Στις 2/10/2013 6:13 μμ, ο/η Ravi Sahni έγραψε:
On Wed, Oct 2, 2013 at 8:04 PM, Alister <alister.w...@ntlworld.com> wrote:
On Wed, 02 Oct 2013 16:41:40 +0300, Νίκος wrote:
Στις 2/10/2013 4:25 μμ, ο/η Steven D'Aprano έγραψε:
On Wed, 02 Oct 2013 15:20:00 +0300, Νίκος wrote:
Is it possible for someone that knows the MYSQL password of a server
to run arbitrary code on a linux server?
Yes, it is possible.
Is that what might have happened and someone managed to upload the .html
file in '~/home/nikos/www/' ?
Can you think of any other way?
There are many other ways (i am not a hacker so i would not know whre to
start)
Against my better judgement I am going to give some advise (more to
protect your customers than you)
1) tie down access to your server, nothing should be accessable from the
internet unless absolutly necessary.
certainly your database should not be accessible and this should be
blocked in multiple ways (protection in depth)
you should close down any un-necessary services.
shut your firewall to all trafffix except http & https (ports 80 ,443)
unless absolutely necessary.
set your database accounts to only allow log in from localhost & and any
explicit IP addresses that must have access
& please google for further advise on server security & post questions in
a suitable forum (not here)
as many have said, security is not our area of expertise & this is the
wrong place to ask.
when correctly secured knowing your username & password should not be
enough to allow access to your server.
Thank you Alister for ansering the needs of needy persons.
I am also needy. Please be kind to me as well:
There is poverty and injustice in the world. Why?? I NEED to know
People suffer and die. How come? I MUST know
And there are morons... Why?? PLEASE TELL
You are failing trying to mimic me. I have a reason when i ask because i
did explanation for some matter.
As for morons, yes they are lots of them in this world, including you
trying to make fun out of this by impersonating me.
You fail also as acting as a newbie, while you are a regular here.
--
What is now proved was at first only imagined! & WebHost
<http://superhost.gr>
--
https://mail.python.org/mailman/listinfo/python-list
