New Turkish Hacker Trick.

Post Reply

Page <1 4 567 >

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 30 September 2005 at 10:00am
	There are built in features for users to upload there own avatars and images, but these are disabled by default and you are warned that if you enable them it is a security problem. It's like with many things in computing, you have to decide if you want functionality or security. The best solution is to disable users uploading their own images and if they want to use their own avatars they can link to one of their own web space, this would be the more secure way of doing it.
	Web Wiz Forums Hosting ASP.NET Web Hosting

RAVALON Members Profile Find Members Posts Groupie Joined: 31 December 2003 Location: Italy Status: Offline Points: 132	Post Options Post Reply Quote RAVALON Report Post Thanks(0) Quote Reply Posted: 30 September 2005 at 5:04pm
	ok...i understand.... i'm bad for have to decide to denied avatars upload ...but if is necessary...

Ali Bilgrami Members Profile Find Members Posts Senior Member Joined: 14 April 2005 Location: Pakistan Status: Offline Points: 492	Post Options Post Reply Quote Ali Bilgrami Report Post Thanks(0) Quote Reply Posted: 03 October 2005 at 7:23am
	hi i changed the path for image uploads www.mywebsite.com/somefolder/upload and tried to upload an image and this is what i got Microsoft VBScript runtime error '800a004c' Path not found /forum2/functions/functions_upload.asp, line 80 i changed it to http://www.mywebsite.com/somefolder/upload and it says line 77 and invalid character so does it mean that my service provider has that security of no write permissions to IUSR_ account???

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 03 October 2005 at 7:35am
	The path must be a relative server path, URL's will not work.
	Web Wiz Forums Hosting ASP.NET Web Hosting

Ali Bilgrami Members Profile Find Members Posts Senior Member Joined: 14 April 2005 Location: Pakistan Status: Offline Points: 492	Post Options Post Reply Quote Ali Bilgrami Report Post Thanks(0) Quote Reply Posted: 04 October 2005 at 4:38am
	ive asked my server guyz and they have told me that they do not use this IUSR scheme....so in this context my site and server are safe :) also ive upgraded to 7.92 :)

WebWiz-Bruce Members Profile Find Members Posts Admin Group Web Wiz Developer Joined: 03 September 2001 Location: Bournemouth Status: Offline Points: 9844	Post Options Post Reply Quote WebWiz-Bruce Report Post Thanks(0) Quote Reply Posted: 04 October 2005 at 6:03am
	If they don't use the IUSR scheme then they use some other matching scheme otherwise people would be unable to view your site. What ever scheme they use you need to be sure that they don't allow write permissions on those files and directories viewable through a web browser.
	Web Wiz Forums Hosting ASP.NET Web Hosting

JJLatWebWiz Members Profile Find Members Posts Groupie Joined: 02 March 2005 Location: United States Status: Offline Points: 136	Post Options Post Reply Quote JJLatWebWiz Report Post Thanks(0) Quote Reply Posted: 04 October 2005 at 10:59am
	And you should never assume your site is safe. The best secured sites in the world can be hacked given enough effort. It's very difficult to evaluate the relative security of a site that is one among hundreds hosted on the same machine. If your host recognizes the difference between a server-wide IUSR account and user accounts unique to each virtual domain, then you're probably safer than most of us. But, did the host leave the default "Full Control" rights for the "Everyone" group in the C:\Windows\System32 folder? If so, any user able to view your site can do anything they want to that critical system folder. The list of exploitable mistakes is endless. The most that can said about a host that uses virtual domain hosting best security practices is that WHEN one of the sites on the machine gets hacked, only that site can be hacked and the hacker can not then use that site to hack the machine or other sites on the machine.
	p.s. I'm not affiliated with Web Wiz Guide in any way. I'm just an average Web Wiz user repaying my debt for the use of their fine forum by trying to help other Web Wiz Guide users.

RAVALON Members Profile Find Members Posts Groupie Joined: 31 December 2003 Location: Italy Status: Offline Points: 132	Post Options Post Reply Quote RAVALON Report Post Thanks(0) Quote Reply Posted: 04 October 2005 at 1:51pm
	WebWiz Site where are hosted ? your host take also .IT domain ?

Post Reply	Page <1 4 567 >

Forum Jump

Forum Permissions View Drop Down

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot delete your posts in this forum
You cannot edit your posts in this forum
You cannot create polls in this forum
You cannot vote in polls in this forum

About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.