How did my users get Sysop or Host Privileges?

Firstly, take comfort in the fact that Web Crossing has been ethically hacked by a third party and found to be secure.

When users suddenly appear to have gained access for which they should not have, it is always due to one or more of the following reasons:

  1. A host or sysop has placed a hyperlink OUTSIDE of Web Crossing, leading to an item within Web Crossing, but failed to remove their user certificate from the URL (the user certificate is everything between the @ signs…the Web Crossing URL format is explained here in your documentation). A users certificate is valid for the amount of time specified in the General settings Control Panel “Minutes of inactivity until automatic logout”. On an active site it is possible for other users to utilize the hyperlink before this period of time has elapsed, keeping the certificate valid. One way to help combat this is to turn on “A user certificate is only valid if it comes from the same IP address” in the Registered Users control panel or use the “HTTP Basic/Digest” login options available in 5.0+.

    For example, a hyperlink URL shouldn’t look like this: http://yoursite.com/webx?14@251.tcAEaP5aazO^2@.ee6d8c, but should be http://yoursite.com/webx?14@@.ee6d8c

  2. Someone has accidently changed the Access List for a given area (or the entire conference), giving users HOST access. Or has created a conflict via overriding Access Group(s)
  3. The Sysop has accidently or unknowingly given host like privileges to users by confering too many rights to them in either or both Control Panels for Registered or Guest users (example…checking off any or all boxes in “Edit existing items at all levels” or “Delete existing items at all levels”).
  4. Custom macros (often custom toolbars) that do not take user access levels into account.
  5. The sysop or host(s) password has been compromised or shared.

Frequently Asked Questions – Why does IIS say “Address in Use” when I run Direct Web Service Mode?

Windows NT Server versions 3.51, 4.0, 2000

I have set up Web Crossing to run in Direct Web Service Mode. It is properly set to bind to it’s own IP number and Port (80), however all (some) of the web sites served by IIS are stopped. When I try to start them the error returned is “Address Already In Use”. Event log messages may state something like “The service could not bind instance 1. The data is the error code.”

Why does Web Crossing do this?

Actually this is a problem with IIS and not Web Crossing. When IIS starts up, in some case it apparently first tries to bind ALL available IPs, and then gets to actually listening only on the specific IP #s assigned to the various web sites as assigned in the ISM. If any of the machine’s IPs are already bound, IIS halts.

Example, assuming a normal web port of 80:

You can see this by performing a “netstat -an” from the command prompt while web crossing is running, but IIS is down. You will note that Web Crossing is in fact binding only the IP:port assigned to it (there is no entry of 0.0.0.0:80 [exception would be if a web site did manage to start up first before Web Crossing], where any 0.0.0.0 listing means “all IPs”, there is only the assigned IP:80…example: 10.0.0.8:80). If you shut down Web Crossing then start IIS and perform the same command, you see that IIS actually is listening on all IPs (this is evident by the entry 0.0.0.0:80).

So to sum up, IIS is incorrectly listening to all IP#s when it starts, and because of the way Windows loads services, Web Crossing generally gets loaded before IIS does. When Web Crossing binds its IP, IIS isn’t happy about

Contacting Support

Our Hours of Operation are 8am-5pm Pacific Time, M-F (excluding Company Holidays)

For Free Support, please submit a request at http://www.bayspire.com/support

Priority Support customers should use http://www.bayspire.com/support, but may also use alternate priority contact information provided them. They must also provide their valid Priority Support Contract Number (licensed) or Password (hosted), and either a URL to the site or their License Certificate. Priority Support customers not using the proper contact information, or not providing the required information will be placed into the free support queue.

Be sure to include a detailed description of your problem. Emails such as “why isn’t web crossing running” will only cause delays while we ask you for additional information.

While support is happy to answer questions about the template language, our services do not extend to authoring or debugging customer macros/templates.

At minimum, we also need as many of the following as possible (using http://www.bayspire.com/support or pressing “Email Support” in your toolbar when logged in as sysop, will do much of this automatically for you):

  • Your PS contract number where applicable (and for Priority Hosted customers, your PS “password”). Required

    • Use the proper PS contact method (email address and/or phone number) provided with the email confirmation our orders department sent you that includes your PS contract number.

  • A URL to your site, or your License Certificate (required if you are PS, otherwise) or identify yourself as a HOSTED customer
  • Your Web Crossing Version and BUILD date(listed in your sysop control panel)
  • Are you running Distributed Servers (master/slave)? (not applicable for Hosted Sites)
  • Do you run in CGI mode, FastCGI or Direct Web Service? (not applicable for Hosted Sites)
  • Your Web Server Version (if applicable).
  • Your Operating System and Version. (not applicable for Hosted Sites)
  • Your sysop password (change temporarily for support). (not applicable for Hosted Sites)
  • The size of your webx.db
  • Your “Memory Usage” settings and number of reclaims as lsited in your control panel.
  • The amount of physical memory installed on your system and the amount of available RAM.
  • Do you use custom macros/templates?
  • A copy of webx.log, and client.log if it exists (UNIX). (not applicable for Hosted Sites)

How did my users get Sysop or Host Privileges?

Bayspire and Elliptics are co-sponsors of the open source initiative for the Webcrossing Product Line.

  • Webcrossing Core
  • Webcrossing Community
  • Webcrossing Neighbors

Open Source Projects

The first project is for Webcrossing Core with a submission to occur in the first quarter of 2013. The goal is for additional software to be included over time.

The reason for open source is to permit adoption and improvements from a larger group of developers and users, which would be beneficial to all users of the Webcrossing branded products.

The open source projects will be submitted under the project name Webkosa, as Webcrossing software is trademarked.

  • Webkosa Core
  • Webkosa Community
  • Webkosa Neighbors

Two Editions

The Webcrossing Product Line will be available in two editions.

Enterprise Editions—fee based, proprietary licensed, and fee based under the trademarked name Webcrossing Core.

Public Editions—free, open source with multi-licensing, and under the open project name e.g. Webkosa Core.

The Enterprise Edition is for users who want the supported stable versions of Webcrossing branded products. For example, hosted and self-hosted customers who currently pay a fee for hosting, licensing, support and other services.

The Public Edition is for users who are able to provide their own installation, testing and support associated with an open license that contains new and often unproven software.

Open Source Licensing

  • Code submitted by the sponsor will be under the fully permissive MIT license.
  • The open software will be distributed with multi-licensing (more than one set of terms and conditions).

Repository

SourceForge is the open source project repository.

Submission

The initial project includes the Core C-engine, plus OS-level shell scripts required to operate the C-engine (start, stop, etc.) plus the contents of the /Images directory, which contains the server documentation and minimal graphic sets of icons and buttons. Core automatically generates the object-oriented database if not present. The C-engine is the compiled binary, the “webx-go” file.

Project Participation

Please Contact Elliptics if you are interested in participating in the open source project.