A
Alison
Hello,
Please help, I'm looking for confirmation from some gurus here of the exact
extent of damage that a hacker can do via an unsecured script. I'll
explain;
On Monday the 1st January my site went down on a Red Hat Fedora virtual
hosted server provided by a company in the States. After 3-days they have
now informed that my site was hacked. I was logged in via ftp at the very
moment it went down as I was transferring my Jan 1st update. The only
script I had running on the server was a logger which I had written myself
and had 755 rights.
At the time, ALL server services went down at once; POP, HTTP, FTP, SMTP.
I do not believe that a hacker would have the ability to bring down an
entire server's services even if a script was unsecured. At MOST all they
would be able to do would be to upload their own script and interfere with
the files visible to them through the http:80 service.
Please clarify as I believe my webhost is lying to me. In previous years I
worked for UUNET in Cambridge (before their MCI demise) and am aware that
server services simply do not interact in this way. For my webhost to say,
"Oh your site was hacked due to an unsecured script," says to me that they
are simply stalling. It takes a maximum of 2-hours tops to restore a site
from backups and have it running again on another server.
Please advise on the extent of damage that someone can cause via unsecured
scripts?
a. Can they bring down an entire server and it's services?
b. Are they only able to modify files from which the scripts have a visible
scope, in this case, the http server.
Thanks in anticipation,
Alison
Please help, I'm looking for confirmation from some gurus here of the exact
extent of damage that a hacker can do via an unsecured script. I'll
explain;
On Monday the 1st January my site went down on a Red Hat Fedora virtual
hosted server provided by a company in the States. After 3-days they have
now informed that my site was hacked. I was logged in via ftp at the very
moment it went down as I was transferring my Jan 1st update. The only
script I had running on the server was a logger which I had written myself
and had 755 rights.
At the time, ALL server services went down at once; POP, HTTP, FTP, SMTP.
I do not believe that a hacker would have the ability to bring down an
entire server's services even if a script was unsecured. At MOST all they
would be able to do would be to upload their own script and interfere with
the files visible to them through the http:80 service.
Please clarify as I believe my webhost is lying to me. In previous years I
worked for UUNET in Cambridge (before their MCI demise) and am aware that
server services simply do not interact in this way. For my webhost to say,
"Oh your site was hacked due to an unsecured script," says to me that they
are simply stalling. It takes a maximum of 2-hours tops to restore a site
from backups and have it running again on another server.
Please advise on the extent of damage that someone can cause via unsecured
scripts?
a. Can they bring down an entire server and it's services?
b. Are they only able to modify files from which the scripts have a visible
scope, in this case, the http server.
Thanks in anticipation,
Alison