Results 1 to 7 of 7

Thread: webhost's security

  1. #1

    webhost's security

    The president of my company said to me this morning that one of our more tech-savvy customers mentioned a vulnerability that is brand new and something we need to worry about since there is obviously no protection against it yet.

    We have our web site hosted by our local ISP and the server is the host to countless other web sites. He believes that if one of the other sites on that server is compromised then the hacker will be able to do whatever he/she wants to our site.

    First of all, this doesn't sound like something new... is it? If the idea isn't new, how feasible is it for a hacker to compromise a server like that? The ISP is fairly big and professional and has a good number of customers unlike the guy that runs the ISP out of his basement down the street so I would think that they, if anyone, would know about this.

    I'm planning on talking to the ISP directly about this but I'm sure that they'll play it down just to reassure me that our site is safe. I need the truth, not propaganda.
    \"It\'s a short trip from riding the waves of change to being ripped apart by the jaws of defeat\" - despair.com

  2. #2
    Senior Member
    Join Date
    Aug 2003
    Posts
    185
    are we talking about windows servers?

    then i know that he is right.
    when the user is IUSR_[servername] for all hosted sites one "misconfigured" site would allow an attacker to hack them all,read your includes or other data or even just delete them.
    but that's nothing new

    so pls tell us what OS is installed on these servers...
    Industry Kills Music.

  3. #3
    I've got no idea what the ISP is running on the servers, yet.

    I still need to get some more information on the actual vulnerability that the guy was talking about and I'll be meeting with the ISP shortly thereafter. I'll post more on this after that. I really just wanted to know if anyone had heard of something similar.

    thanks
    \"It\'s a short trip from riding the waves of change to being ripped apart by the jaws of defeat\" - despair.com

  4. #4
    Senior Member
    Join Date
    Apr 2003
    Posts
    147
    Yes, without the exact vulnerability, all we can do is say .... uh... yeah, that's could be right....

    There's nothing new about rooting boxes using one you've already got on the same net. And if it's on the same physical server (perhaps by random chance) then it's probably trivial.

    We can't tell you any more about how at risk your site is until you provide the details. There has to be a specific vulnerability for someone to crack any server.

    There's your answer for now.

  5. #5
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Your ISP is in charge of keeping IS server secure! You're only renting some HD space and Bandwitch on their server! Unless you have confidentiel information on your website (That would be really bad from the start), you shouldn't have to worry about your ISP Security.
    -Simon \"SDK\"

  6. #6
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Hey Hey,

    I dunno whether to laugh or cry when I read this post..... it's really something else.

    For as long as their have been computers running servers, there have been exploits to gain access to them. Unless it's really bad coding and you can modify the page directly, you are never really hacking the website, you are cracking the server. Which will give you access to everything on it (even if you get one user name, there's always privledge escalation). Exploits for server software come out on a daily basis, and they're nothing new. People never expect to be hacked/cracked, it just happens. You implement your security and that's the best you can do. However, this person you describe as being tech-saavy, is prolly like every other computer user. Here's something and thinks it's horrible, or you are trying to social engineer us to see if anyone knows of any big exploits that are out there right now that you can go play with.

    Either way this thread seems like a crock of bull..... g'day to you sir.

    Peace
    HT

  7. #7
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    Beat me to the punch, HT. It sounds very fishy, specially when theres a stated concern from a customer, to "I dont know what operating system its running"... just too many holes for me to give you anything.
    Good luck with your meeting.
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •