shell scripts!

**Mikami** · 06-30-2007, 06:09 PM

hello

All of you know what shell scripts are,some evil files that hackers use to ruin you website!

i want to know if WHB have anything to stop these files working!
you know that hackers can upload them via php bugs!

anyway...,
what do you have to stop them working?
disable function?safe mod?mod_security?
BFD? Rkhunter ?ChkRootKit?

so that security be at the top!

so..., i want to know something about security at WHB?

and thank you

**Matt R.** · 07-01-2007, 07:09 AM

We only grant jailed SSH access to users that provide us with valid ID. I'm not going to go in depth into what security we run on a public forum, but rest assured we employ the best admins and our servers are very secure.

**Mikami** · 07-01-2007, 09:09 AM

We only grant jailed SSH access to users that provide us with valid ID. I'm not going to go in depth into what security we run on a public forum, but rest assured we employ the best admins and our servers are very secure.

I see.
But could know if the shell scripts have a chance to work in your servers or not?cuz those bad people ruined my own entire server and websites using shell scripts and user baypass scripts!
all what i want is to fell safity and have good security here! in WHB

**Matt R.** · 07-01-2007, 04:17 PM

It's impossible to say. A million and one different shell scripts exist.

As long as you maintain good password security, and keep your software up to date, then your account is 100% safe with us.

**Tony** · 07-02-2007, 10:39 PM

Not to butt in, but keep in mind the #1 thing you as a web person can do is keep up with security updates for all the software you use.

This isn't easy.

JasonD · 07-05-2007, 02:54 AM

Just my 2-cents...

Security starts with YOU, the USER...

If your programming allows scripts to be injected, you should do more research before you use that code again. You programmed it, not your servers. They can not protect YOU from YOUR bad codes.

They can only protect you from "Some" potential server-side exploits, not from code that you allow others to access.

Research, research, research.

All input should be scanned PRIOR to transmission, and should be checked to ensure that it is coming from YOUR page, not a crafted page or program. Upon receiving data, you should check it again, with PHP code, and the input as a chunk of BLOB or BITWISE data, not as a string.

NEVER use GET requests to send data, always use POST or use JAVACOOKIES for confirmation. (2% of the world has cookies blocked, 2% of the world has javascript blocked, they are both standards now. Just as the new "Standard", is "Automatic" for cars. Since they have depreciated 50% of HTML, and migrated to CSS/JAVASCRIPT and XHTML. Though XHTML is still more of a programmers love, and a users nightmare.)

Hope that you get your programming skills worked-out. Hate to see you loose another site. (Stay away from "Novelty Code". That is "Half Code", made only to show you how something CAN be done. It is never "Complete Code", which has checking and security in mind... They remove that stuff, to simplify it for demonstration.)

Thread: shell scripts!

LinkBack

Thread Tools

Display

shell scripts!

Posting Permissions