hackable?

Xanthouos · Post by **Xanthouos** » Thu Feb 08, 2007 1:46 pm

What are the chances of s9y being hacked into? ...and through s9y getting root of a server?
On vps of a colleague, where I had s9y installed for one of his sites, someone got in and messed things up. So he's wondering about the chances of it happening through s9y.

Post by **garvinhicking** » Thu Feb 08, 2007 2:43 pm

Hi!

The chances of getting through s9y to the root of the server are very slight. You would need a apache privilege escalation hack, which would then work through PHP itself onto the server. This is largely s9y unaffected and could be caused by any PHP script.

What s9y version where the person running? Often it is a likely scneario that if one is able to guess/hack the password of a person he not only gets access to a blog but also to FTP or SSH...

Best regards,
Garvin

judebert · Post by **judebert** » Thu Feb 08, 2007 7:49 pm

Although that's usually because everybody uses the same password for the majority of their accounts, so if you can guess/hack their s9y password, their other passwords are the same.

Just a clarification. Social engineering is insidious.

Xanthouos · Post by **Xanthouos** » Sat Feb 10, 2007 4:03 pm

Sorry about the delay in answering...was waiting for him to restore the back-up so I could see what version. It's: v1.0.1

I personally didn't think s9y had anything to do with it, probably something along the lines of what judebert mentioned...perhaps ftp level....donno.

Anyway, I gave him the link to this thread to put him at ease about s9y.

Rock on Garvin.

hackable?

hackable?

Re: hackable?