Penetration Testing mailing list archives

how to isolate a virtual hosted website, in order to do a A&P?

From: <dented-halo () hushmail com>
Date: 7 Feb 2003 07:01:22 -0000



a customer has asked me to take a look at his web page and "poke around", 
initial investigation shows that it is hosted on a large web hosting 
companies IP# and is a virtual host off of that IP#.

Obviously hammering that main webhosting companies box would be a no no, 
so how can i focus my security review on that clients specific box?

they are using apache, not IIS.

Any thoughts? 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

how to isolate a virtual hosted website, in order to do a A&P? dented-halo (Feb 10)
- Re: how to isolate a virtual hosted website, in order to do a A&P? Josh Richards (Feb 10)
- RE: how to isolate a virtual hosted website, in order to do a A&P? Pete Herzog (Feb 11)
- <Possible follow-ups>
- RE: how to isolate a virtual hosted website, in order to do a A&P? Martin Walker (Feb 12)