[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] PHP and Plusnet

To: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Subject: Re: [Sheflug] PHP and Plusnet
From: Marcus Hanwell <linux [at] xxxxxxxxx>
Date: Tue, 11 Nov 2003 18:55:12 +0000
Delivered-to: shef-lug [at] list.sheflug.org.uk
List-help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-id: Sheflug <shef-lug.list.sheflug.org.uk>
List-post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Organization: Cryos Net Consultancy
Reply-to: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx

On Tue, 2003-11-11 at 18:17, Ashe wrote:
> I found out something interesting about the cgi webspace servers that plusnet 
> uses to allow its customers to have php access. It seems that the way it's 
> configured means that all users on the system are in the same group, the 
> upshot of this is that its perfectly possible to go into another users 
> webspace, and grab any sql server password/other interesting hidden goodies. 
> Now, maybe I'm naive, and they quite possibly have good reasons to set it up 
> the way it is, but I think thats a dreadful bit of system configuration.
> 
> Any ideas why they'd pull a stunt like that? Anybody heard of any other ISP's 
> using a similar setup?

I was with Plus Net for a short while and it seems that they employ
fairly brain dead tech support guys/sysadmins too. They managed to
destroy any routing using my account for 5 days when they tried to give
me a 4 IP (2 useable) subnet!

They really don't appear to know what is going on, I have dealt with
them professionally in the past and we decided not to use them due to an
apparent lack of technical expertise. I have never looked back after
leaving them - may be someone should buy them a Linux security guide
style book to help them out a little ;)

___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.

Follow-Ups:
- [Sheflug] Guide to setting up DNS server
  - From: Chris Johnson

References:
- [Sheflug] PHP and Plusnet
  - From: Ashe

Prev by Date: Re: [Sheflug] Re: PHP and Plusnet
Next by Date: Re: [Sheflug] Dedicated Server Setup
Previous by thread: Re: [Sheflug] Re: PHP and Plusnet
Next by thread: [Sheflug] Guide to setting up DNS server
Index(es):
- Date
- Thread