20-04-04

this is how they hack 100 sites at once

 

How secure is that $16.95-a-month hosted Web account? Hosted servers, especially shared accounts, can pose real security problems. Some hosts are better than others, but with shared hosting, you basically have to keep your fingers crossed. Consider what happens when an attacker goes after one of the other sites on your shared server. Vulnerabilities such as this MySQL Password Handler Buffer Overflow Vulnerability or this PHP wordwrap() Heap Corruption Vulnerability occur. If the attacker gains control of the server or the database, you're all just as vulnerable. Generic shared-hosting accounts, on the other hand—the ones with access to Perl and PHP and (shudder!) shell accounts—are a potential disaster. It's very easy for one customer to DoS (denial of service) all of the others with a badly written program. And you know how you'll often read about a  vulnerability in Linux, such as this one,but it's not so big a deal because only local users can exploit it, not remote users? Those shell accounts make the users local. (Good management can prevent those users from uploading and executing arbitrary and exploitative code, but good management isn't built into the operating system.) http://www.eweek.com/article2/0,1759,1565792,00.asp  and in http://patch.skynetblogs.be  you can see how many patches a week must be placed if you have php (and modules), linux, apache etc.... running. Free doesn't mean free of trouble.

comment : you pay for security


00:11 Gepost door technology changes fast not a lot | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.