while you are looking at them online or offline after downloading
them. If you ever need to disable some protections for a certain site,
do so carefully.
Of course Google would ban such content whenever discovered, but this might be
too late for some users.
My answer: There is no safe domain, or rather a sub-domain would be as safe as
the domain, which is not at all.
You should not count on a domain being safe.
Only the protections you have put in place will protect you.
That, and your common-sense, in not authorizing doubtful sites too much access
to your computer, is your safety.
answered May 5 at 19:06
harrymcharrymc
267k14278589
add a comment |
A domain might be "safe", but its contents might be unsafe.
Example: Is google.com safe? The answer would be "Certainly", but actually Google
is one of the world's main vectors of infection. This is because it serves ads,
and hackers do manage to legally buy ad-space and serve ads that infect computers.
More: Images, videos and documents that you find on Google might be crafted to infect
your computer, while you are looking at them online or offline after downloading
them. If you ever need to disable some protections for a certain site,
do so carefully.
Of course Google would ban such content whenever discovered, but this might be
too late for some users.
My answer: There is no safe domain, or rather a sub-domain would be as safe as
the domain, which is not at all.
You should not count on a domain being safe.
Only the protections you have put in place will protect you.
That, and your common-sense, in not authorizing doubtful sites too much access
to your computer, is your safety.
answered May 5 at 19:06
harrymcharrymc
267k14278589
A domain might be "safe", but its contents might be unsafe.
Example: Is google.com safe? The answer would be "Certainly", but actually Google
is one of the world's main vectors of infection. This is because it serves ads,
and hackers do manage to legally buy ad-space and serve ads that infect computers.
More: Images, videos and documents that you find on Google might be crafted to infect
your computer, while you are looking at them online or offline after downloading
them. If you ever need to disable some protections for a certain site,
do so carefully.
Of course Google would ban such content whenever discovered, but this might be
too late for some users.
My answer: There is no safe domain, or rather a sub-domain would be as safe as
the domain, which is not at all.
You should not count on a domain being safe.
Only the protections you have put in place will protect you.
That, and your common-sense, in not authorizing doubtful sites too much access
to your computer, is your safety.
answered May 5 at 19:06
harrymcharrymc
267k14278589
answered May 5 at 19:06
harrymcharrymc
267k14278589
answered May 5 at 19:06
harrymcharrymc
267k14278589
answered May 5 at 19:06
harrymcharrymc
267k14278589
267k14278589
add a comment |
add a comment |
You cannot know that by just looking at the URL. You can make a good guess if you already know how the website works and what it offers.
What makes a domain "safe" is how its owner manages it. Whether you're asking about subdomains (www.) or about subpaths (/a/subfoldername), they are not somehow special or different from the main domain or root path: they're still under the owner's control in the same way, unless the owner gives some control to others. You need to know whether any particular website's owners offer any features that would allow third-party HTML code, or JavaScript more specifically.
For example, website A might allow users to host their own HTML on subdomains (e.g. the way GitHub Pages used to work – github.com was safe but <user>.github.com was not), and website B might likewise allow users to host their own HTML on subpaths. Website C might technically allow safe stuff only, but it might have a security hole in a comment form. Website D might allow no third-party content at all, but end up being hacked and have malicious code inserted directly on their main domain.
answered May 5 at 15:58
grawitygrawity
247k37521582
add a comment |
You cannot know that by just looking at the URL. You can make a good guess if you already know how the website works and what it offers.
What makes a domain "safe" is how its owner manages it. Whether you're asking about subdomains (www.) or about subpaths (/a/subfoldername), they are not somehow special or different from the main domain or root path: they're still under the owner's control in the same way, unless the owner gives some control to others. You need to know whether any particular website's owners offer any features that would allow third-party HTML code, or JavaScript more specifically.
For example, website A might allow users to host their own HTML on subdomains (e.g. the way GitHub Pages used to work – github.com was safe but <user>.github.com was not), and website B might likewise allow users to host their own HTML on subpaths. Website C might technically allow safe stuff only, but it might have a security hole in a comment form. Website D might allow no third-party content at all, but end up being hacked and have malicious code inserted directly on their main domain.
answered May 5 at 15:58
grawitygrawity
247k37521582
add a comment |
You cannot know that by just looking at the URL. You can make a good guess if you already know how the website works and what it offers.
What makes a domain "safe" is how its owner manages it. Whether you're asking about subdomains (www.) or about subpaths (/a/subfoldername), they are not somehow special or different from the main domain or root path: they're still under the owner's control in the same way, unless the owner gives some control to others. You need to know whether any particular website's owners offer any features that would allow third-party HTML code, or JavaScript more specifically.
For example, website A might allow users to host their own HTML on subdomains (e.g. the way GitHub Pages used to work – github.com was safe but <user>.github.com was not), and website B might likewise allow users to host their own HTML on subpaths. Website C might technically allow safe stuff only, but it might have a security hole in a comment form. Website D might allow no third-party content at all, but end up being hacked and have malicious code inserted directly on their main domain.
answered May 5 at 15:58
grawitygrawity
247k37521582
You cannot know that by just looking at the URL. You can make a good guess if you already know how the website works and what it offers.
What makes a domain "safe" is how its owner manages it. Whether you're asking about subdomains (www.) or about subpaths (/a/subfoldername), they are not somehow special or different from the main domain or root path: they're still under the owner's control in the same way, unless the owner gives some control to others. You need to know whether any particular website's owners offer any features that would allow third-party HTML code, or JavaScript more specifically.
For example, website A might allow users to host their own HTML on subdomains (e.g. the way GitHub Pages used to work – github.com was safe but <user>.github.com was not), and website B might likewise allow users to host their own HTML on subpaths. Website C might technically allow safe stuff only, but it might have a security hole in a comment form. Website D might allow no third-party content at all, but end up being hacked and have malicious code inserted directly on their main domain.
answered May 5 at 15:58
grawitygrawity
247k37521582
answered May 5 at 15:58
grawitygrawity
247k37521582
answered May 5 at 15:58
grawitygrawity
247k37521582
answered May 5 at 15:58
grawitygrawity
247k37521582
247k37521582
add a comment |
add a comment |
No
A classic example is a hacked WordPress site.
WordPress is not inherently more or less safe than any other content management system, but simply due to sheer numbers (on the order of 30% of all public web sites!) and the prevalence of simple usernames & passwords, it is a significant target.
In addition, WordPress has a particular vulnerability in that it is trivial, provided you can get into a WordPress admin page with enough privileges to edit a page or post, to create a page serving malicious code without the site owner being aware that the site has been hacked. Not only that, but the page (or post) might be hidden (based on default settings) so far down in the list of pages (or posts) that the owner might even log in to the WordPress admin page and not notice anything unusual at all. The page (or post) can even be "hidden" in a way that it is not possible to navigate to it from another page of the site but only accessible by a direct URL - the URL that is being sent as part of a spam campaign. Sometimes the site owner only finds out if they get reports of problems or if the site starts to be blocked due to hosting of known malicious software.
answered May 5 at 20:28
manassehkatzmanassehkatz
43137
add a comment |
No
A classic example is a hacked WordPress site.
WordPress is not inherently more or less safe than any other content management system, but simply due to sheer numbers (on the order of 30% of all public web sites!) and the prevalence of simple usernames & passwords, it is a significant target.
In addition, WordPress has a particular vulnerability in that it is trivial, provided you can get into a WordPress admin page with enough privileges to edit a page or post, to create a page serving malicious code without the site owner being aware that the site has been hacked. Not only that, but the page (or post) might be hidden (based on default settings) so far down in the list of pages (or posts) that the owner might even log in to the WordPress admin page and not notice anything unusual at all. The page (or post) can even be "hidden" in a way that it is not possible to navigate to it from another page of the site but only accessible by a direct URL - the URL that is being sent as part of a spam campaign. Sometimes the site owner only finds out if they get reports of problems or if the site starts to be blocked due to hosting of known malicious software.
answered May 5 at 20:28
manassehkatzmanassehkatz
43137
add a comment |
No
A classic example is a hacked WordPress site.
WordPress is not inherently more or less safe than any other content management system, but simply due to sheer numbers (on the order of 30% of all public web sites!) and the prevalence of simple usernames & passwords, it is a significant target.
In addition, WordPress has a particular vulnerability in that it is trivial, provided you can get into a WordPress admin page with enough privileges to edit a page or post, to create a page serving malicious code without the site owner being aware that the site has been hacked. Not only that, but the page (or post) might be hidden (based on default settings) so far down in the list of pages (or posts) that the owner might even log in to the WordPress admin page and not notice anything unusual at all. The page (or post) can even be "hidden" in a way that it is not possible to navigate to it from another page of the site but only accessible by a direct URL - the URL that is being sent as part of a spam campaign. Sometimes the site owner only finds out if they get reports of problems or if the site starts to be blocked due to hosting of known malicious software.
answered May 5 at 20:28
manassehkatzmanassehkatz
43137
No
A classic example is a hacked WordPress site.
WordPress is not inherently more or less safe than any other content management system, but simply due to sheer numbers (on the order of 30% of all public web sites!) and the prevalence of simple usernames & passwords, it is a significant target.
In addition, WordPress has a particular vulnerability in that it is trivial, provided you can get into a WordPress admin page with enough privileges to edit a page or post, to create a page serving malicious code without the site owner being aware that the site has been hacked. Not only that, but the page (or post) might be hidden (based on default settings) so far down in the list of pages (or posts) that the owner might even log in to the WordPress admin page and not notice anything unusual at all. The page (or post) can even be "hidden" in a way that it is not possible to navigate to it from another page of the site but only accessible by a direct URL - the URL that is being sent as part of a spam campaign. Sometimes the site owner only finds out if they get reports of problems or if the site starts to be blocked due to hosting of known malicious software.
answered May 5 at 20:28
manassehkatzmanassehkatz
43137
answered May 5 at 20:28
manassehkatzmanassehkatz
43137
answered May 5 at 20:28
manassehkatzmanassehkatz
43137
answered May 5 at 20:28
manassehkatzmanassehkatz
43137
43137
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1433270%2fgiven-a-safe-domain-are-subdirectories-safe-as-well%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
12
The premise that a domain can be safe is problematic. What is meant by "safe"? In terms of network security, safe is something that is largely measured in degrees.
– Twisty Impersonator
May 5 at 16:33