Page 3 of 3 FirstFirst 123
Results 31 to 34 of 34

Thread: magic

  1. #31
    Join Date
    Feb 2013
    Posts
    259
    Satfix Buxs
    881
    Thanks
    219
    Thanked 307x in 163 Posts

    Default

    Quote Originally Posted by sodusme View Post
    Yeah I've always wondered why the need for all the other information? That struck me as odd from day one. I agree there is no need for it.
    they'll tell you it's so they can trouble shoot problems and monitor for account sharing and crap like that, but there are alternative ways to monitor or filter for things like that ...

  2. #32
    Join Date
    Oct 2012
    Location
    ROAMING satfix parking lot
    Posts
    279
    Satfix Buxs
    -3,314
    Thanks
    127
    Thanked 204x in 117 Posts

    Default

    Hackers can get a list of users in /var/cpanel/users/ using
    CAT command in a PHP script.

    After they can change all pages INDEX of all sites using a simple
    PERL script.

    The other method used by hackers is running the FIND command to find all index pages in home partition.

    To have better security, I would consider enabling SuPHP (and using this for the PHP handler instead of DSO). To make SuPHP available you would need to run EasyApache again and select SuPHP in the build options, then you could use WHM to switch from DSO to SuPHP.

    Without SuPHP, PHP scripts that are exploited will run malicious scripts as the Apache user/group "nobody" and this includes the potential for Perl scripts to be executed.

    With SuPHP, PHP scripts run as the user that owns the Virtual Host serving the request, so that if the user's PHP scripts are exploited and a malicious script attempts to run, it can only run as the regular user and not as the shared Apache user/group nobody, decreasing the potential for widespread damage.

  3. #33
    Join Date
    Oct 2009
    Location
    Lost
    Posts
    10,558
    Satfix Buxs
    823,642
    Thanks
    4,699
    Thanked 4,000x in 1,596 Posts
    Items Some beer
Gift received at 07-14-2013, 03:14 AM from nobody
Message: Thanks for everything ;D ;D ;D 

Have one on me ........A Beer
Gift received at 03-27-2013, 03:21 PM from thebeav
Message: :)Mexico
Gift received at 12-15-2012, 10:25 AM from ICEMAN
Message: Merry chritmas amigoYogurt
Gift received at 09-29-2012, 11:31 PM from clarkBENTDevil

    Default

    Not hard to do . Only allow 8 charachter alphanumeric paswords where at least half the charachters are letters and secure DB access to a limited few. Corporate servers do it all the time.
    But we have to be realistic a lot of these operators are amateurs when it comes to security
    Where there is a will there is a way.

  4. The Following User Says Thank You to JCO For This Useful Post:


  5. #34
    Join Date
    Oct 2012
    Location
    ROAMING satfix parking lot
    Posts
    279
    Satfix Buxs
    -3,314
    Thanks
    127
    Thanked 204x in 117 Posts

    Default

    Where there is a will there is a way. LMAO amen Bro

Page 3 of 3 FirstFirst 123

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •