[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Question regarding script vulnerabilities



I think some of the other responses missed the subtleties of your question.  
Let me see if I can expand it accurately:

We know that malicious scripts are very problematic in shared hosting 
environments, because there are many avenues of attack: control panel attacks, 
symlinks, bad directory permissions, poorly configured/maintained software and 
on and on.

But, in the case of a VPS or dedicated server, most of those worries aren't 
present because there are no other "customers" on the OS, and generally the 
owner of the VPS/dedicated server can configure and manage security and 
software to his/her liking, leaving the "trust worthy" aspect of a datacenter 
to mean that they will not run off with your hard drives, share root passwords 
(if given to the provider), and that sort of thing.

Assuming this is indeed what you meant, my opinion is that there's a 
significantly lower probability that you'll have to content with malicious 
scripts on a dedicated server, but the risk isn't eliminated.  The main 
objective of many attacks on servers these days is to install some sort of 
malicious script.  So, as one of the other responses indicates, there are 
vectors by which attackers may be able to plant them, and so it does make sense 
to pay attention.

- Jerry


On Dec 19, 2012, at 12:25 AM, Rand McRanderson <therandshow@xxxxxxxxx> wrote:

> I was curious, if you have a virtual dedicated server or a dedicated server, 
> and a reasonably trustworthy hosting service, are malicious scripts planted 
> by external people a big concern? If so why?
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/