Full Disclosure mailing list archives
Re: Question regarding script vulnerabilities
From: Jerry Bell <jerry () riskologist com>
Date: Thu, 20 Dec 2012 22:45:26 -0500
I think some of the other responses missed the subtleties of your question. Let me see if I can expand it accurately: We know that malicious scripts are very problematic in shared hosting environments, because there are many avenues of attack: control panel attacks, symlinks, bad directory permissions, poorly configured/maintained software and on and on. But, in the case of a VPS or dedicated server, most of those worries aren't present because there are no other "customers" on the OS, and generally the owner of the VPS/dedicated server can configure and manage security and software to his/her liking, leaving the "trust worthy" aspect of a datacenter to mean that they will not run off with your hard drives, share root passwords (if given to the provider), and that sort of thing. Assuming this is indeed what you meant, my opinion is that there's a significantly lower probability that you'll have to content with malicious scripts on a dedicated server, but the risk isn't eliminated. The main objective of many attacks on servers these days is to install some sort of malicious script. So, as one of the other responses indicates, there are vectors by which attackers may be able to plant them, and so it does make sense to pay attention. - Jerry On Dec 19, 2012, at 12:25 AM, Rand McRanderson <therandshow () gmail com> wrote:
I was curious, if you have a virtual dedicated server or a dedicated server, and a reasonably trustworthy hosting service, are malicious scripts planted by external people a big concern? If so why? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Question regarding script vulnerabilities Rand McRanderson (Dec 20)
- Re: Question regarding script vulnerabilities Philip Whitehouse (Dec 20)
- Re: Question regarding script vulnerabilities Christian Sciberras (Dec 20)
- Re: Question regarding script vulnerabilities Nick FitzGerald (Dec 20)
- Re: Question regarding script vulnerabilities Philip Whitehouse (Dec 20)
- Re: Question regarding script vulnerabilities Jerry Bell (Dec 21)
- Re: Question regarding script vulnerabilities Philip Whitehouse (Dec 20)