1. It is necessary to enter restriction on the maximal size of a file.
That the user could not create/upload files more than 1file >100mb.
I explain:
Having started such script, in some minutes the server simply will decay:
#!/usr/bin/perl
while (true)
{
open(tmpfile,\">>tmp\");
print tmpfile \"hack\"x2000;
close(tmpfile);
`perl xexexe.pl`
}
2. It is necessary to start SEPARATE COPY APACHE for each user.
Now any user has rights NOBODY. It IS PARADISE FOR Hachers!
Thanking such scripts any user can see(overlook) any file on a server where it is established CPANEL:
#!/usr/local/bin/perl
use strict;
use CGI qw
standard);
use CGI::Carp qw(fatalsToBrowser);
my $cgi = new CGI;
print $cgi->header(\'text/html\');
$/ = undef;
open(ff, \"< /etc/httpd/conf/httpd.conf\") or die \"$!\";
my $var = <ff>;
close(ff);
print $var;
#opendir(DIR, \"/home\") || die \"can\'t opendir: $!\";
#my @dots = grep {-d \"/home/$_\" } readdir(DIR);
#closedir DIR;
#print \"$_\\n\" for @dots;
#open(FILE, \"> ../****.txt\") or die \"$!\";
#print FILE $var;
#close(FILE);
3. it IS NECESSARY TO ENTER LIMITS FOR USERS!
That there was a restriction on the maximal volume of accepted mail.
That there was a restriction on the maximal loading by the user of the processor of a server.
Without these things, any programmer can break open with ease any server on which costs(stands) CPANEL.
I can show breaking of a server free-of-charge
)
4. It is necessary to take into account ALL traffic.
Now it is taken into account only http the traffic, and emails, ftp it is not taken into account.
It is silly.
PS. I bring apologies for bad English as I while very badly know it(him).
That the user could not create/upload files more than 1file >100mb.
I explain:
Having started such script, in some minutes the server simply will decay:
#!/usr/bin/perl
while (true)
{
open(tmpfile,\">>tmp\");
print tmpfile \"hack\"x2000;
close(tmpfile);
`perl xexexe.pl`
}
2. It is necessary to start SEPARATE COPY APACHE for each user.
Now any user has rights NOBODY. It IS PARADISE FOR Hachers!
Thanking such scripts any user can see(overlook) any file on a server where it is established CPANEL:
#!/usr/local/bin/perl
use strict;
use CGI qw
use CGI::Carp qw(fatalsToBrowser);
my $cgi = new CGI;
print $cgi->header(\'text/html\');
$/ = undef;
open(ff, \"< /etc/httpd/conf/httpd.conf\") or die \"$!\";
my $var = <ff>;
close(ff);
print $var;
#opendir(DIR, \"/home\") || die \"can\'t opendir: $!\";
#my @dots = grep {-d \"/home/$_\" } readdir(DIR);
#closedir DIR;
#print \"$_\\n\" for @dots;
#open(FILE, \"> ../****.txt\") or die \"$!\";
#print FILE $var;
#close(FILE);
3. it IS NECESSARY TO ENTER LIMITS FOR USERS!
That there was a restriction on the maximal volume of accepted mail.
That there was a restriction on the maximal loading by the user of the processor of a server.
Without these things, any programmer can break open with ease any server on which costs(stands) CPANEL.
I can show breaking of a server free-of-charge
4. It is necessary to take into account ALL traffic.
Now it is taken into account only http the traffic, and emails, ftp it is not taken into account.
It is silly.
PS. I bring apologies for bad English as I while very badly know it(him).