Firewall Wizards mailing list archives
RE: Web Stuff
From: "Olsen, Jason" <jolsen () devry com>
Date: Wed, 11 Aug 1999 08:54:50 -0500
This is not necessarily entirely true. While I do wholeheartedly agree with Jason that hackers compromise the server to get to the web page, it's not just the OS you need to worry about securing. The web server software itself needs to be looked over carefully. Point in case: My old job as a webmaster for a local college. The web server of choice was Netscape Enterprise 3.5.1 on a Sun Solaris machine. I'd been hired after the previous web master quit, and promptly went about securing the machine as I saw fit (the previous person was good, but left some serious holes open). It was only after I'd gotten the Solaris side of things locked down that I found a most interesting problem: Netscape Enterprise Server would allow 'remote publishing' through the Netscape 4.x Communicator / 3.x Gold packages (The ones that let you author web pages and then upload them). I don't know for 100% certain if it was configured out of the box to accept remote publishing (read: the option was turned on and it was just waiting for somebody to do it) or if my predecessor set it to that. Either way, I found out all anyone had to do was connect to the server and upload a new index.html, and wallah! The campus web presence would now be whatever that remote person wanted. ANY remote person. Ultimately, it's not just the OS and machine you need to look at, you need to look at the server/apps RUNNING on the machine. If they have these 'usability features' to make things simpler for the computer illiterate (like this 'remote publishing' bit), they can often lead to surprising holes in your security. -Jason 'Feren' Olsen -----Original Message----- From: Jason White [mailto:revdefect () hotmail com] Sent: Tuesday, August 10, 1999 2:40 AM To: CRZYJSTR () aol com; firewall-wizards () nfr net Subject: Re: Web Stuff you dont know how a hacker gets to a web page its kinda simple.In order to hack the web page the hacker needs to hack the server first to gain access to the html directory. once he has gained access to the html dir he can makes changes to whatever he wants so protect the server not the webpage.If your server is secure your web page is too. hope this helped any more question u have my email. *RevHavoK*
From: CRZYJSTR () aol com Reply-To: CRZYJSTR () aol com To: firewall-wizards () nfr net Subject: Web Stuff Date: Sun, 8 Aug 1999 01:59:41 EDT Hey I was wondering what vulnerabilities there would be on a web server running on SunOS 5.6. My friend is running a server, and he was just curious how a hacker just might need to do to hack the webpage... can you please explain how one actually gains access and changes stuff so he can learn different methods to stop them?
_______________________________________________________________ Get Free Email and Do More On The Web. Visit http://www.msn.com
Current thread:
- Web Stuff CRZYJSTR (Aug 09)
- Re: Web Stuff Perry E. Metzger (Aug 10)
- Re: Web Stuff Matt Curtin (Aug 10)
- Re: Web Stuff S. Jonah Pressman (Aug 10)
- Re: Web Stuff George Jones (Aug 10)
- Re: Web Stuff Siglite (Aug 10)
- <Possible follow-ups>
- Re: Web Stuff Jason White (Aug 10)
- RE: Web Stuff Kertesz, Imre (Aug 10)
- RE: Web Stuff Olsen, Jason (Aug 11)