On Wed, Oct 2, 2013 at 8:04 PM, Alister <alister.w...@ntlworld.com> wrote: > On Wed, 02 Oct 2013 16:41:40 +0300, Νίκος wrote: > >> Στις 2/10/2013 4:25 μμ, ο/η Steven D'Aprano έγραψε: >>> On Wed, 02 Oct 2013 15:20:00 +0300, Νίκος wrote: >>> >>>> Is it possible for someone that knows the MYSQL password of a server >>>> to run arbitrary code on a linux server? >>> >>> Yes, it is possible. >> >> Is that what might have happened and someone managed to upload the .html >> file in '~/home/nikos/www/' ? >> >> Can you think of any other way? > > > There are many other ways (i am not a hacker so i would not know whre to > start) > Against my better judgement I am going to give some advise (more to > protect your customers than you) > > 1) tie down access to your server, nothing should be accessable from the > internet unless absolutly necessary. > certainly your database should not be accessible and this should be > blocked in multiple ways (protection in depth) > > you should close down any un-necessary services. > shut your firewall to all trafffix except http & https (ports 80 ,443) > unless absolutely necessary. > set your database accounts to only allow log in from localhost & and any > explicit IP addresses that must have access > > & please google for further advise on server security & post questions in > a suitable forum (not here) > > as many have said, security is not our area of expertise & this is the > wrong place to ask. > > when correctly secured knowing your username & password should not be > enough to allow access to your server.
Thank you Alister for ansering the needs of needy persons. I am also needy. Please be kind to me as well: There is poverty and injustice in the world. Why?? I NEED to know People suffer and die. How come? I MUST know And there are morons... Why?? PLEASE TELL -- Ravi -- https://mail.python.org/mailman/listinfo/python-list
