What are the chances of s9y being hacked into? ...and through s9y getting root of a server?
On vps of a colleague, where I had s9y installed for one of his sites, someone got in and messed things up. So he's wondering about the chances of it happening through s9y.
hackable?
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: hackable?
Hi!
The chances of getting through s9y to the root of the server are very slight. You would need a apache privilege escalation hack, which would then work through PHP itself onto the server. This is largely s9y unaffected and could be caused by any PHP script.
What s9y version where the person running? Often it is a likely scneario that if one is able to guess/hack the password of a person he not only gets access to a blog but also to FTP or SSH...
Best regards,
Garvin
The chances of getting through s9y to the root of the server are very slight. You would need a apache privilege escalation hack, which would then work through PHP itself onto the server. This is largely s9y unaffected and could be caused by any PHP script.
What s9y version where the person running? Often it is a likely scneario that if one is able to guess/hack the password of a person he not only gets access to a blog but also to FTP or SSH...
Best regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Sorry about the delay in answering...was waiting for him to restore the back-up so I could see what version. It's: v1.0.1
I personally didn't think s9y had anything to do with it, probably something along the lines of what judebert mentioned...perhaps ftp level....donno.
Anyway, I gave him the link to this thread to put him at ease about s9y.
Rock on Garvin.
I personally didn't think s9y had anything to do with it, probably something along the lines of what judebert mentioned...perhaps ftp level....donno.
Anyway, I gave him the link to this thread to put him at ease about s9y.
Rock on Garvin.