Don't leave your websites unprotected

Discussion in 'Off Topic Chat' started by vonnagy, Apr 7, 2004.

  1. vonnagy

    vonnagy have kiwi, will travel...

    Joined:
    Sep 8, 2003
    Messages:
    3,759
    Likes Received:
    25
    Location:
    -36.855339, 174.762384
    Can others edit my Photos:
    Photos NOT OK to edit
    I recently did a search on google and with one simple query i was able to have full access rights into several databases. Its shocking how careless people are with their web database, I was given root access :)mrgreen: - gotta love root access :mrgreen:) simply because folks did take the necessary security precautions:

    If you use phpMyAdmin/pgMyAdmin make sure you ALWAYS set the root password and make sure you use htaccess and at the very very very very very very very minimum use the robots.txt to only allow search engines to crawl selected areas of your site.

    Keep in mind I have NO HACKER skills whatsoever. All I need is a search engine and a little knowledge and I can create havoc. I was polite enough to email these folks warning them of the security hole, but some other folks won't be so kind.

    Be ye warned!
     
  2. oriecat

    oriecat work in progress

    Joined:
    Jul 7, 2003
    Messages:
    3,118
    Likes Received:
    19
    Location:
    Portland OR USA
    It wasn't me, was it? :shock: I don't claim to know what I'm doing...
     
  3. vonnagy

    vonnagy have kiwi, will travel...

    Joined:
    Sep 8, 2003
    Messages:
    3,759
    Likes Received:
    25
    Location:
    -36.855339, 174.762384
    Can others edit my Photos:
    Photos NOT OK to edit
    don't worry orie, it would be your hosting service who is resposible for making sure all that is secure.. thats why you should know you host well before you sign up.

    5 sites that i found where educational institutes, the others looked like one man bands who had a dedicated server with phpMyAdmin. None of them looked like they hosted for a living, so that at least is a good sign.
     
  4. tr0gd0o0r

    tr0gd0o0r TPF Noob!

    Joined:
    Jun 29, 2003
    Messages:
    942
    Likes Received:
    4
    Location:
    Shreveport, Louisiana
    Can others edit my Photos:
    Photos OK to edit
    man, i've been having some trouble w/ htaccess lately. trying to set up a nice little restricted site. finally switched from basic authentification to digest and all my problems were solved. Until i tried to update the kernel.........
     
  5. Not Neve

    Not Neve TPF Noob!

    Joined:
    Aug 22, 2003
    Messages:
    490
    Likes Received:
    3
    That was nice of you to email them. If they're smart, they'll take your advice and fix the problem.
     

Share This Page