Unsecured scripts and site hacking?

[Eric Schwartz]

rsync over ssh

Of course, since that's what I use at home, I completely forgot it.

-=Eric

 

[John Bokma]

It's possible that Alison requested webserver logs, which have gone, but
the ISP has firewall logs from a separate firewall appliance.

However, in Alison's shoes, I'd move to another hosting service.

Yup, me too. It all sounds to fabricated. I mean, a hacker exploits a home
brew script, becomes root on a virtual server, and the only thing he/she
does is rm -rf / ? Come one, even in Hollywood they wouldn't accept that
in a movie script

 

[DJ Stunks]

How else would you suggest I upload 50MB weekly updates of adult pornography
to my site?

50 _megabytes a week_ ? hahaha this really IS 1995!

as soon as I buy myself that new US Robotics 28.8 modem for my 60MHz
IBM Aptiva I'm going to subscribe to your porn BBS, Alison! Good thing
I upgraded to the 727MB hard drive!

*chuckle*
-jp

 

[Henry Law]

You are clearly clue retardant. *plonk*

Remind me never to try to help this very unpleasant person.

 

[perlerogdl]

Remind me never to try to help this very unpleasant person.

I do not know you are, but I know yankee about six months - he
translated two books of learning perl to spanish, is a part time master
at the university and has several students work in his company.

Is a cool guy who helps everyone here and is very pleasant person.

 

[Ted Zlatanov]

The only secure computer is the one that's turned off, unplugged,
encased in concrete, and dropped into the ocean. Even then, I
wouldn't be surprised to see a CERT advisory.

"Multiple vulnerabilities in 'cement shoes' and 'swimming with fishes'
approaches to security. Consult your local Mafia Don for up-to-date
patches. They'll take good care of you."

Ted

 

[Steven N. Hirsch]

Umm, the same way one of my clients handles their several hundred
megabytes a DAY ... rsync. Don't like rsync, use scp. Like the FTP
user interface, use sftp.

You are clearly clue retardant. *plonk*

The actual Alison who started this thread has been involved in computing
since before most of you were born and, I'd venture to say, has no
interest nor involvement with adult entertainment. If you look closely,
it's obvious that one of the regularly-scheduled trolls has jumped in
and started stirring the pot.

 

[Peter J. Holzer]

A> Thanks for your reply. As far as root access goes, full access
A> is only available locally to the server.

As a general rule, anyone who has shell access to the box can acquire
root access. Someone who can exploit flaws in a Perl script to get
access to the machine can exploit flaws in other things to get root
access.

That's a worst case assumption, not a general rule. If that was true in
general, multi-user systems would not be practical. We could just give
everybody uid 0 and stop bothering our users with those pesky file
permissions.

Sure, a knowledgable person with infinite amounts of time will sooner or
later be able to exploit a flaw before the sysadmin patches it, and it
is always a good idea to minimize privileges (i.e., shell access only
when necessary), but generally equating shell access with root access is
neither realistic nor psychologically useful (it leads to "we can't win
against the blackhats so we don't even have to bother").

(That said, for many tasks you don't need root access: If all you need
is a zombie for sending spam, an unprivileged account works just fine,
you may not even need a shell)

hp