1. It is necessary to enter restriction on the maximal size of a file.
That the user could not create/upload files more than 1file >100mb.
I explain:
Having started such script, in some minutes the server simply will decay:
#!/usr/bin/perl
while (true)
{
open(tmpfile,\">>tmp\");
print tmpfile \"hack\"x2000;
close(tmpfile);
`perl xexexe.pl`
}
2. It is necessary to start SEPARATE COPY APACHE for each user.
Now any user has rights NOBODY. It IS PARADISE FOR Hachers!
Thanking such scripts any user can see(overlook) any file on a server where it is established CPANEL:
#!/usr/local/bin/perl
use strict;
use CGI qwstandard);
use CGI::Carp qw(fatalsToBrowser);
my $cgi = new CGI;
print $cgi->header(\'text/html\');
$/ = undef;
open(ff, \"< /etc/httpd/conf/httpd.conf\") or die \"$!\";
my $var = <ff>;
close(ff);
print $var;
#opendir(DIR, \"/home\") || die \"can\'t opendir: $!\";
#my @dots = grep {-d \"/home/$_\" } readdir(DIR);
#closedir DIR;
#print \"$_\\n\" for @dots;
#open(FILE, \"> ../****.txt\") or die \"$!\";
#print FILE $var;
#close(FILE);
3. it IS NECESSARY TO ENTER LIMITS FOR USERS!
That there was a restriction on the maximal volume of accepted mail.
That there was a restriction on the maximal loading by the user of the processor of a server.
Without these things, any programmer can break open with ease any server on which costs(stands) CPANEL.
I can show breaking of a server free-of-charge)
4. It is necessary to take into account ALL traffic.
Now it is taken into account only http the traffic, and emails, ftp it is not taken into account.
It is silly.
PS. I bring apologies for bad English as I while very badly know it(him).
That the user could not create/upload files more than 1file >100mb.
I explain:
Having started such script, in some minutes the server simply will decay:
#!/usr/bin/perl
while (true)
{
open(tmpfile,\">>tmp\");
print tmpfile \"hack\"x2000;
close(tmpfile);
`perl xexexe.pl`
}
2. It is necessary to start SEPARATE COPY APACHE for each user.
Now any user has rights NOBODY. It IS PARADISE FOR Hachers!
Thanking such scripts any user can see(overlook) any file on a server where it is established CPANEL:
#!/usr/local/bin/perl
use strict;
use CGI qw
standard); use CGI::Carp qw(fatalsToBrowser);
my $cgi = new CGI;
print $cgi->header(\'text/html\');
$/ = undef;
open(ff, \"< /etc/httpd/conf/httpd.conf\") or die \"$!\";
my $var = <ff>;
close(ff);
print $var;
#opendir(DIR, \"/home\") || die \"can\'t opendir: $!\";
#my @dots = grep {-d \"/home/$_\" } readdir(DIR);
#closedir DIR;
#print \"$_\\n\" for @dots;
#open(FILE, \"> ../****.txt\") or die \"$!\";
#print FILE $var;
#close(FILE);
3. it IS NECESSARY TO ENTER LIMITS FOR USERS!
That there was a restriction on the maximal volume of accepted mail.
That there was a restriction on the maximal loading by the user of the processor of a server.
Without these things, any programmer can break open with ease any server on which costs(stands) CPANEL.
I can show breaking of a server free-of-charge
) 4. It is necessary to take into account ALL traffic.
Now it is taken into account only http the traffic, and emails, ftp it is not taken into account.
It is silly.
PS. I bring apologies for bad English as I while very badly know it(him).
