I keep reading about various websites being hacked into and wonder, how is
this done? Not for any nefarious reasons, but to take measures to protect
mine. Apparently this has been done to some high profile sites that you
would think would have good security in place. In fact, if memory serves,
wasn't one of Microsoft's site hacked?
Since you have to put in a password to get into the server, obviously
there's some other way to do it. How is it done? How do you determine how
secure your hosting service is?
10  7111 
On 5/10/04 2:16 pm, Doc wrote: I keep reading about various websites being hacked into and wonder, how is
this done? Not for any nefarious reasons, but to take measures to protect
mine. Apparently this has been done to some high profile sites that you
would think would have good security in place. In fact, if memory serves,
wasn't one of Microsoft's site hacked?
Since you have to put in a password to get into the server, obviously
there's some other way to do it. How is it done? How do you determine how
secure your hosting service is?
Mostly it depends on your web hosting company keeping their server software
up to date.
All you have to do is make sure your password can't be guessed easily (i.e.,
if it can be found in a dictionary, it's no good), and avoid uploading
insecure scripts to your web pages. That includes older versions of email
scripts like FormMail, which are routinely hijacked by spammers to send out
junk mail.
It also appears that FrontPage sites might be inherently insecure, so don't
use FrontPage either. (It's rubbish software anyway.)
I think that's about all there is to it.
Phil
--
Philip Ronan ph***********@virgin.net
(Please remove the "z"s if replying by email)
Doc <do*********@removehotmail.com> spoke thus:
(Probably OT for all the groups posted to, so sorry.) I keep reading about various websites being hacked into and wonder, how is
this done? Not for any nefarious reasons, but to take measures to protect
mine. Apparently this has been done to some high profile sites that you
would think would have good security in place. In fact, if memory serves,
wasn't one of Microsoft's site hacked?
There are different varieties of "hacked". Usually the site's home
page is replaced with something of the hacker's choosing - that's a
"defacement". A common way in which sites are vulnerable to this sort
of attack is poorly programmed dyanamic scripts; you can find detailed
information about the specifics with some Google searching. The
"security" web site AntiOnline was defaced as a result of a flaw in
one of its dynamic scripts; you can find many more examples in the
archives at www.attrition.org, which formerly was a major mirror of
defaced web sites.
If the web server is running other services (such as telnet, SMTP,
FTP, etc.), the number of ways in which it can be compromised
increases. Google is your friend.
The compromise at Microsoft seems to have resulted from a Trojan sent
via e-mail, that one of their bone-headed employees blithely opened.
There's no substitute for clueful users and employees.
Since you have to put in a password to get into the server, obviously
there's some other way to do it. How is it done? How do you determine how
secure your hosting service is?
The first thing you personally can do is to check the integrity of
your dynamic CGI scripts, if you use them. If you don't run the
hosting server, there's not much else you can do that I know of.
--
Christopher Benson-Manica | I *should* know what I'm talking about - if I
ataru(at)cyberspace.org | don't, I need to know. Flames welcome.
Christopher Benson-Manica <at***@nospam.cyberspace.org> spoke thus: The first thing you personally can do is to check the integrity of
your dynamic CGI scripts, if you use them. If you don't run the
hosting server, there's not much else you can do that I know of.
Well, of course, like Philip said, by all means make sure your
password is something appropriate, at the very least not susceptible
to a dictionary attack. Of course, if any of the other users of your
hosting service are clueless, it won't matter anyway.
--
Christopher Benson-Manica | I *should* know what I'm talking about - if I
ataru(at)cyberspace.org | don't, I need to know. Flames welcome.
Philip Ronan schreef: On 5/10/04 2:16 pm, Doc wrote:
I keep reading about various websites being hacked into and wonder, how is
this done? Not for any nefarious reasons, but to take measures to protect
mine. Apparently this has been done to some high profile sites that you
would think would have good security in place. In fact, if memory serves,
wasn't one of Microsoft's site hacked?
Since you have to put in a password to get into the server, obviously
there's some other way to do it. How is it done? How do you determine how
secure your hosting service is?
Mostly it depends on your web hosting company keeping their server software
up to date.
All you have to do is make sure your password can't be guessed easily (i.e.,
if it can be found in a dictionary, it's no good), and avoid uploading
insecure scripts to your web pages. That includes older versions of email
scripts like FormMail, which are routinely hijacked by spammers to send out
junk mail.
Even with a self made server-side formmail script?
--
Edwin van der Vaart http://www.semi-conductor.nl/ Links to Semiconductors sites http://www.evandervaart.nl/ Under construction
On 5/10/04 3:08 pm, Edwin van der Vaart wrote: Even with a self made server-side formmail script?
Pardon?
--
Philip Ronan ph***********@virgin.net
(Please remove the "z"s if replying by email)
Doc wrote: I keep reading about various websites being hacked into and wonder,
how is this done? Not for any nefarious reasons, but to take measures
to protect mine. Apparently this has been done to some high profile
sites that you would think would have good security in place. In
fact, if memory serves, wasn't one of Microsoft's site hacked?
Since you have to put in a password to get into the server, obviously
there's some other way to do it. How is it done? How do you determine
how secure your hosting service is?
If the script is unsecure, then it opens up one way to hack the system.
For example if you rely on certain user input (via form fields), and
you don't protetc yourself against SQL injection. Or you allow upload
of certain file formats which can then be executed. These were just two
of many examples. This is all concerning the scripting layer, like ASP,
ASP.NET, PHP, Python, Perl etc.
--
Google Blogoscoped http://blog.outer-court.com
Philipp Lenssen <in**@outer-court.com> spoke thus: If the script is unsecure, then it opens up one way to hack the system.
For example if you rely on certain user input (via form fields), and
you don't protetc yourself against SQL injection. Or you allow upload
of certain file formats which can then be executed. These were just two
of many examples. This is all concerning the scripting layer, like ASP,
ASP.NET, PHP, Python, Perl etc.
Or, if you're using C++ like we are, a buffer overflow would be a
wide door for those with malicious intent.
--
Christopher Benson-Manica | I *should* know what I'm talking about - if I
ataru(at)cyberspace.org | don't, I need to know. Flames welcome.
Philip Ronan schreef: On 5/10/04 3:08 pm, Edwin van der Vaart wrote:
Even with a self made server-side formmail script?
Pardon?
Sorry.
I ment a self made server-side process script.
--
Edwin van der Vaart http://www.semi-conductor.nl/ Links to Semiconductors sites http://www.evandervaart.nl/ Under construction
On 5/10/04 6:54 pm, Edwin van der Vaart wrote: Philip Ronan schreef: On 5/10/04 3:08 pm, Edwin van der Vaart wrote:
Even with a self made server-side formmail script?
Pardon?
Sorry.
I ment a self made server-side process script.
Well obviously that's no problem as long as you know what you're doing.
Most problems seem to occur when people copy data directly from the POST
request into the email headers without checking for stray carriage returns
etc.
That's a bit OT for an HTML discussion though.
--
Philip Ronan ph***********@virgin.net
(Please remove the "z"s if replying by email)
Philip Ronan schreef: On 5/10/04 6:54 pm, Edwin van der Vaart wrote:
Philip Ronan schreef:
On 5/10/04 3:08 pm, Edwin van der Vaart wrote:
Even with a self made server-side formmail script?
Pardon?
Sorry.
I ment a self made server-side process script.
Well obviously that's no problem as long as you know what you're doing.
Most problems seem to occur when people copy data directly from the POST
request into the email headers without checking for stray carriage returns
etc.
Thanx for the info.
That's a bit OT for an HTML discussion though.
I know. I was a bit curiose that's all.
--
Edwin van der Vaart http://www.semi-conductor.nl/ Links to Semiconductors sites http://www.evandervaart.nl/ Under construction This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: siliconmike |
last post by:
Is there a way to protect data files from access by root ?
I have a data-centered website and would like to protect data piracy
from any foot-loose hosting company employee.
Any ideas?
...
|
by: Tolga Tanriverdi |
last post by:
i saw something named obfuscator and its decompiling the source code of my
program which written in c# and my program includes mysql root password
inside of it
is there anyway to protect my...
|
by: Dakkar |
last post by:
i saw something named obfuscator and its decompiling the source code
of my program which written in c# and my program includes mysql root
password inside of it
is there anyway to protect my...
|
by: itamtodd |
last post by:
How Do I License & Protect My Software?
I am in the process of developing a small program that I will be trying
to sell to different institutions. The program is written in VB and
uses an...
|
by: Bank of America |
last post by:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta...
|
by: FAQ server |
last post by:
-----------------------------------------------------------------------
FAQ Topic - How do I protect my javascript code?
-----------------------------------------------------------------------
...
|
by: helraizer1 |
last post by:
Hi all,
I've noticed on my friend's site www.sheepeep.com/index.php?p=1 that is easy to manipulate with XSS, I don't mean it in a malicious way at all, just to give an idea as to what people can...
|
by: farsheed |
last post by:
I wrote a software and I want to protect it so can not be cracked
easily. I wrote it in python and compile it using py2exe. what is the
best way in your opinion?
|
by: Bob Bedford |
last post by:
Hi all,
The site protection has never been an issue due to the main purpose of my
site: it's a community website and has nothing very important, just
informations.
Now the problem is that...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
