70809

Registered
Aug 15, 2001
3
0
301
1. It is necessary to enter restriction on the maximal size of a file.
That the user could not create/upload files more than 1file >100mb.

I explain:

Having started such script, in some minutes the server simply will decay:


#!/usr/bin/perl
while (true)
{
open(tmpfile,\">>tmp\");
print tmpfile \"hack\"x2000;
close(tmpfile);
`perl xexexe.pl`
}



2. It is necessary to start SEPARATE COPY APACHE for each user.
Now any user has rights NOBODY. It IS PARADISE FOR Hachers! :)

Thanking such scripts any user can see(overlook) any file on a server where it is established CPANEL:

#!/usr/local/bin/perl

use strict;
use CGI qw:)standard);
use CGI::Carp qw(fatalsToBrowser);
my $cgi = new CGI;
print $cgi->header(\'text/html\');
$/ = undef;
open(ff, \"< /etc/httpd/conf/httpd.conf\") or die \"$!\";
my $var = <ff>;
close(ff);
print $var;
#opendir(DIR, \"/home\") || die \"can\'t opendir: $!\";
#my @dots = grep {-d \"/home/$_\" } readdir(DIR);
#closedir DIR;

#print \"$_\\n\" for @dots;

#open(FILE, \"> ../****.txt\") or die \"$!\";
#print FILE $var;
#close(FILE);






3. it IS NECESSARY TO ENTER LIMITS FOR USERS!
That there was a restriction on the maximal volume of accepted mail.
That there was a restriction on the maximal loading by the user of the processor of a server.

Without these things, any programmer can break open with ease any server on which costs(stands) CPANEL.

I can show breaking of a server free-of-charge:))









4. It is necessary to take into account ALL traffic.

Now it is taken into account only http the traffic, and emails, ftp it is not taken into account.

It is silly.







PS. I bring apologies for bad English as I while very badly know it(him).